Five years ago, credit card information theft and identity fraud were the two most prevalent forms of computer aided (cyber) theft. In response, individuals, government, and industry developed protection mechanism to address these attacks using solutions like LifeLock, HIPAA, and anomaly reporting and prevention technologies for credit card authorizations. As protection improved, criminals began developing alternative methods to steal from their victims.
The current state of the art for cyber theft is “ransomware”. Ransomware is malicious code that blocks or limits access to applications or files until the required sum of money is paid. The most common forms of ransomware remove access to critical files by encrypting the files on the computer via government grade encryption. The password to decrypt the files is then offered for purchase via credit card or bitcoin transaction.
Ransomware can infect computers within your business through a variety of avenues, but according to the FBI, the three most common infection sources are:
1) Users clicking on a malicious link
2) Opening an emailed file with the malware embedded
You have free articles remaining.
3) By visiting a compromised website (no user interaction required)
The initial infections of the WannaCry ransomware were distributed via email but then spread using a known flaw within the Windows operating system. As a result, once a single computer within an organization was infected, all other computers on the same network were placed at risk. WannaCry also demonstrated one of the risks associated with paying the ransom demand as there was no decryption key that allowed for recovery of the encrypted files.
WannaCry demonstrated that prevention is the most effect strategy to reducing the risks associated with ransomware. For individuals, the FBI recommends the following preventative measures: regularly backup data to offline locations or independent cloud based solutions, only visit known websites and take care when following unknown links or files, keep your software solutions up to date, and ensure that anti-virus and anti-malware software is kept up to date and enabled to scan regularly.
For businesses, the higher value of the data and systems within the organization justify spending on additional defenses against malware and ransomware. The most commonly adopted business protection is the use of a next generation firewalls. Next-generation firewall with malware inspection enabled evaluate each downloaded file against a known list of malicious code. To prevent zero-day exploits (never before seen malicious code) sandboxing technology can be utilized to evaluate what changes an application will make to a computer before allowing the file to be fully downloaded. In addition to firewalls, more advanced anti-malware solutions and AI driven technologies can further improve the defenses by providing alternative methods for identifying and blocking attacks.
One of the most effective approaches available to businesses is to provide training to users on security topics. Ransomware is one of the most visible attacks in the market today; however, security training will provide protection against other high losses scenario such as spear phishing, physical intrusion, social engineering, and business email compromise. Developing a comprehensive security plan can help ensure coverage of the current risks as well as helping to minimize the risk to the organization from unknown future attacks.
Honcoop Technology Services has been serving businesses and government since 2008. Our staff of certified and experienced engineers assist customers across the United States with complex technology planning and implementation services. If the items discussed in this column interest you, please attend the bi-monthly Security Users Group that meets in Billings, MT. For more details, please visit https://www.honcooptechnology.com/sug
One of the most effective approaches available to businesses is to provide training to users on security topics.