What is the Difference Between Malware, Ransomware and a Virus?

Cyber Attack, Cyber Security, email security, Hackers, Hacking, malicious code, Ophtek, Ransomware, Security, Security Threats, , , , ,
26
Mar 2019

The terminology used to describe various hacks and security threats usually includes the terms malware, ransomware and virus, but what exactly are these?

It can get a little confusing when discussing the various security concerns that are floating around and this confusion can lead to a lapse in security. After all, if you’re reading about malware, but don’t know exactly what it is you’re reading about, then you’re going to be unable to act against it. And that’s why we’re going to take the time today to explore each particular category in a little more detail.

What is Malware?

Malware is very much an all-encompassing term for any form of malicious software, so this can include ransomware and viruses. However, we’re going to cover those two categories in depth later, so for now we’ll look at some other types of malware:

  • Spyware: Installed on a user’s PC without their knowledge, spyware is software that can be used to track user activity and then transmit this to a remote server e.g. keystrokes can be recorded to determine and steal login details.
  • Bots: Capable of bringing entire networks to a halt, bots are a particularly troubling form of malware that can easily harness the power of an infected PC to carry out spam email campaigns or DDoS attacks.
  • Rootkits: Highly conspicuous and deceptive, rootkits allow hackers to take control of infected PCs from a remote location. Usually installed at a root level, hence the name, rootkits provide privileged access to the victim’s PC.

What is a Virus?

Much like the common cold, a computer virus is an infection which can spread quickly and effectively. Exposure to a computer virus usually occurs when the PC encounters an infected website or file. Following this exposure, the virus is downloaded to the PC and executed. And this can generate the following results:

  • The PC startup process can become corrupted and leave users unable to log on to their workstation.
  • Performance levels can suddenly drop as your PCs processing power is handed over to the virus’ tasks.
  • PCs can find themselves spammed by numerous popup adverts which, if they’re particularly virulent, can soon crash the computer or slow it down significantly.

What is Ransomware?

Ransomware has grabbed countless headlines over the last few years and it remains a pressing concern for any business. Most commonly spread through phishing emails, ransomware’s main objective is to extort a ransom in exchange for the release of files it has encrypted.

Once the ransom has been paid then the hackers should, in theory, supply a key to decrypt the files. However, it’s becoming increasingly common for hackers to take the ransom, which is usually demanded in untraceable cryptocurrency, and leave the compromised files encrypted.

Final Thoughts

Whether you find your PCs affected by malware, a virus or ransomware, it’s clear that they spell danger for your organization. It may sound a little clichéd, but when it comes to malicious software then prevention is the best cure. And one of the best ways to prevent your PCs from falling foul of infection is by educating yourself on exactly what you’re up against.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Cybersecurity in 2018: A Review

cyber attacks, Cyber Security, Security, Security Threats, , , ,
08
Jan 2019

2018, just like 2017 before it, was a year packed full of cyber-security threats that our network defenses constantly tried to keep at bay.

However, the sheer number of attacks that were launched throughout 2018 meant that it was inevitable that breaches would take place. Perhaps your organization was one of the lucky ones, perhaps you were just too late to get on board with good security practices and found yourself hacked. Either way, it’s almost certain that you encountered at least one form of hacking during the year. And, hopefully, your organization managed to, at the very least, learn from the situation and improve your defenses.

With 2018 coming to a close, I decided it was a good time to take a look back over the major threats we experienced to see what we could learn and how we can prepare for 2019.

Ransomware

2017 is known by many security insiders as ‘The Year of Ransomware’ as it appeared to be in the headlines constantly. However, in 2018 there was a sharp drop in ransomware activity. By the end of Q2 2018, Malwarebytes reported that ransomware had fallen out of favor with hackers and was now only ranked as the sixth most popular form of malware. It’s suspected that this drop in activity can be put down to a rise in user awareness of ransomware scams and, perhaps most importantly, the fact that organizations rarely paid any ransom fees. The threat of ransomware, of course, still remains albeit much reduced and vigilance remains key to avoid disruption.

Cryptomining

One of the main reasons for ransomware’s fall in popularity during 2018 is down to the increase in popularity of cryptomining malware. Kaspersky revealed that while ransomware infections have dropped by 30%, cryptomining infections rose by 44.5% over the same 12 month period. And this change in fortunes shouldn’t come as a big surprise. All ransomware guarantees is that a ransom demand will be issued, no incoming funds are guaranteed as organizations often refuse to pay due to having backups. With cryptomining, however, once the infection is in place, the hackers can begin to reap small financial benefits fairly soon.

