Back to Cybersecurity Basics – Part 9: Malware Protection
Malware, or malicious software to give it it’s full name is any software that’s sole intention is to cause harm to a computer/network or to use its influence to extract sensitive data or money in the form of cryptocurrency.
To protect yourself from Malware, you must first understand what Malware is and what it is capable of.
There are many different types of Malware each with its own purpose. Below are some examples of the most common forms of Malware.
Adware
Adware, or advertising-supported software is Malware that automatically delivers advertisements. Many advertisers use Adware to solely deliver adverts, however in many cases Adware comes bundled with Spyware. Adware is more irritating than dangerous, however, when coupled with Spyware it becomes more
of an issue.
Spyware
Spyware is a type of software that, as the name suggests, spies on user activity. The software is usually delivered by taking advantage of vulnerabilities in legitimate software or Trojan Horses. Spyware can be developed to perform several tasks including collecting keystrokes and user activity monitoring
to harvest sensitive information like account information, passwords and financial data.
Bot
Bots are software that is solely developed to perform specific tasks. Most of the worlds internet traffic (52%) is bots and there is another split between good and bad bots. Good bots will, amongst other things, refresh your Facebook feed, search the internet for plagiarised work and provide your search
engine with query results. On the other side of the fence are the Bad bots. These are bots that will hijack devices (think IoT) to build an army of device zombies ready to perform devastating DDoS Attacks. As well as hijacking devices, bad bots will also spy on you, post spam messages, click on ads skewing results for online advertisers and download random content and apps.
Ransomware
Probable the most famous of all the Malware family, at least over the last couple of years anyway. The sole purpose of Ransomware is to extract money from the infected organisation (usually in the form of Bitcoin or other Cryptocurrency) by encrypting a computer system and demanding a ransom to release the infected files. The problem is now so common that many organisations will actually hold a certain amount of Cryptocurrency to pay Ransomware gangs.
Sadly, this can cause further issues as organisations that pay-up are added to ‘sucker lists’ which further exasperates the problem.
Rootkit
A rootkit is a type of Malware that remotely accesses and controls a computer system, which it does covertly. Once installed a Rootkit has two main functions, remote command/control and software eavesdropping. Once up and running, Rootkits allow a user to perform several functions including executing files, accessing logs, monitoring user activity and altering a computer’s configuration.
Trojan Horse
Trojan Horses are types of Malware that disguise themselves as legitimate traffic. A Trojan Horse can give users remote access to computers, deliver other forms of Malware such as Spyware or Worms, Monitor User Activity, Keylog, or use the computer as part of a Botnet.
Worm
A Worm is one of the most common forms of Malware and they spread across systems by exploiting OS vulnerabilities. A worm, differs from most other forms of Malware because it is self-replicating whereas other forms of Malware spread via human interaction like opening a file. Worms will nearly always cause some harm to a computer system or network. Sometimes this may only be to slow down the network but Worms can also sometimes contain a payload which can create botnets, alter files, steal data or cause other damage.
Virus
A virus is a self-replicating form of Malware. The first research conducted on the self-replicating computer virus was written as far back as 1949 by John von Neumann and the first virus that was discovered was the Creeper virus in the early 70’s.
In the early days of viruses, they were fairly harmless, and users only developed them to prove that they could, its only as the use of the internet and computers flourished that computer viruses were developed for more sinister purposes.
Viruses spread to other computers by attaching to programs and executing code when a user launches one of these programs. Viruses can be used to perform a wide variety of tasks including many of those spoken about above. According to Symantec
Viruses can be spread through email and text message attachments, Internet file downloads, social media scam links, and even your mobile devices and smartphones can become infected with mobile viruses through shady App downloads.
So now we’ve explained what Malware is (or can be), we’ll turn our attention to what you can do to protect your business from the threat. We will assume from this point that you already have Firewalls and Email & Web Gateway solutions installed.
Malware distributors are devious, and they can infect a computer system in several ways. The most common is via email, however removable media, browsing infected websites, and through web services such as social media chat boxes are some examples of other ways in which Malware can find itself onto a device.
The first, and obvious way to protect the business is to implement an Endpoint Security solution with a strong focus on protecting the business on Known and Unknown (Zero-Day) threats. Many Endpoint security vendors no longer rely on signature detection as a way to detect Malware and a good product will couple signature-based detection with behavioural analysis to combat Zero-Day threats as well as known Malware. Once implemented and configured you must keep your solution up to date and ensure it is rolled out across ALL of your devices, including servers.
Policies and procedures should be put in place to ensure that all data is scanned at the network perimeter, be this at internet gateways, or on machines where removable media devices could potentially be used.
As mentioned previously, browsing infected websites can put your network at risk, so blacklisting known bad websites should be a priority.
Educate your user on what to be aware of.
Cybersecurity is no longer just an IT problem as the consequences of an attack can reach far and wide and have a devastating effect on the business. Education should include ensuring your users take care before clicking on email attachments from unknown sources and educating them on corporate policy, including the use of removable media devices. It’s important to ensure that users are made to feel like they can approach IT without fear of recrimination as the sooner an incident is reported the less damage will be caused and the quicker and easier clean up can take place – see our blog on Incident Response here.
Many a security breach has happened due to security patches (especially OS) not being rolled out regularly. One of the most common ways for a hacker to break into a network is by exploiting vulnerabilities in software and operating systems such as Windows. With regular patches being released, it is extremely important that these are prioritised and rolled out effectively and regularly.