A Trojan (Trojan Horse) is a type of malware which is disguised to resemble a harmless file or piece of software.
How do Trojans spread?
Trojans are most often delivered through a socially engineered phishing attack that has infected files attached. Users could also unwittingly acquire a Trojan by downloading material from unsafe websites or app stores.
A Trojan cannot move itself through a system, but can grant access for an attacker to launch a further attack.
What is the risk to my organisation?
Trojans can cause damage in a variety of ways:
- Grant remote access allowing the attacker to actively take control of a device
- Steal data
- Download further malware onto an infected machine
- Create a Backdoor to grant additional access to the attacker
Once an attacker has remote access, they can launch further attacks including data exfiltration, infecting other machines, and targeting your contacts or clients.
How can I protect my organisation?
- It is important that all staff are aware of, and trained on, social engineering attacks and how to avoid them in order to prevent an attacker gaining initial entry.
- Staff should also be aware of unsafe websites, and controls put in place to prevent unapproved downloads.
- Ensure that anti-malware software is installed and well configured.
- Make sure all software is updated regularly to keep on top of vital security patches.