I’m almost certain that you will have come across some sort of virus or malware during your time using computers. Maybe you just got some annoying pop ups during your web browsing or maybe you were hit with one of the strains of crypto viruses. It can be helpful to know what sort of threats are out there so you can be better educated to protect your business against these threats.
First off, what is Malware?
Software that is intended to facilitate unauthorised access to computer systems, steal private information from computer systems, interfere with the operation of the computer system or even display advertising to the end user. Viruses are software programs that are designed to spread from one computer to another to interfere with computer operation. Much like a traditional biological virus.
The names have got blurred because, by definition, viruses are a type of malware (as they disrupt the infected system). Malware that has the ability to self-propagate in the wild like a virus is likely to be more effective.
Software the facilities that unwanted delivery of advertisements on to the end user’s computer. This software is often bundled in with legitimate software packages. To keep it above board they will often give you the option to install the software as a part of installing the actual program you wanted, helpfully ‘pre-ticking’ this option box and people rarely reading the software install screens.
Software that tracks the users activity and reports back to a remote server. The program can track and log keystrokes the user makes so they can steal usernames and passwords as well as web browsing history. Some will even make use of the webcam to take photos of the user whilst they use the computer!
Rootkits and bot net type software is installed with the sole purpose of controlling the computer remotely. The software allows the person in control to modify the system in anyway including installing, modifying and removing software through to controlling the computer to be part of a network of computers which can be used for Distributed Denial of Service (DDoS) attacks; these attacks use lots of compromised end points and their internet connection to hammer a web service in an attempt to take the website offline through too many requests.
The most recent, and most disruptive strain of malware that has really come to the forefront in the last few years. The software runs an encryption process on every computer and network resource it can reach. Once the users/servers files are encrypted a warning pop up will be shown requesting a ransom to be paid (typically with bitcoins an anonymous cyber currency) in order to decrypt the files and make them usable again. Most victims do not have suitable backups and have the hard choice of losing their files or paying a ransom that might not even lead to a successful recovery.
Trojan Horse: Made famous in ancient Rome. Malicious code hidden within a seemingly harmless program that the end user would happily install.
Virus: Small software programs that, like a biological virus, aim to spread themselves and propagate through email systems and removable media (USB sticks etc)
Worm: Software that replicates itself, typically on a network by utilising computer vulnerabilities.
Prevention and Cure:
Firstly, prevention is better than cure!
Designing the infrastructure and work flows around security were once the preserve of high profile companies at risk of hacking but now every company should consider taking precautionary actions. The Government even offer a certification scheme called ‘Cyber Essentials’ which, in the first instance, is a self-certified program to ensure your business is resilient against basic cyber threats.
Let’s look at some of the key issues that can be addressed to harden the business against cyber threats
Poor infrastructure design/configuration and working practices
An example of this could be a firewall that hasn’t been configured correctly to block certain types of traffic.
‘Over Privileged Users’ on a network can expose the estate to unnecessary risks. User accounts should have the lowest set of access rights needed for them to perform their role.
Security holes in the software/hardware (defects in the software or even over privileged users)
Software vendors are always releasing updates and patches for software, Microsoft even have a set day (Patch Tuesday!) to regularly issue updates.
These patches and updates should be installed regularly to ensure vulnerabilities that are discovered are addressed promptly.
Perimeter and internal protection
Antivirus and malware protection on the computers is essential, but can be rendered useless unless it is regularly updated. We offer a managed Antivirus solution to our clients that means we ensure updates are always received and applied; we are acutely aware of the importance of this so recommend this as a service.
Our preferred Firewall provider is WatchGuard; we always suggest that clients consider the ‘Unified Threat Management’ add on to the firewalls which will offer realtime threat detection and protection as data enters and leaves the perimeter of the network through virus scanning, spam blocking, Intrusion prevention, spyware prevention and even URL filtering to protect against users using unsafe websites.