For over 20 years here at RODIN we have been dealing with different types of viruses and malware. From the early type that were just out to do as much damage and delete as much data as possible, to the silent type that sit in the background to monitor your behavior and steal your passwords or bank accounts, through to the more recent type that lock up your data and demand a ransom to unlock your data designed to make money.
But what does it all mean and how do they work? Why is it important to ensure you do not get infected and what can you do to ensure you and your staff are protected? Below we will explore the different types of infections and more importantly the best ways to keep yourself safe online and you may be surprised by what the most important thing you can do is. Viruses, Malware, Worms and Trojans are all things you do not want to have to deal with, but each have different methods for spreading and goals.
Ransom-ware (CryptoLocker, CryptoWall, etc)
The newest kid on the block when it comes to viruses and malware are known as Ransom-ware, which is really an evolved type of Malware. Many of you may have heard of, know someone who has been a victim or even been a victim yourself of the Cryptolocker virus. This virus, and it’s new variants, encrypts your files and demands a ransom to give you the code to get your data back. It was first found in the wild in 2013 and was incredibly successful for it’s creators, with an estimated $30 million of ransom money paid in it’s first 100 days. The way these ransom-ware viruses get in to your PC is primarily via the same methods as ‘malware’ discussed further below, however this info-graphic below will illustrate what Cryptolocker does once it makes its way to your PC. If you would like to see Cryptolocker in action, you can watch it here: https://youtu.be/Gz2kmmsMpMI
Malware (Spyware, Trojan, etc).
Malware, short for malicious software, actually encompasses everything, however the term was more widely used after traditional viruses evolved into new threats. Also refereed to Spyware or Trojan’s, they are generally designed to not be detectable by the user (very different to the Ransom-ware discussed above). They will hide in the background of your computer silently, while it captures sensitive data like the sites you visit, recording keystrokes to capture credit card numbers and passwords, sending all of this information back to it’s creators allowing them to sell this information or using this data to steal money. These infections can also lay dormant, infecting millions of computers waiting for instructions from their creator. These are also known as ‘bots’ and can then be instructed to take part in a DDoS, which is short for a Distributed Denial Of Service Attack that can take down legitimate websites or services (https://en.wikipedia.org/wiki/Denial-of-service_attack).
Malware can spread in many different ways. One method is a Trojan horse style attack, where it is packaged in with something the user thinks is legitimate (it gets its name from the Greek forces that fooled the people of Troy by concealing warriors inside the Trojan Horse which was presented as a gift).
Malware infected machines often also spread by using the infected machines to send SPAM containing specially crafted emails designed to get the user to open an attachment or visit an infected website designed to infect more computers. In some circumstances the user does not even need to download or open anything on that website as vulnerabilities in the browser or operating system can be exposed just by visiting the site. This is why patching your computer with the latest security updates are important.
Take a look at the info-graphic below that explains how malware can infect a machine for more information.
Although viruses today are normally covered under the Malware banner (Malicious Software) A traditional computer virus was designed to copy itself into new files and cause damage, such as breaking programs or deleting data. Original viruses never were intended to make money for their authors or steal data, rather causing as much damage as possible.
We don’t see as many traditional computer viruses today as we did 10 or 20 years ago, as there is no money to be made in it. Today we are seeing malware designed to steal data or hold people ransom for their data.
The most common thing we hear when talking about security is ‘Why would anyone want to hack me?’. As you can see from above, it is not about the individual themselves, it is about taking control of large amounts of personal information or computers, no matter who the end user is. Information is power and the more stolen information a hacker can obtain, the more money they are likely to make from it.
What can I do?
The most important thing you can do is be aware of what you are doing online, be aware that these people work very hard to fool you and your staff, ensure you have systems in place to force security patches to be installed and add as many layers of security as possible to your systems to ensure that users can either not be mislead to clicking something in the first place and in the event they do, you have as much in place as possible to mitigate the problem.
Patch Management systems can ensure that important updates are deployed to your servers and workstations once they are released from vendors and then rebooted in a scheduled and controlled manner to apply these patches. These systems will report on what patches have been applied and if there have been any issues that need manual investigation.
When applying layers of security, there is much more to consider than just anti-virus. As you can see from above, you can be at risk from just visiting a website which you do not know has been infected. Below are some of the layers of security you can implement to ensure your users are safe online:
- Endpoint Protection: Protection on the end users computer checking the files for viruses or malware that are opened by users on both their local PC or remote servers. Newer anti-virus vendors can detect ‘suspicious activity’, which catches potential new threats that are not yet in the anti-virus definition files, but exhibit the same behavior as other viruses.
- Web Protection: Both inside and outside of the corporate network, ensuring users do not go to malicious sites or download certain types of files.
- Email Protection: Even the best SPAM filters in the world can sometimes be bypassed, but you need something filtering and cleaning your emails before it reaches your end users.
- Network Protection: As traditional firewalls stop the bad guys from getting in, next generation firewalls can also stop the bad guys getting out. Should a computer be infected on your network, it cannot call home, which protects it stealing data, getting encryption keys to hold your data at ransom, or re-infection.
- Web Server Protection: If you are running your own web servers, either on premises, in a data center or using public cloud services such as AWS, you can add layers of security in front of these web servers to filter traffic and keep the bad guys out, to ensure your websites do not become a target.
- Backups: It is important to ensure you keep regular secure encrypted backups of your systems and data with offsite copies that cannot be damaged in the event of a disaster, be that natural disaster, theft, or the malware itself attacking your backups.
- Network Permissions: In the event a users system does become infected, in the ransom-ware style attack it will search the network trying to encrypt as much information as possible. If that user has access to the entire network, regardless of whether they actually need it or not, the infection can cause a lot more damage (and downtime) to your business than if the user had limited permissions to only their department for example.
If you are interested in any further information on how you can protect yourself and your staff, we encourage you to call us today on 1300 138 761 or email us at firstname.lastname@example.org