5 Ways to Combat Malware

Office IT, Security, ,
15
Aug 2017

Privacy-ShieldThe impact of a malware attack can be highly problematic for organizations, but if you know how to protect yourself, it doesn’t have to be so bad.

Whilst it’s certainly easy to know when you have been hacked, it’s just as easy to prevent falling victim to malware in the first place. And when you consider just how devastating a malware attack can be, the need for this prevention suddenly becomes apparent.

To help keep you on the right side of security, I’m going to show you 5 ways to combat the threat of malware.

  1. Educate Your Team

The best form of defense against malware isn’t necessarily state of the art software combined with highly paid security experts, it’s actually your own employees. And this is because almost all malware attacks are down to human error such as opening an infected email attachment or falling for a phishing email scam.

However, by educating your employees, you can begin to inform them on the number of different methods that hackers may use to launch a malware attack. Knowledge is a highly valuable weapon when dealing with malware, so make sure your employees are armed with the relevant information to help protect your systems.

  1. Run ALL Updates and Patches

Microsoft-and-Adobe-Windows-Security-patch

Security vulnerabilities in software are one of the most common routes for hackers to deliver their malware to your system. Thankfully, many of these security vulnerabilities are picked up the software publishers and updates/patches are released to rectify these flaws.

Once these vulnerabilities are public knowledge, though, the hackers are bound to try these routes in their next set of attacks. And the hackers know that many people fail to install updates/patches as soon as they’re prompted, so this can severely compromise their system.

  1. Segment Your Network

Older devices on your network may – due to the age of their relevant operating system – no longer receive support or patches and this puts them at an immediate risk from malware. Rather than leave these devices on your main network, it’s recommended that they’re taken offline and have a separate network for these devices with no internet connection. Immediately, by taking out the weak links, you’ve strengthened your defenses.

  1. Use Antivirus Software

Sure, antivirus software is usually a day or two behind any major malware attacks, but it still remains a fantastic way to cope with the day to day threats of malware. Helping to identify the most well-known and common malware threats, antivirus software can help to significantly reduce the risk of a malware attack taking place on your systems. Not only can they quarantine the threat (to help aide identification), but they can also put an immediate end to that piece of malware.

  1. Backup ALL Your Files

CR-BG-Computer-Backup-System-Hero-08-16

With ransomware becoming a bigger and bigger threat to your data, it would certainly pay to make regular backups of ALL your files. With this data backed up, even if you do fall victim to a ransomware attack, there’s no need to pay the ransom as you can simply access your backed up data. However, please note that you need to keep at least one copy of this data offline in order to protect yourself fully.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

IBM Ships Malware Infected USB Drives by Mistake

hardware, Security,
08
Aug 2017

IBM-LogoMalware is a particularly virulent strain of hacking and can spread very quickly. However, when it gets help from a tech giant, it can spread even quicker.

It’s now been discovered that IBM have, quite accidentally, managed to ship USB flash drives containing malware. Now, the hacking threat of USB sticks is a readily acknowledged problem in the world of computing, but these attacks originate from anonymous, concealed hackers. IBM, obviously, haven’t gone out of their way to commit such malicious attacks, but the fact remains that it was their product which was used to help spread this infection.

It’s a highly embarrassing revelation for IBM and, once again, reinforces the fact that you need to be continuously on your guard against malware. Let’s take a look at exactly what happened and how one of the biggest names in computing found themselves duped into becoming a delivery method for malware.

How IBM Infected its Customers

Organizations are constantly facing a battle to create more storage for the increasing amounts of data involved in business, so IBM created the Storwize storage system. The installation tool shipped with the Stowize V3500, V3700 and V5000 is housed on a USB flash drive for ease of use, but it’s this flash drive which has been pre-loaded with malicious software.

Normal installation of the IBM tool usually takes place in a temporary folder on the computer’s hard drive, but the infected drives also install a malicious file to this temporary folder. This malicious file then sets about editing the user’s system registry in order to load up the malware every time the user logs on. A number of different Trojans – such as Pondre, Reconyc and Faedevour – have all been detected on the USB drives and this points towards the involvement of cybercriminals.

Naturally, IBM is very embarrassed by the whole fiasco and have been reticent to disclose information on how these USB drives came to be infected and just how many users are at risk. What they have advised is that the infected flash drives will have the part number ‘01AC585’ clearly labelled on them, so, at the very least, IBM customers can quickly check if they’re open to infection.

