Security Top Tips – How to spot malware
22nd May 2020
Malware (short for Malicious Software), can come in various forms, most commonly known as Trojans, Worms, Spyware, Adware and Ransomware. There are many methods these attacks can gain access to your system, the most popular being phishing campaigns – this a method in which an email is sent to a user that either contains a link to a malicious website, or an attachment that delivers a malware payload.
The impact of a breach really does depend on the attackers’ goal:
Ransomware is so prevalent due to the simplicity of the attack, lost cost availability of the tools to deliver the attack, and the potentially high reward. These attacks are very noisy, very disruptive, and can be very costly to recovery from.
Extortion attacks are, again, much more sophisticated and typically involve stealing, or cracking, a users’ credentials and impersonating the victim. The attackers generally start internal phishing attacks targeting employees in the accounts department in order to trick them in to sending payments to an account that the attacker controls.
Data ex-filtration attacks are less disruptive, are more sophisticated in their nature as its designed to raise the least amount of noise to avoid detection, and largely go undetected.
The damage caused by a breach can also extend beyond the organisation’s systems itself in the form of reputational damage resulting in losing customers, and therefore business.
Whilst this sounds scary, there are certain things you can do to protect against this from happening, and even mitigate the impact if it is too late to prevent. Want to know what our cyber-security top tips are? Keep reading…
It is becoming outdated to rely solely on static passwords (essentially a password including a variety of characters), which is why we always recommend the use of Multi-Factor Authentication (MFA). This means that if a user’s password is compromised, hackers are faced with at least one additional barrier.
Despite the increase in the use of MFA, static passwords are still incredibly common, so if this is what you choose to use then you should ensure that it is at least strong!
You can make certain of this through using a minimum length of eight characters and the random use of characters (i.e. do not use capital letters as the first letter). We also recommend that you use a password keeper such as LastPass to avoid the headache of remembering a multitude of complicated passwords!
This is perhaps the most important step as most viruses and malware rely on an individual giving them access to the network. According to Verizon’s 2019 Data Breach Investigations Report, a staggering 94% of malware attacks were delivered via email! Do your staff know how to recognise a suspicious email or link? If not, make sure you employ regular training, ideally centring around phishing emails to ensure that your employees are educated and on alert. It’s good practise to only open emails from senders you know or recognise and then delete anything that doesn’t look right. Spam emails can typically be spotted due to typos or grammatical errors, although don’t rely on this – phishing emails are getting ever more sophisticated!
Ensuring that anti-virus software is installed on all computers is a must if you want to be protected from opportunistic attacks. But ensuring that the estate is fully managed is essential to maintain the security posture. Malware is becoming increasingly sophisticated and, in many cases, will attempt to disable protection mechanisms on the target. Being aware of, and reacting to, endpoints that have their protection disabled is key.
Ensuring that the security product has the latest updates is also crucial in detecting known threats and, again, will help prevent opportunistic attacks.
If you enforce regular back–ups and your files are held to ransom, you won’t have to pay an attacker if they are stored somewhere else! However, we would recommend that you employ offsite back–up in addition to the back-up that you hold onsite. With the ever-evolving sophistication of viruses, there is the potential of a crypto virus encrypting your onsite back up files… A disaster if you don’t have them backed up offsite! A full back up of your system and data using an external location would ensure the recovery of these files and therefore reduce the impact of the attack.
Our Senior Engineer, Matt, is always repeating the mantra “a backup is not a backup until it has been tested”. Despite their critical function within the organisation we still find that many companies implement their backup systems as though they are ‘set and forget’ with little review and testing.
By now I imagine we’ve all heard the story of Maersk who were hit by the NotPetya ransomware in 2019 and discovered that of all their systems being backed up the most critical ones were not.
Are backups being monitored effectively?
Hopefully it’ll never happen to you, but if there is a disaster recovery scenario how confident are you that you’ll be able to fully recover from an incident?
As the shift towards the cloud becomes ever more apparent the reliance on traditional firewalls is decreasing as the focus is shifting towards edge-security.
That being said brute forcing known ports, such as RDP, still remains one of the top attack vectors due to its low effort/high reward ratio and is an often-overlooked configuration.
What can be done? Implement MFA on any public facing portals, where applicable. Lock down your management ports. Implement IDS/IPS technology to combat the opportunistic attacks. Regularly review the inbound/outbound policies and remove any redundant policies.
A Cyber Essentials accreditation is a great way to ensure that your cyber security is up to date and relevant. Through this accreditation, any threats or weaknesses in your current security policies would be highlighted, in turn allowing you to update your technology and protect against any future malware threats.
A big plus in undertaking this, is in demonstrating your commitment to data security! You will not only be giving your clients peace of mind but the current demand for cyber certification in tenders, means you could potentially increase your revenue in winning future business!
Fortunately, this government backed accreditation is very affordable and can be completed in just 3 months.
Over the last 5 years, we’ve helped a wide variety of businesses achieve their Cyber Essentials accreditation, so if you’re a business that takes their cyber security seriously and would like to put the approved measures in place to become certified then get in touch with our experts today. If you want to find out a little more, just click here.
Alternatively, you could go one step further and invest in a Security Operations Centre. So, what is SOC? Many large organisations have an inhouse team of cyber experts to protect their business, however SME’s sometimes lack the resource to do this and in turn neglect their own security policies and technology. At Stripe we believe every business should be protected, no matter the shape or size, so we provide enterprise level threat detection and incident response capabilities at a fraction of the corporate price tag.
How do we do this? Our dedicated team of cyber analysts are able to detect and prevent attacks by combining in house hybrid technologies and Microsoft’s Advanced Threat Protection to monitor and protect your systems 24/7, ultimately providing a fully managed security solution to defend your organisation.