Understanding computer exploits like malware and viruses and how to prevent them, are basic business survival skills these days regardless of your organization’s size. Just like other technologies, security compromises are getting more innovative. It pays to be aware of how to prevent infection and if compromised, lessen the risk of damage.
A computer exploit can involve any number of malicious codes that can be designed to capture personal information (name, address, passwords, even financial information), destroy data, or hold your data for ransom! Exploits such as viruses and malware may use a variety of delivery methods, and cause different types of damage. The malware designers take advantage of the same technology and processes that we use every day, stealthily working out ways to lure unsuspecting users into executing the code.
Here are two current trends using computer exploits:
Phishing/extortion scams
The purpose of typical phishing or extortion scams is to get the recipient to provide personal information, or introduce malware into his or her their system by clicking an attachment or link, which executes malicious code. Whether a mistyped webpage that strikes fear imploring you to call a number, or a message that arrives in your inbox under the illusion that it has been sent by a legitimate institution, the methods are endlessly creative to compel you to take action. Many of web and spam filters are aware of these core threats, and actively block content containing elements of suspected viruses or malware, but it is important to understand that NO filtering can be 100 percent effective given the pace that these threats morph and change. The end user has to be vigilant in his or her scrutiny during day-to-day work and processes.
Prevention for phishing
If you receive an email that is a suspected phishing scam or unsolicited email with suspicious attachments, DO NOT CLICK ON ANY LINK, OPEN ANY ATTACHMENTS (usually sent as compressed, .zip files), supply personal information, click a link or attempt to contact the sender in any way. If you are compromised, shutdown your system and contact your IT service provider to quarantine possible damage.
Ransomware
Ransomware is the one of the more severe exploits of late that, once it gets inside a host computer, it can render most of your data unusable. If installed, the process connects to illicit servers; uploads sensitive info like your public IP address, location, and system information; and generates a random encryption key. That key begins encrypting individual files, both on your computer and on any mapped, shared or external drives, shared networks or cloud-based storage. Once encrypted copies of those files are created, originals are deleted from the hard drive, preventing users from accessing them.
The scariest aspect of the latest ransomware, called CryptoWall, is that it’s spreading via spoofed email arriving as an apparent pdf attachment (but it really isn’t). Worse yet is “malvertising,” via compromised banner ads on legitimate websites like Yahoo, AOL and MSN. The infection is transmitted via Flash, so if a user simply visits an affected website with Flash enabled his or her browsers, the user’s PC can be infected without even clicking on anything malicious. This means most anti-virus programs are unable to prevent CryptoWall, leaving the computer and user vulnerable.
There are two telltale signs of infection by ransomware: 1) If you attempt to open a file and the data is jumbled or not displaying properly, and 2) If you attempt to open a file and get something like “DECRYPT_INSTRUCTION” instead. This will provide instruction for paying a ransom (usually $300 to $1,000) and obtaining a decryption key, which sometimes works to retrieve data and sometimes doesn’t. Even when it does, it’s a time-consuming task.
Prevention for ransomware
Have a trusted IT professional assess and baseline the security of your systems. Limiting admin rights for user PCs, applying DNS filters, implementing strict browser settings and employing constantly updated behavioral anti-spyware can help. But these are complicated measures with which most managers, directors or staff doesn’t have the time or ability to keep up. Only proactive security steps and nonstop vigilance will properly address the morphing nature of these technological threats.
Validate ANY link in ANY unfamiliar email before clicking on it. Malicious links arrive in spam emails — many disguised as FedEx, UPS, or USPS shipping updates — every day. Make sure you hover over all links and look for legitimate IP addresses, not long strings of random characters, before clicking. If you weren’t expecting anything, don’t open the attachment. All it takes is one click by one employee in his or her personal email account while at work to compromise the data of your entire organization.
Avoiding the threat of viruses like CryptoWall is possible with diligent and continuously updated security measures. Even with the best security efforts, there still will be potential for errors with browsing and email use, which makes a strong backup solution critical to the ability to recover your business data.
Disaster recovery planning
Exploits can be minimized but aren’t always possible to stop. Planning for a backstop and thriving after a virus attack is a must. Organizations should be creating comprehensive image-based off-site backups at a minimum once a day. There are subscription services that can do this effectively and economically, and the small investment is more than worth the lost time and productivity of reconstructing your organizations data and environment.
Exploits don’t have to have the last say where your data is concerned. While prevention is most desirable, a bit of planning and ongoing attention will allow for a predictable recovery path if the worst does happen.