Treating the Infection

usbmalware

IBM’s immediate solutions to the infected USB drives are as follows:

  • Run your antivirus software to identify and remove any threats. The Trojans contained on the USB drives are well known and easily treated once caught.
  • Destroy the drive as soon as possible to completely eliminate the threat. IBM have now made the required (and non-malicious) software available on their website, so the need for the USB drive is now redundant.

Whilst this should rectify the risk of your system becoming compromised, it does little to quell the bad PR it’s caused for IBM. It also hammers home the fact that hackers are looking for more ingenious ways to deliver their malicious payloads, even having the nerve to piggyback their way onto systems through official IBM products. Obviously, the telltale signs of infections will still be there, so if you aren’t already running the following checks, you should certainly start:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

DNSMessenger is a New Method of Cyber Attack

Security, Services,
04
Jul 2017

DNS-Messenger

We’re used to hackers using conventional attack strategies, so, although we can defend these, it means hackers are looking for more discreet attack methods.

And, just recently, hackers have been looking to exploit routes in and out of our PCs which are not usually monitored for malicious activity. It makes sense for hackers to seek out these poorly defended access points as, for hackers, the best hack is an easy hack.

For businesses, though, it raises a lot of questions on just how in-depth and conscientious your security efforts need to be; in order to help you understand the situation and nature of these attacks, I’m going to discuss the DNSMessenger threat.

DNS as a Means of Attack

The Domain Name System (DNS) is the method by which the domain name of a website, computer or network is converted into an IP address which is a numerical code that can be recognized by PCs e.g. one of the many IP addresses for Google is 74.125.224.72

Now, as DNS helps PCs to communicate with many other systems, it provides a very useful route for hackers to breach defenses. Thankfully, it’s very difficult for hackers to hack directly into the DNS channels, but by using a malware exploit they can gain access. And it’s all part of a trend in the evolution of malware.

Users are prompted to download an MSWord document – containing malicious code – through an email phishing campaign which sets the attack in motion. The malicious payload is written in the Powershell language which permits administration tasks to become automated. It’s at this point that the hackers can identify user privileges and plan the next step of the attack which utilizes the DNS.

Using the DNS, hackers are able to send commands directly to the user’s system and effectively have free rein over that system. What’s particularly deceptive (and clever) about this attack method is that it’s very difficult to monitor; few systems monitor DNS traffic and Powershell operates purely in the system’s memory rather than relying on external files which are easily identifiable.

Combatting DNS Attacks

Security-Icon-Microsoft-696x464

Whilst there are niche software solutions that can help protect businesses from DNS attacks, the simplest solution is by educating your staff on the telltale signs of malware and phishing:

  • If you do not recognize an email address then, under no circumstances, click on any links or files contained within it. And, even if you do recognize the sender’s email address, run a quick audit on the email’s content as the sender’s account could have been hacked – badly worded and poorly formatted emails are often a sign of hacked emails.
  • The DNSMessenger attack is only able to unleash its payload once the infected Word document is opened and the recipient clicks on the pop up window prompting them to “Enable Content”. By enabling the content, the recipient is unwillingly giving permission for their system to be hacked, so always treat this request with suspicion.

These preventative methods are fairly simple, but, due to the volume of emails people receive these days, there doesn’t seem to be the time to carry out these quick checks. However, with hackers taking their attacks in new directions which are incredibly difficult to monitor, a few seconds thought could save your systems from a nasty attack.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The Threat of Malvertising

Security,
20
Dec 2016

malvertising

Some websites are seen as trusted, but malvertising is a new threat to the world of cyber security and may cause every website to be viewed with caution.

Now, we’ve all been irritated by online ads whilst trying to enjoy our favorite websites, but, with the advent of malvertising – short for malicious advertising – they’ve reached a new level of irritability. And it’s a threat that has the potential to affect everyone with popular sites such as Spotify and Reuters already falling victim.

As it’s such a new threat, it’s a good idea to familiarize yourself with the signs and symptoms of malvertising in order to protect your data and feel safe.

What is Malvertising?

online_shopping_scam

Popular websites tend not to handpick their adverts and, instead, they turn to third party ad networks who are able to use complex algorithms and read cookies (tracking files left legitimately by websites) to deliver bespoke adverts to visitors.

