06 Jul Risky Business – What you need to know about malware
Malware is more prevalent than ever and is one of the biggest threads to businesses currently. Certainly you would have heard of ransomware after the recent WannaCry attacks in Europe on the NHS and other users, affecting over 400,000 machines according to security firm Barkly Locally, even the Cadbury factory has been affected by the new malware Petya.
Ransomware malware is among the most worrisome as its spread can not only cost the victim their business uptime, but also actual money as it holds the victim’s data to ransom. If the demand isn’t met, the data may be lost forever if no backups have been made, leading to further loss of time and resources, and even putting the company at risk of not meeting their due diligence or causing loss of life and property depending on their business.
Malware’s Purpose
Malware author’s purpose in writing their malware has changed over years, with it originally being to generate fame among the hacker community; over the years, malware authors started to use their software to make money or even sell their malicious software to others to for their own money-making purposes. The 3 main purposes of malware in recent times has been to steal bandwidth and resources, identity theft and espionage, and to directly make money with their software.
- Stealing resources – Botnets use a PCs computing resources and bandwidth to send spam or participate in a Distributed Denial of Service attack. By using other people’s resources, the attacker saves their own costs and is less traceable and harder to shut down.
- Identity, data, and money theft – if appropriate malware is ever installed on a victim’s PC, it could record all the user’s keystrokes (including usernames and passwords), sites visited, data transferred, even steal browsing sessions.
- Directly make money – recently, ransomware is the main way malware authors directly make from their victims by holding their data to ransom, demanding payment before data is released.
How ransomware works
Malware can be installed on a victim’s PC or infrastructure in a number of ways. One way is by exploiting vulnerabilities in legitimate software such as documents or media files to cause them to execute code instead of reading data files. This is why it’s recommended to never open attachments from unknown users and to be careful even it does purport to come from someone you know (because the address book could be hijacked too). Keeping your system and all software installed up to date also helps to mitigate this risk.
Malware may also be attached to some seemingly innocent programs and files, such as games, screensavers, or installation media for common tools.
In recent years, malware is spread via infected USB stick deliberately planted by attackers, such as in the case of Stuxnet (the high profile malware affecting Iranian nuclear reactors) and possibly even the Victorian Government speed cameras that may have been infected via a compromised USB stick according to itNews.
Once installed, some malware may also attempt to exploit vulnerabilities in the operating system to gain further privileges to hide itself or access data or other machines on the network.
What happens to you
Malware holds your data to ransom is by encrypting it using high grade encryption. The actual encryption process usually takes place while the system is running and some such as Crypto Locker even try to encrypt network drives. More recent ransomware are such as Petya and its variants starting to modify the boot process and encrypt the PC after a delayed reboot. This is concerning because it looks like a legitimate Windows repair process, but in a sense also improves the chances at recovery since the machine can be immediately powered down if this process is noticed, leaving the files hopefully unencrypted and recoverable from the hard disk directly
How to protect yourself
The key ways to protect yourself and your business against malware attacks include:
- Keep your systems patched and updated – this will help prevent malware being installed or spreading. Keeping Adobe Reader and Microsoft Office applications up will reduce the chances of security issues in these frequently used tools.
- Keep your data backed up (preferably to multiple sources in different places)
- Install anti-virus software as appropriate to your organisation – home or enterprise versions have different feature sets
- Use a firewall and enterprise security software, configure it appropriately to prevent access to known bad sites email spam.
- Train your staff and be vigilant – make sure your staff understand the risks surrounding suspicious emails, attachments, and links, while also making sure all internal policy is up to date and secure.
Popular brands of anti-virus include:
Isolating various business functions on different systems with their own security can help to reduce the impact of an attack since not all business functions would be compromised at the same time. For instance, keeping email in the cloud or a dedicated server means that if a local machine is lost, at least email access can be restored. Also keeping client data separate from local machines helps to ensure that not all data is lost and proper functionality can be recovered.
Need help developing a layered protection approach? Contact CT4 here and ask for Malware protection and security services assistance.