- Spotify “freemium” users were hit with malware this week; they report the malvertising problem has been fixed.
- The incident highlights how incredibly easy it is to get infected.
- It’s a great example of why isolation technology (like ours) eliminates these issues.
Music has become as common in the workplace as the water cooler (or I guess, that’s a hydration station these days). Employees listen to iHeartRadio, Pandora and Spotify and if they are using the free version, they are being shown ads. Ads that are served directly to the desktops inside your network. Bringing the risk right to your corporate doorstep.
Learn more: how Bromium isolates threats.
We heard it through the grapevine.
In an article on BBC.com/technology, they report this isn’t the first time Spotify has had this problem; “a similar issue affected the software in 2011.” Based on our research in 2015, our threat sensors found over a quarter of the Alexa 1000 websites were delivering malware via malicious advertisements. This is something that enterprises need to think about, as users see their desktops as personal devices. Threats like these will always find their way into the corporate network. Unless you completely lock down user’s desktops, which isn’t practical, you will always experience user-introduced vulnerabilities.
You can’t always get what you want.
Instead of trying to change human behavior, companies should accept that users are always going to be the weakest link in the security chain. The trick is to contain the threat, so the enterprise isn’t placed at risk. The only way to do this is to shrink the attack surface by isolating the endpoint so doing things like clicking on links or downloading documents is contained. Then, even if that action introduces malware, it can’t go beyond that point.
Let it be.
That’s where Bromium changes the way security works. With our endpoint isolation we trap the malware and let it run. We use a combination of our patented hardware-enforced containerization and a distributed machine learning Sensor Network to protect across all major threat vectors and attack types. Unlike traditional security technologies, such as antivirus or sandboxing, which rely on ineffective detection techniques, Bromium automatically learns and adapts to new attacks, instantly sharing the threat intel, and isolates malware to eliminate the impact. We’re cost-effective too.
We have no sympathy for the devil. We wish you were here.