Published 23 May 2017
Head of IT
The evolution of malware
The term “malware” refers to “malicious software,” which encompasses viruses, trojans, spyware, adware and ransomware for example.
Computer malware isn’t new. In fact, we’ve been fighting it and the damage it causes for as long as I have been on this planet, and then some. To clear matters up, that’s at least thirty-three years.
Traditional viruses were originally written to perform little or no damage, mostly carrying out tasks such as displaying silly messages on the computer screen. Virus development grew. This meant the payloads they delivered carried out more serious tasks such as erasing computer hard drives and stealing sensitive information. Trojans purported to be legitimate safe programs such as antivirus applications, which in reality were delivering a nasty payload in the background, unknown to the user.
Further development in the mid 00’s brought us adware and spyware which bombarded our computer screens with relentless adverts and popup messages every time we went online. Spyware spied on our internet surfing habits and stole our important login details such as those required to login to online banking or shopping websites.
Fast-forward ten years and we have ransomware. This is an advanced type of malware that restricts access to a computer system and/or files using encryption, until the user pays a financial ransom to the perpetrator, often by way unregulated currency such as Bitcoin. Due to the strong levels of encryption implemented in the attack, users are unable to decrypt their data. In 2017, ransomware is by far the biggest form of malware out there. For instance, take the recent “WannaCry” ransomware attack that crippled the National Health Service in the UK, the Russian government and FedEx in the U.S, to name just a few victims.
The Department for Business, Innovation & Skills (DBIS) reported in 2016 that 68% of businesses surveyed had suffered some form of malware attack. This is a startling statistic considering seven in ten of those surveyed said information security was a high priority.
The DBIS also found that small businesses do not do enough to train their staff. SME’s often mistakenly believe that being small, they will not be a target for malware. This is simply not the case. Think of a fisherman casting a wide net into the ocean, and catching several thousand fish. A small percentage may escape the net, but what’s caught will range from small to large fish. That’s exactly how ransomware works. It is designed to catch anybody and everybody out no matter on their size. In fact, often the easiest targets are small businesses due to their lower prioritisation of information security for such an easy reward.
How can I help prevent becoming a victim?
- Install anti-virus, web filtering and firewalls. This will help to prevent malware from entering the organisation. It’s imperative that businesses ensure that all layers of protection are regularly updated and configured optimally.
- Keep all systems up to date. This statement applies to hardware as well as software. For instance, your router may have a new firmware update that addresses an SSL bug. Implement a robust update procedure for your computer operating systems and third party applications to ensure that all known security holes are patched as soon as possible.
- Backup. Organisations encrypted by ransomware will not be able to decrypt their data. However, data can be restored from a backup system once the infected devices are cleaned. This is, of course, providing the backup procedures have been performed accurately, the integrity of the backed-up data checked and well defined and practised data restoration procedures adhered to. New disaster recovery solutions for virtualised environments are readily available, and should be considered.
- Keep users trained. Malicious emails are the single biggest way that malware infections occur. Often cleverly crafted to trick a user to click a web link to an infected executable file, or open an attachment which in turn executes malware via a macro. Your staff must be trained to spot the hallmarks of an illegitimate email. Tell-tale signs include:- Emails claiming to be from a well-known organisation but with a variant of a legitimate email address such as replacing an “o” for a “0.”- Communications from organisations or relating to topics that come out of the blue. For example, invoices or remittance emails from companies you have never done business with.- Poor quality spelling and grammar.- Attachments that ask for access to run Macros or embedded content when opened. Under no circumstances should users enable this content.- Emails purporting to be from the Managing Director or other senior figure within the business, often asking for transfer of funds to pay an invoice to a company you have never done business with before. Requests such as this should always be verbally checked.
- Implement a robust password policy. Enforce a strict password change policy on all users (including all administrator accounts) on a regular basis, for example every sixty days. Make sure password complexity is required, which will make users opt for passwords that contain at least one punctuation character, one number, one capital letter, and a minimum of eight characters in total.
Apograph are an Information Technology consultancy who can provide your business with a security check and advise you on how to achieve best security practice to help prevent infection from any form of malware. If you wish to speak to an advisor, please call us today on 01858 455426 or email firstname.lastname@example.org.