And, what many people are unaware of, is that when you connect to sites such as Spotify and Reuters, you’re also connecting to a number of other web addresses and these can include third party ad networks. Naturally, this instantly provides a number of routes for hackers to exploit that the web user is completely unaware of.

With malvertising, hackers use these footholds to deliver malicious adverts which may appear to be genuine, but contain malware. Sometimes the web user will need to click on the ad to activate its payload, but many other forms of malvertising will embed scripts in the affected webpage to automate the execution and infect the user.

Malvertising is also particularly effective as it’s able to ascertain details of the user’s operating system and web browser which is crucial for hackers to launch specific attacks e.g. Firefox running on Windows XP will have different vulnerabilities to Internet Explorer running on Windows 8.

Hackers can also target specific individuals by infecting ads which use specific keywords e.g. a lawyer looking for “lawyer briefcase”, so this, again, highlights just how sophisticated and bespoke a method of hacking malvertising is.

Combatting Malvertising

protect_against_advertising

Malvertising may be new, but it doesn’t mean you need to panic about being defenseless. In fact, if you follow the advice below then you should find you’re well protected from malvertising:

  • Keep your browsers updated – Internet browsers such as Chrome and Internet Explorer are designed with safety measures in place to identify websites exploited by malvertising. However, you need to ensure that your browser is up to date to ensure you’re protected from the latest threats.
  • Update Flash – We’ve discussed the security flaws in Abobe Flash before and it’s no surprise to discover that malvertising just loves to exploit Flash. Therefore, it’s crucial that all patches and updates are installed as soon as possible. Or, alternatively, just disable Flash from running at all times.
  • Use ad-blockers – Popular with many users, ad-blockers prevent ads from being displayed and prevent users clicking on them and activating malware. These may, however, block genuine adverts that are necessary, but these can easily be put on ‘exceptions’ lists.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Backdoor Attacks Pose a Real Headache for Cyber Security

Uncategorized,
15
Nov 2016

qqzwoxk

Backdoors are a point of access which can be illegally installed to give hackers free and easy network access; they’re also very difficult to detect.

Unfortunately, for all computer users, backdoor hacks are a form of cyber-attack which is on the rise. And what’s particularly galling for businesses is that they’re becoming harder and harder to combat.

I’ve previously covered variants of backdoor attacks – such as the GlassRAT Trojan – but it’s time I took a closer look at how these backdoors operate.

What is a Backdoor Attack?

Gaining remote access to a computer network is a hacker’s dream, so anything that makes this a possibility will be pursued by hackers; a backdoor to your network is the most straightforward way of achieving this.

It literally is a ‘backdoor’ which hackers can use to come and go as they please without leaving any signs of forcing an entry. And with free rein to access your network, a hacker will seriously compromise the safety of your data and all your systems.

How Do Backdoor Attacks Take Place?

hackw0rm-website-hacking-with-c99shell-backdoor

What’s particularly tricky about backdoor attacks is the number of different strategies they employ to breach your defenses:

  • Software Exploits – Many pieces of software have backdoors built into them that only the developer is aware of. Sometimes this can be to help aid in maintenance, but there have also been reports of government agencies insisting ‘secret backdoors’ are installed to aid security. However, no matter how secret these backdoors are, there’s always the chance a hacker will discover them.
  • Malware – One of the most common methods of establishing a backdoor is through malware which first breaches the network before downloading code to setup a backdoor. As we’ve learned previously, malware can come in many forms such as email attachments and phishing.

Both these methods are troubling as they can take the form of a zero day exploit, so firewalls and anti-malware software are oblivious to these new security threats which leads to a period where the attack simply isn’t detected.

Secondly, the backdoor establishes the hacker with seemingly legitimate credentials and this fails to create any suspicion around the connections being made into your network, so they’re not easy to pick up and gives the hacker plenty of time to run riot.

How to Defend Against Backdoors

Although backdoors are tricky attacks that are difficult to counter, you can still protect your network by taking the following measures:

  • Don’t Forget The Old Methods – Firewalls and anti-malware software still have a place and can detect a high proportion of backdoor activity e.g unauthorized incoming traffic. Therefore, it’s not quite time to dispose of these quite yet otherwise you run the risk of a simple and quick hack taking place.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 21 22 23 24 25 29