A Trojan is a type of malware that uses deception to trick unsuspecting users into downloading malicious computer programs or attachments.
And unfortunately, the use (and strength) of such vicious programs has only increased over the past few years.
Malware and phishing attacks
Malware (or malicious software) is a general term for intrusive software that exploits or infects a system. It can come in many forms, ranging from viruses, adware, spyware, ransomware, and of course Trojans.
RELATED: The Costs of Ransomware Attacks
Malware is typically relayed to victims through phishing emails, sent en masse or to targeted individuals through spear phishing. Threat actors sometimes use social engineering to convince someone to download or load software, programs, or apps, thereby executing the malware.
In fact, phishing remains the most common way that malware infects a system because of what is known as the human factor (i.e., human error).
Verizon’s 2020 Data Breach Investigations Report lists phishing as an alarming problem for all organizations. Unfortunately, Americans lost $57 million to phishing attacks last year; this number seems to be increasing for 2020.
Types of Trojans
A Trojan often shows up in a phishing email disguised as legitimate software. And once in, a Trojan lets cyberattackers spy, steal, and gain access to data (i.e. PHI).
Trojans and viruses are generally treated as interchangeable but are not the same thing. A virus is malware that attaches itself to an email to infiltrate and infect a computer. And while a virus can spread, a Trojan is unable to self-replicate.
IT specialists classify Trojans based on the type of actions they perform when executed:
- Trojan-DDoS (Denial of Service)
The list goes on. Generally, Trojans are simple to create and easily spread through trickery; a single Trojan can fit into more than one category.
The well-known, damaging Trojan Emotet, first reported in 2014, is both a downloader and a banking Trojan. It started in the banking industry and currently has its sight set on pharmaceutical businesses.
Email cybersecurity needs
It is important for CEs, when creating a robust cybersecurity program, to identify possible security risks or face a HIPAA violation. And as email is the most utilized threat vector, organizations should focus part of their cybersecurity plan on employee awareness training along with strong email security (i.e. HIPAA compliant email).
Training must be continuous, up-to-date, and constantly tested. New cyber problems emerge daily, which is why employees need to be able to recognize and block malicious emails.
And email security must include measures that further protect against harmful inbound email. Paubox Email Suite Plus includes two key features that mitigate such email risks: inbound security that block phishing emails and ExecProtect that protects against display name spoofing.
Phishing attacks and the malware they transmit, such as Trojans, are an unfortunate risk of the digital world. But with the correct tools, electronic communications can be utilized safely, including by CEs within the healthcare industry.