In 2020, 61% of organizations experienced malware activity. That percentage has grown to 75% since then. This begs the question: “how do I handle malware?”.

What is Destructive Malware?

Destructive malware is a malicious code that destroys data. As you can guess, having your assets and data destroyed can be detrimental for your company’s daily operations.

Typically, malware will target a vast array of systems executing across multiple systems in a network. It uses various communications tools to spread itself which includes:

• Worms sent through email and instant messenger
• Trojan horses
• Virus infected files 

Since malware has the capability to execute in a myriad of ways, it is important for organizations to assess their environment for atypical channels for malware delivery throughout their systems.

Some systems that should be assessed include Enterprise applications – specifically those that directly interface with and impact the different hosts and endpoints. Common examples include:

• Patch management systems
• Asset management systems
• Remote assistance software 
• Antivirus (AV) software
• Systems assigned to system and network administrative personnel
• Centralized backup servers
• Centralized file shares

Additionally, while these are not specifically applicable to malware, threat actors could compromise additional resources to affect the availability of important data and applications such as:

• Centralized storage devices
• Network devices

How do I prevent Destructive Malware?

As mentioned earlier in the article, 75% of malware attacks come from person-to-person communication. Ultimately, this shows that there needs to be an emphasis on company policy and procedures for proper communication amongst workers.  

Best Practices

For starters, you should make sure that your network is segmented. In addition to your network being segmented, you should make sure your access control lists are configured to permit server-to-host and host-to-host connectivity via the minimum scope of ports and protocols.

For enterprise systems that directly work with different endpoints, make multi-factor authentication a requirement for interactive logons. Furthermore, ensure that authorized users are mapped to a specific subset of enterprise personnel.

Be sure to audit and review security logs for anomalous references to enterprise-level admin and service accounts. And be sure to review network flow data for signs of abnormal activity, including:

• Connections using ports that do not correlate to the standard communications flow associated with an application,
• Activity correlating to port scanning or enumeration, and
• Repeated connections using ports that can be used for command and control purposes.

In terms of file distribution, when deploying patches and signatures in an enterprise be sure to stage the distributions to certain grouping of systems. Additionally, monitor the patches and signatures that are distributed out.

Ultimately, destructive malware can destroy valuable assets that your company needs for it’s daily operation. Understanding how malware operates is the first step in defending against it. 

Please contact us today if you would like to further discuss malware and let’s talk about how Wowrack can help enhance your security. 

The post How to Handle Destructive Malware appeared first on Wowrack Blog.

Have you seen a similar message or pop-up as you browse through the internet? These kinds of pop-up messages are fake virus warnings, and clicking on one of these links may result in your computer getting infected for real.  

This begs the question “How is that possible?”. Because those suspicious pop-up messages are designed with the intent of getting its audiences to install malware on their devices. 

So, What is Malware?  

Malware, or malicious software, refers to any kind of software designed by cybercriminals to infect a device (laptop, PC, and mobile devices) and steal data from it.  

Aside from data loss, getting infected by malware can also result in the device systems getting destroyed. Research by AV-Test Institute has found that as of now, there is more than 1 billion malware out there and that around 560,000 new malware are detected everyday. This makes it even more urgent for every user to know why protecting their devices against malware is crucial and how to do so. 

Types of Malware 

Understanding the types of malware that exist today is one way to protect yourself from it. These are the types of malware out there: 

• Ransomware 

Ransomware is a type of malware that is designed to lock a computer’s systems, files, or applications. To regain access, or to prevent their data from being leaked to the internet, the user will be asked to pay some specific amount of money, or a ransom, to the attacker. 

• Spyware 

As the name suggests, spyware is software that can monitor all the activities and information on a person’s devices This information will then be sent to a third party. 

• Adware 

Adware is a type of malware that keeps on displaying advertisements or pop-ups whenever the victim goes online. Users often install adware on their PCs unconsciously when they download paid software for free or when they click on pop-up links on websites that offer paid content for free.  

• Scareware 

As mentioned in the example earlier, scareware is malicious software that is designed to scare its targets into thinking that their device has been infected by a virus. This is being done so that their victims will be tricked to click on suspicious links and download fake “antivirus software” that may end up being dangerous.  