Phishing Emails

Despite the crude appearance and execution of phishing emails, they remain one of the most deceptive threats out there to organizations. Capable of extracting highly sensitive data, phishing emails have continued to enjoy popularity with scammers and hackers. Data from Kaspersky demonstrates that the proportion of spam in email traffic reached 53.49% in September 2018 – up from 47.7% in April 2018. And, through Kaspersky’s defenses alone, just over 137 million attempts to direct users to scam websites were carried out through phishing methods.

Preparing for 2019

There’s never time to rest on your laurels in cyber-security and the data above clearly underlines this fact. While the recent horror stories of ransomware may, to a degree, be muted, this method of hacking has very quickly been replaced with the more discreet techniques of cryptomining. And this is all without mentioning the gargantuan risk posed from phishing emails which remain as popular as ever. Going into 2019, it’s crucial that your organization is aware of the signs, symptoms and ramifications of all the major hacking techniques they may encounter while at work. Only then will you stand your best chance of being protected.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Ohio Hospital Disrupted by Ransomware Attack

Ransomware, Security, Security Threats, Training, , ,
25
Dec 2018

Hospitals deliver a crucial service where productivity is key and any downtime can be disastrous. So, what happens when they’re struck by ransomware?

Healthcare providers are no strangers to ransomware as last year’s WannaCry attack demonstrated, so it would be safe to assume that hospitals are more vigilant than ever. And they are, but human error will always remain a factor and accidents can happen. A case in point is the East Ohio Regional Hospital (EORH) and the associated Ohio Valley Medical Center (OVMC) who have both suffered ransomware disasters in recent weeks.

While your organization may not be based in the healthcare section, hackers tend not to discriminate against their victims too closely and you could easily be next. Therefore, we’re going to take a look at what happened with EORH and the lessons that can be learned.

Emergency Room Chaos

The exact details behind the EORH ransomware attack have not been revealed as of yet, but a hospital spokesman has confirmed that their first line of security was considered redundant. This could indicate unpatched software or even poor staff training as the root cause of the attack, but this is purely speculation. Thankfully, the second line of defense employed by the hospital managed to stop the attack in its tracks and no data was breached, so there was no need to pay any ransom.

However, the impact of this ransomware attack led to a massive drop in productivity for the EORH. Computer networks had to be put into an immediate state of shutdown in order to protect any vulnerable data and, in many cases, staff had to move to charting patient data on paper. With split seconds being of significant importance in healthcare, this attack represented a major bump in the road for the EORH. Neither the EORH or OVMC were able to accept ER patients from emergency responders and these patients had to be redirected to other hospitals.

Combating Ransomware

The EORH were exceptionally lucky that their data remained safe and secure following the ransomware attack, but the downtime they experienced was a major disaster. And this is why all organizations need to be vigilant against such attacks. Downtime is never an option for an organization that wants to serve its clients, so make sure you follow these best practices:

  • Complete Regular Backups – No business can claim to be 100% immune from ransomware, but all businesses can regularly backup their data. And, if data is encrypted by ransomware, you then have the option to implement this backup and restore operations.
  • Multi-layered Security is Vital – As the EORH found, multiple layers of security prevented their ransomware burrowing too deep within their network and patient data was safely protected.
  • Educate Your Staff – The importance of educating your staff on the dangers of ransomware can never be underestimated. Humans are prone to error and, as one of your first lines of defense, they need to be educated on the threats they may encounter.
  • Limit Network Privileges – A simple method for limiting the spread of ransomware throughout your network is by limiting network privileges and access purely to those who need it. With every user having deep access into your network, there’s an increased risk of one data breach infecting the entire network.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Fileless Malware: The Rise of a New Threat

malware, Phishing Email, Ransomware, Security, , ,
18
Dec 2018

We’re all aware of the dangers of opening suspicious files, but what happens when hackers develop the skills to unleash malware without infected files?

Due to the popularity of file-based attacks, most security software concentrates on combating this particular avenue of hacking. And it’s certainly an effective method of shutting down most malware attacks before they’re able to steal or, in the case of ransomware, encrypt your data. Due to the success of blocking these attacks, hackers have had to go back to the drawing board and evolve their methods of attack in order to become less detectable.

The end result of this evolution has seen a rise in sophisticated hacking methods and, in particular, fileless malware is now beginning to grab headlines. And, due to the lack of knowledge of this development in hacking, attacks have increased in frequency and their success rate has also flourished. As fileless malware could easily hit your organization at any given time, it’s a good idea to educate yourself on the threat.

