Following research by Malwarebytes Labs,’ which has revealed that a new malware has been concealed as “cheat tools” and has the ability to steal Fortnite gamers’ Bitcoins and personal data, Terry Ray, CTO at Imperva, discusses the additional threat to business and how organisations can defend against it:
Malware most easily targets your internal users – employees, contractors, business partners etc. These users access websites and e-mails from work or go home and access systems or e-mails that infect their systems. Organisations should always be vigilant to the threat from infected hosts as these compromised systems, once inside the corporate network, often have significant access to corporate resources as a trusted user. This particular malware doesn’t appear, based on the information in the article, to present a direct threat to organisational systems. However, variants of malware appear frequently which could quickly alter the attack strategy, or the information being stolen.
Anti-malware and employee education are the most common first techniques, but many security conscious organizations recognize the limits of anti-malware and know people are human and fallible, so they compensate for these limitations by adding controls around their most critical assets, typically starting with their data in databases and file servers. These companies will utilise database and file security solutions that monitor access and protect these assets from unusual activity.
Organizations would need to prevent access to Fornite not only from corporate assets, but also from any device that connects to the corporate networks, including employee, contractors and partner mobile devices, tablet devices and personal systems. Some companies do this, but most don’t. More importantly, Fortnite is one of many, many targets for malware distribution. To execute the banning route, you don’t ban an app, like Fortnite, you have to ban the potentially infected devices.