• Viruses 

A virus is a type of software that is designed to perform malicious actions on the target’s device or network. Viruses can come in the form of an e-mail attachment, or an attachment found on a suspicious website, and once the file is downloaded and/or opened, the victim’s device will get infected.  

• Trojans 

Trojan, or Trojan horse, is malicious software that often appears to be harmless and legit but is dangerous. Due to their deceiving appearance, many install them accidently. Trojans are usually designed to steal sensitive data and/or spy on their victims and can come in the form of e-mail attachments or files on a website.  

• Worms 

A computer worm is a type of malware that can replicate itself from computer to computer, without the need for human intervention, and also without the need of attaching itself to software/programs.  

• Fileless Malware 

Fileless Malware is malware that hides in the user’s computer systems. It is called ‘fileless’ because it does not require the user to install malicious files on their desktop. This makes it hard for traditional antivirus software to detect because they usually only focus on scanning files.  

Why Malware is Dangerous? 

From knowing the types of malware available out there, we can conclude that malware can be very dangerous as it can: 

• Slow down your computer 
• Give cybercriminals access to sensitive information 
• Lead to data loss and breach 
• Disrupt business operations 

How to Protect Yourself

Now that we know the types of malware and how harmful they can be, what should we do to protect ourselves against them? Can we prevent them from infecting our devices? 

The good news is, yes. These are some of the things you can do to you to protect yourself against malware: 

1. Protect your endpoints 

The moment when cybercriminals gain access to your endpoints is also the moment when they gain access to your company’s networks. This makes protecting your endpoints very important and we recommend you invest in high-quality endpoint protection software that can detect threats automatically without the need for human intervention, or the need to connect to the internet.  

SentinelOne is endpoint protection software that we can recommend for you as it is software that can also detect and stop fileless malware from infecting your systems, which is not something that traditional antivirus software can do.  

2. Be careful when you surf the internet 

Never click on pop-ups or unknown links, no matter how convincing they may sound as they may be a trap that intends to lure you into downloading unwanted files or software. Cisco Umbrella is software that can help you with this, as deploying it will prevent not just you, but all the people in your house, or your company from clicking on suspicious links.  

It is also important to only purchase or download applications from the official website or app store instead of relying on ‘free’ websites that may be misleading.  

3. Regularly update your software 

A lot of malware tries to take advantage of software vulnerabilities. Therefore, keeping your applications always up to date is one way you can protect yourself from malware infection, as software updates usually also include the latest security patches and keep you away from potential threats. 

4. Only connect to secure (encrypted) networks 

Cybercriminals may exploit unsecured network connections as a way to distribute malware. They can put malware and files on your device if you allow file-sharing across a network. They can also cause a pop-up window to appear as you connect to the network, and clicking on them will install malware on your device. This is why it is very important to always only connect to secure networks, and when you want to use public Wi-Fi, make sure to utilize your company’s VPN to stay safe.  

Having your own company’s VPN for your employees to utilize is very important in keeping everyone safe. This is a best practice that we use ourselves.  

5. Stay educated 

Malware attacks these days often try to take advantage of a company’s employees. Research by Kaspersky and B2B International found that the major contributing factor to malware and targeted attacks are employee carelessness and phishing. Thus, it is very crucial to continually stay educated, and educate the people around you, regarding the current trends in cybersecurity, how to avoid clicking on unwanted files or links, and the best practices on how to stay safe as we use today’s technologies.  

The Latest Trend in Malware 

As mentioned previously, keeping up with the trends on cybersecurity-related issues is one way you can protect yourself against them.  

The current trend in malware suggests that attackers are targeting gamers. Ever since the pandemic, the number of people who play video games has been on the rise, and so is the number of cybercriminals targeting those gamers.  

Kaspersky found that there were over 384,000 users affected by almost 92,000 malware or unwanted files between July 1st 2021 and June 30th 2022. Unbeknowist to the gamer, attackers disguse these malicious files as video games. Furthermore, the research also found that the attackers often target gamers who download games from untrustworthy sources (or third-party websites) for free. 

