AdobeStock_162880673 (1).jpeg

MALWARE

Malicious code is any computer program that can cause harm to a computer and which can damage or expose data. Examples include:

 

VIRUSES:

Viruses have the ability to damage or destroy files and are spread by; sharing infected media (such as a USB drive), opening a malicious email attachment, or visiting a malicious web site.

The ‘Brain’ virus, written in 1986 by Basit and Amjad Farooq Alvi, is thought to be the very first computer virus. The brothers ran a computer store in Pakistan and were so fed up of customers making illegal copies of their software, that they created code to display a copyright message on start up.

WORMS:

Unlike a virus - which requires a user to intentionally or unknowingly transfer it - a worm needs no human intervention. A worm will spread throughout a network by relying on the security vulnerabilities it finds. Worms can carry all sort of malicious payloads, including ransomware, backdoor access or code that will clog network traffic.

The very first worm appeared in 1971 and was written by Bob Thomas of BBN engineering. The program did little but self-replicate and display the message "I'M THE CREEPER. CATCH ME IF YOU CAN!"

TROJAN HORSES:

A Trojan horse appears to be an innocent piece of software but actually contains another, more malicious, program. Trojans can exfiltrate or destroy data; disable security mechanisms, cause a denial of service attack or turn the victim's computer into a proxy. A proxy can be used to commit identity theft, host illegal content or use the victim’s system to attack others.

In 1975, John Walker created a game based on ‘guess what animal I am in 20 questions’. The game was extremely popular but could only be given to friends using magnetic tapes. To make life easier, Walker embedded the game in another program called ‘Animal’. Animal examined the user’s available directories and replicated itself, if it was not already installed. 

MALICIOUS DATA FILES:

Malicious data files exploits weaknesses in the software designed to open them. Classic examples include; a Microsoft Word document containing a macro, an Adobe PDF, a ZIP file, or an image file.  Attackers frequently use malicious data files to install malware on a victim’s system, commonly distributing these files via email, social media, and poisoned websites.

 

MITIGATION STRATEGIES FOR PERSONAL USE:

 

  • USE ANTIVIRUS: Which will detect, block, sanitize or remove malware. However, always download antivirus software from a reputable vendor rather than clicking on advertisements or email links.  Secondly, make sure the product updates to combat new threats and perform a ‘manual’ scan of any new files and folders. Finally, avoid running two anti-virus products at the same time - as they may conflict.  Many modern anti-virus packages will also come complete with a firewall that will block malicious traffic from the Internet.

​​

  • BLOCK POP-UPS: As some contain malicious code. This can be done in any modern browser via the privacy or security settings. In fact, downloading the latest version of your favourite browser is a good idea, full stop.

​​

  • UPDATE SOFTWARE AND PATCH: Newer versions of software and security patches stop attackers exploiting known security flaws. It is absolutely critical that you update your device regularly.

 

  • BE CAREFUL OF LINKS & ATTACHMENTS: Especially within unsolicited email. Macro files, executables and encrypted zipped folders in particular should generate concern.  ​Research suggest that most malware is distributed via email so it pays to be vigilant.

  • BE CAREFUL WHAT YOU DOWNLOAD: If you need to download files or software, go to reputable sources and check out what others have said about the products you intend to install. 

  • MINIMIZE DAMAGE: If systems have been infected

    • Disconnect the computer from the internet.

    • Reboot the computer in safe mode by pressing F8 as soon as the screen lights up.

    • Type 'Temporary files' in the search bar and choose 'free up disc space by deleting temporary files'.

    • Run anti-virus software and delete or quarantine infected files.

    • Run the scan again.

    • Reboot normally, connect to the internet and update the machine (type 'update' in the search bar).

    • Consider using a credential manager to create strong passwords and to store them safely. 

  • MONITOR ACCOUNTS: Such as bank accounts for unauthorized use, or unusual activity. Contact the account provider if there are problems.

​​

  • BACK UP DATA: In the cloud or to an external hard drive. In the event of an infection, critical information will not be lost. Just be sure to back up data, system configurations and anything else of value.  Store backups securely.

​​

MITIGATION STRATEGIES FOR NETWORK MANAGERS

  • EMAIL SECURITY

    • Set up email filters to remove harmful file extensions. 

    • Consider labelling emails that originate outside the company so employees can easily differentiate mail.

    • Set up an alternative platform for sharing documents.

 

  • EMPLOY DNS FILTERING: Consider routing your traffic through a cloud provider that will blacklist malicious websites and enforce your 'Acceptable Use Policy' by monitoring use of the internet.

​​

  • DISABLE AUTO RUN: To prevent external media infected with malicious code from automatically running when plugged in. Application whitelists, created using AppLocker, SRP and WDAC will also prevent the installation of malicious software.

 

  • BE WARY OF USB THUMB DRIVES: It is better to prevent the use of portable media, altogether. However, this is not always possible. In which case, train users to bring found storage devices to the IT department where they can be checked and returned to the rightful owner. After email, USB drives are the next biggest source of infection on our 'hit list' so make sure staff know the risks of using them.

  • TRAIN USERS: Not all security solutions require a vast amount of capital to resolve. In fact, a series of well thought out awareness campaigns can do more to prevent malicious infections then an over inflated IT budget. Help users to understand threats from emails, USB drives and poor surfing habits. Emphasise the importance of reporting suspicious activity as quickly as possible.

​​

  • SURF WITH LIMITED PERMISSIONS: Network managers should never use administrative accounts to perform routine operations. If the account is compromised, the entire network is at risk. In fact, every single user within your organisation must only have the permissions they need to do their job and no more.

  • DOS AND DONT'S:

    • Don't log onto a compromised machine with administrative privileges unless the system is disconnected from the network. This is a classic 'rookie' mistake.

    • Don't keep your backup permanently connected to your network. Store separately and mark as read only.

    • Do check backups procedures are being followed to the letter.

    • Do get to grips with your network architecture, data flows and what systems and services should be running.

    • Do have tried and tested checklists for system isolation, sanitisation and recovery.

See something not quite right? Email: EMSOUCyberProtect@leicestershire.pnn.police.uk