The Trojan Horse story is well-known, with the old saying – beware of Greeks bearing gifts. Trojan computer viruses take their name from the hollow wooden horse that the Greeks hid inside of during the Trojan War. According to the legend, The Trojans, thinking the horse was a gift, dragged the horse inside the city walls allowing the city to be captured by the Greeks.
Similarly to how the Greeks disguised themselves in a horse, a Trojan horse is malware that downloads onto your computer disguised as a legitimate file. Unfortunately, a Trojan computer virus can be disguised as almost anything that gets your attention; cybercriminals know a file called virus.exe won’t fool anyone. Trojans are often attached to a legitimate-looking email or social engineering tactics in banner advertisements and links on a website.
Once the executable (.exe) file is downloaded, the Trojan server will install and automatically run every time the device (even smartphones and tablets) is turned on. The worst part about Trojans is they can reside undetected for days or even months – likely until the receiver visits a specific website or banking app where the attacker can carry out their desired action.
The malicious code or software is intended to inflict damage on corporate systems and steal confidential data. However, they all are designed uniquely depending on their actions and different attack methods.
Well-known examples of Trojans include Zeus and Emotet, both widely used to target financial services in cases of financial information theft, such as bank logins and cryptocurrencies. Zeus trojan is primarily designed to target devices that run on the Windows operating system. Since its creation, the malware has breached millions of computers; it was also responsible for the breach of large organisations such as Amazon, Bank of America and NASA.
Emotet was once used as a banking trojan; in 2019, it was responsible for a breach much closer to home, with 19 organisations across Victorian hospitals and health services being hit by Emotet malware. Even though Trojan threats are breaching thousands of devices every day, it’s not impossible to keep yourself and your business protected.
How do you safeguard against Trojans?
Put simply, a Trojan virus can’t infect your device unless you let them in. Therefore, staying protected requires your action - It’s important always to stay alert, be careful and don’t take any chances. Here are our top mitigation strategies:
- Watch out for suspicious websites and emails, if you’re not sure what you’re doing – don’t click.
- Don’t just shut down your computer, click shut down and update! Always apply security patches promptly and use the latest supported versions of operating systems, software and anti-viruses
- Protect your accounts with unique and complex passwords, using a combination of letters, numbers and symbols and implementing multi-factor authentication (MFA).
Business-wide, it's important to ensure wireless networks, as well as all drives, folders and files, are encrypted, a firewall is in place, and administrative rights are set up so only the select few can install programs on company hardware.
The best way to minimise operational damage and data loss from an IT disaster is to use a recovery solution service — such as DRaaS — that duplicates your entire IT environment and stores it offsite for quick restoration in the event of a malicious breach. To find out if your business is disaster-ready, or if you need DRaaS, contact one of our infrastructure and security experts.
If you liked this article, you may also like:
Ready for disaster: understanding natural and physical disasters in IT security threats (part 2 of 3)
Why many IT teams struggle with disaster planning
5 Defining Features of Effective IT Leaders