The malicious software can spy on any data entered on the keyboard, take screenshots, and steal sensitive information from the people who download them. This includes information on the victim’s login credentials, crypto wallet, and other banking details.  

This reminds us that we also need to educate our kids, or the younger generation about the importance of protecting ourselves against malware as now we learn that cybercriminals are not just targeting big corporations, but also small and medium ones, and they are also now targeting the younger generation.  

How Wowrack can Help 

Protecting yourself and your loved ones against malware and other security threats out there is very important, and it should not be a difficult process. Wowrack is committed to helping businesses to be able to grow in this era, where cybersecurity has become more important than ever.  

Wowrack Managed Service can help you deploy SentinelOne, software that can protect all your endpoints from malware and unwanted files autonomously so you don’t have to go through the process yourself. We can also help you deploy Cisco Umbrella which can prevent you, your employees, and your family from clicking on questionable links to prevent downloading unwanted files and getting infected with malware. Veeam is software that we can help you deploy for backup purposes so that you won’t have to worry about data loss.  

Moreover, Wowrack Security Operation can also help you prevent getting any malware from infecting your devices and systems by doing a regular checkup on your systems and networks for any suspicious activities.  

Let’s together build a safe and secure environment for your business and loved ones. Contact us now and let us know how we can help you.  

The post Everything you Need to Know about Malware appeared first on Wowrack Blog.

Clicking on those links, downloading those files, and entering your details on those suspicious sites can result in not just your personal data being stolen, but sensitive data from your company can also be affected.

How is that possible? Because cybercriminals use those phishing messages to trick their targets into installing ransomware on their personal or company devices.

What is Ransomware?

Ransomware is a type of malware (malicious software) that is designed to lock systems, files, or applications, preventing its user from accessing them. To regain access and prevent sensitive data from being leaked to the internet, users will have to pay a specific amount of ‘ransom’. Cybercriminals who use ransomware to attack their targets usually accept payments through wire transfers, credit card payments, or cryptocurrency.

However, even though ransomware itself has been around since 1989, the shift in working patterns ever since the COVID-19 pandemic has contributed to why ransomware attacks have been on the rise since 2020, as the Working From Home (WFH) policy has made it harder for companies to keep track of their corporate and employee devices, networks, and systems. This also explains why we have been getting lots of phishing messages lately.

Research  also found that 3.4 billion phishing e-mails are sent daily. Data from Statista also revealed that 2 out of 3 ransomware attacks are being carried out through phishing e-mails, and other sources of ransomware attacks include malicious file downloads and/or online advertising that tricks people into getting infected by malware, or malvertising.

Nowadays, even people who don’t have the specific skills or resources needed to launch a ransomware attack can easily attack with the availability of Ransomware as a Service (RaaS) on the dark web. With RaaS, ransomware developers can sell ransomware variants to all kinds of buyers, making ransomware an even more urgent problem in society.

Ransomware Statistics and Trends

In 2020, the US FBI’s Internet Crime Complaint Center (IC3) reported that based on the cases reported to them, approximately $30 billion is the total amount of combined losses due to ransomware attacks. The 2022 Data Protection Trends Report by Veeam also found that out of the surveyed individuals and businesses, only 24% were not attacked by ransomware — or they were unaware of an attack, and only 16% were attacked once in 2021, while 60% were attacked twice or more.

Another factor that contributes to the rise of ransomware, in addition to the shifting working patterns, is the lack of proper cyber security training that companies give to their employees. Research by Statista has found that in 33% of ransomware infection cases, the factor that contributed to the attack was the lack of training that the employees receive.

Recent Ransomware Cases

Over the past 2 years, there have been a lot of cases where giant companies get infected by ransomware. These are some of the notable cases:

Nvidia

Nvidia, a manufacturer of Graphics Processing Units (GPUs), recently got their data stolen by ransomware group Lapsus$ on February 2022. The group claimed that they had stolen around 1TB of Nvidia’s sensitive data. Nvidia has also confirmed that it has been hacked and that the hacker has leaked employee credentials and other information on the internet. Have I Been Pwned (HIBP), a data leak monitoring website reported that 71,000 Nvidia employees’ credentials and passwords of their windows accounts have been stolen and shared on hacking forums.

