Security is a hot topic in the business community and it is up to the IT departments and service providers to do their best at protecting their businesses, their clients and their data from the numerous threats out there today. Despite the daunting number of threats and malware programs in the world today, the security industry has been able to put the threats into 3 buckets: Ransomware, Data Stealing Malware and Document Malware.
Ransomware, such as the recent Cryptolocker, is easily the most public and most-commonly reported threat. “Certainly, one of the biggest threats facing Canadians right now is something called ransomware. Globally, Canada is number four. They’re seeing over 16,000 attacks per day,” says Kevin Haley with Symantec Security Response.” Recently, the University of Calgary paid the equivalent of $20,000 CDN in Bitcoins, a digital currency considered largely anonymous and untraceable. As of Wednesday, the price in Canadian dollars for one Bitcoin is $739.65.. And what makes this threat so successful is because it is a complex threat chain that can behave in a number of ways, making its arrival largely invisible to the average user.
Through the use of social engineering, the modern era’s new word for lying online, these attacks are highly customised in nature and are regularly targeted towards regions of the world that can “afford to pay” the ransom. Since this malware can sit idle on a file or attached to an existing technology already used by your computer, the initiator of the threat doesn’t need to be persistent in attempting to con your users into activating it because, in most cases, your user will do it inadvertently.
Data Stealing Malware
There are still other older threats that are lurking in the shadows and Data Stealing Malware is still one of the most successful threats. Data Stealing Malware attacks your inherent desire to have too much control or allow users too many privileges or conversely our general lack in properly defining privileges for information access during workstation and setup. As a result, our user profiles allow for multiple security failure points, poor network segmentation set ups and a poor knowledge of your organisation’s network usage baseline. That last point is key: not knowing what your normal baseline usage and activity is makes it difficult to see when suspicious network activity is occurring. It’s the electronic version of Russian Roulette.
Samples of Data Stealing Malware include keystroke logging, screen scrapers, spyware, adware, back doors and bots. These attacks result in file downloads or a direct installation of the files as acting as agents that steal your data and redirect it to another location defined by the initiators of the malware.
And then there still is the old dog on the block, Document Malware. This threat is still around but it’s no longer in the spotlight and this factor contributes to its continued success. The primary delivery method is a file transfer through email attachments or links with a call to action from the end user. These attacks still work for another reason: a failure to run patches in your environment.
Although perhaps not as sexy nor sophisticated as Ransomware or Data Stealing Malware, it’s still as effective at playing havoc with your business operations. Document Malware requires a human to initiateit, such as clicking on a document named “invoice” or a link to a “secure website to authenticate a document for viewing”. And sure, on the surface we all know better – after all we are a technology-driven society – but if that “invoice” was sent to finance or a “resume” was sent to HR, the social engineering behind the email or direct message is not as obvious as the “Nigerian Prince” malware email that we’ve all received and chuckled about
There are solutions in the marketplace that can protect you from these threats. Yes,even the show stopper and currently the biggest cybersecurity threat we face, Ransomware. Beside the best practices that should be deployed and reiterated with your users so that you don’t have to pay the ransom, there are data protection and security experts around the world that all hold a piece of the solution and therein lays the problem: is currently no silver bullet of protection.
Your organization is at risk. If you have not been attacked you will be or you already have been and never knew it. The attackers are counting on you taking the mindset of, “that will not happen to me because we are too small, we host our information on premise, we run iOS (see here for recent Apple attacks) or <insert your best excuse here>.” Plain and simple, your organization is at risk unless immediate action is taken. Just ask the family that paid to get their photos back, or the small wine shop in Calgary, even the tiny radio station that got hit twice in one week, or how one of the many Police Departments or Ottawa Hospital. They’ll be the first to confirm your information is at risk for being held hostage.
Today the best approach to protection is through a collaboration of education, user awareness, diligence and deploying a unified threat management environment in conjunction with a backup and recovery solution.
If you do the above and you don’t fall into the cycle of laziness when it comes to simple care of your environment, ransomware and its other malicious cousins will not be as threatening to your organization and its continued business operations.
Tyler Cairns has been a business professional in the technology world for 15 years. Through the years he has had a wide range of experiences that include working with the world’s largest retailers, government organizations of all sizes, non-profit organizations, education institutions and local small to medium-sized businesses. Tyler’s desire to have his customers plan for failures to help solidify their success, has resulted in his clients being able to address their business needs ranging from the basic levels of infrastructure to the complexities brought forth by cloud or adopting “as a service” solutions and everything in between.