What is Fileless Malware?

You don’t have to be a security expert to understand that fileless malware is a malware variant which forgoes the use of infected files. Instead, fileless malware takes advantage of trusted Windows components such as PowerShell that are rarely checked for infections. PowerShell is hardly ever used by the average PC user, but it’s an important component that can be used to execute system administration tasks and, therefore, taking control of this is a hacker’s dream.

As mentioned, fileless malware does not involve the use of any files to infect a PC. The most common technique to launch an attack is through spam email which contains a link to an infected website. If that link is clicked then the user is transported to a spoof website where Flash player loads and, at the same time, activates a malicious script that accesses PowerShell on the victim’s PC. Infected PowerShell scripts are then downloaded which allow the hackers to collect sensitive data and transmit it back to a remote location.

How Do You Combat Fileless Malware?

Data leaks can be highly damaging not just for your staff and customers, but also your organization’s reputation. Therefore, with the advent of fileless malware, it’s essential that you understand how to protect your business from its malicious activity. To help you keep one step ahead of fileless malware, make sure you action the following:

  • If you don’t use PowerShell in your IT operations then disable it. This nullifies the threat of any PowerShell exploit. Additionally, the same applies to Windows Management Instrumentation which has also been discovered to be vulnerable to fileless malware.
  • Monitor the amount of data leaving your network. If there’s a spike in data leaving your network then it’s possible that this is the result of malware transmitting sensitive data to a remote hacker.
  • Don’t rely on antivirus software alone as this is less effective when it comes to fileless malware. Instead, practice vigilance and monitor any unusual emails.
  • Disable macros at all costs, unless they’re company approved, as macros are another tool employed by hackers as part of a fileless malware attack.
  • As ever, regularly update your software to reduce the chance of known software vulnerabilities being exploited.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Emotet: A Clever and Dangerous Brand of Malware

Emotet, malicious code, malware, Security, Security Threats, Trojans, , , , ,
11
Dec 2018

There’s no such thing as good malware, but some is certainly less trouble than others. And, when it comes to the Emotet malware, some are very dangerous.

First discovered in Europe in 2014, Emotet soon began to spread around the world and, before long, was infecting PCs in the US. Comprising several different functions and methods of attack, Emotet is a type of malware which has persisted in the digital landscape due to its constant evolution. Taking advantage of user errors and vulnerable systems, the hackers behind Emotet have managed to infect huge numbers of systems over the last four years. And it would appear that those who are coding Emotet are getting even cleverer.

Due to the severity of Emotet, and the lessons you can learn from it, I’m going to take you through the basics of Emotet.

What is Emotet?

Emotet is known as a banking Trojan due to the way it specializes in stealing user credentials including banking data as well as numerous other credentials. This is achieved by the injection of malicious code into infected computers which allows Emotet to transmit sensitive information.

As with numerous other brands of malware, Emotet delivers its payload through a combination of malicious URLs and infected attachments. Key to spreading the Emotet malware throughout a network is the way that Emotet takes advantage of the EternalBlue vulnerability, an exploit which affects unpatched versions of Windows XP through to Windows 7.

There is, however, more to Emotet than just stealing sensitive data. Adding another string to its bow, Emotet is also responsible for downloading other types of malware to infected PCs. These can include further banking Trojans such as TrickBot or modules as diverse as Outlook address book grabbers and spambots.

Why is Emotet So Clever?

The hackers behind Emotet are highly talented and this is why Emotet is so difficult to detect. Dedicated to their software, the hackers regularly update the code behind Emotet and this is then communicated to compromised systems. This change in Emotet’s DNA allows it, therefore, to remain undetected. Just as security experts believe they had identified the key signature of Emotet, they’re faced with a new variant which renders their work redundant.

New research has also revealed that Emotet’s Command and Control (C&C) server is split into two separate clusters. By designing their C&C server in this manner, the hackers can ensure that the source of Emotet is harder to track down. Additionally, this split of the C&C server allows Emotet to keep functioning if either of the clusters suffers a technical issue. For authorities, disabling this setup is highly difficult and underlines why Emotet has been so successful.

How Do You Protect Your PC from Emotet?

It’s important to protect your organization from malware at all times and variants such as Emotet are the perfect demonstration of why it’s crucial. So, if you want to maximize your defenses, make sure you follow these best practices:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 17 18 19 20 21 29