University of California, San Fransisco

The University of California, San Fransisco’s School of Medicine’s IT environment got attacked by The Netwalker Ransomware operators in June 2020. The attackers obtained some of the university’s data and also made some of the School of Medicine servers inaccessible through malware that they launched. The university has confirmed that it paid approximately $1.14 million, to the attackers to unlock the encrypted data and get their data back.

Colonial Pipeline

Colonial Pipeline, a pipeline operator in the US, experienced an attack on May 2021. The ransomware program that attacked the company was created by DarkSide. The hackers gained access to the company’s shared internal drive, and the company has confirmed that it had paid the $5 million ransom to get the pipeline back up and running. The attack was caused by a breached employee password found on the dark web that was not protected by a Multi-Factor Authentication and not caused by a direct attack on the company’s systems.

Quanta

Quanta, Macbook’s supplier, was attacked on April 2021 by ransomware group REvil. The attacker claimed to have stolen the blueprints for Apple’s latest products at that time. REvil demanded $50 million ransom fee from both Quanta and Apple.

Accenture

Accenture, a global consulting firm, also became a victim of an attack carried out by ransomware group LockBit in August 2021. The group demanded $50 million for 6 TB of data from the company. According to VX Underground, which has a collection of malware source codes on the internet, stated that the attacker has released more than 2,000 files from Accenture to the dark web for some time. The files include case studies and presentations.

How You Can Protect Yourself from Ransomware?

There are several things you can do to protect yourself from ransomware, these are some of them:

Regular backups

We learned that ransomware attacks cause companies to lose access to their systems and data, so regularly backing up your data can help you ensure business continuity as you can always still restore your data. We recommend you invest in reliable backup software instead of relying on manual backups. Veeam is a backup software that can help you by providing 100% ransomware-proof backups, and we can help to deploy Veeam for your enterprise.

Access control

It’s important to only give users access to the data that they need for their work so that monitoring can be done easier. We also recommend you always require Multi-Factor Authentication for users who want to access the company’s systems or data, to prevent unwanted parties from gaining access.

Employee training

We have learned from Colonial Pipeline’s case that ransomware attacks can be carried out as a result of an employee’s mistake or lack of security awareness. Companies can prevent this by regularly providing security training for their employees, and why is it important to always connect to the company’s VPN, regularly check for software updates, use Multi-Factor Authentication, and beware of phishing messages.

Endpoint protection and monitoring

Protecting and monitoring all your organization’s endpoints is very important in preventing ransomware, but relying on manpower or having traditional Antivirus software may not be enough for this. We recommend you invest in endpoint protection software that can automatically detect and respond to threats before they infiltrate your corporate systems and networks. SentinelOne is an autonomous endpoint protection software that we offer and utilize here in Wowrack, and we can help you deploy it for your enterprise as well.

Read More: 3 IT Strategies to Combat Ransomware 

How Wowrack Can Help

Ransomware is a very urgent and crucial issue these days. Cybercriminals don’t only target big corporations for their next ransomware attack. They can also attack end-users and/or small and medium-sized companies.

However, protecting yourself and your company against ransomware doesn’t have to be a complicated process. Your data security matters and we want to help prepare you so your business can continue to move forward in this era where cybersecurity is a top priority for everyone.

Wowrack Security Operation can help you prevent data loss and data breaches from ransomware by regularly monitoring your systems and networks for any compromised user. Wowrack Managed Services can also help you deploy Veeam, a reliable backup software that can help you to recover all data quickly.

As mentioned previously, we also believe that protecting all your endpoints is important, and we can help you deploy SentinelOne for that. Moreover, with the growth of fake websites, we also think it is important for you and your employees to have a tool that can prevent you from clicking on suspicious links, and we can help you deploy Cisco Umbrella for that.

Ready to protect your business from Ransomware? Schedule a consultation with us now and let us know how we can help you.

The post What is Ransomware and How to Deal with It appeared first on Wowrack Blog.