For some time on you may have heard that you need to protect against malware attacks especially if you run an organization. Sensitive data and documents need extra protection otherwise any compromise could cost your business dearly. Let’s look at some types of malicious programs and several best practices to protect against malware attacks.
Common Types of Malware Attacks
1.
Ransomware is a malicious software that locks computers and systems by encrypting their content until ransom is paid while giving no guarantees to decrypt the system. Example of ransomware: Ryuk
2.
Trojans are applications manipulated by the users, disguised as desirable code. an example is Emotet
3.
Mobile Malware is malicious code implanted in mobile devices. There are many types, some are spyware, adware, drive-by downloads. Malicious code was spread in some infamous malware mobile campaigns such as: “Agent Smith” or “XcodeGhost” in 2019 and 2015 respectively.
4.
Bots are the origin of denial of service and distributed denial of service rendering the websites not available, like Echobot.
5.
Rootkits are malicious code which changes the operating system allowing attackers to gain control of a victim’s device, such as Cloaker.
6.
Worms replicate themselves through a network without users’ interaction, such as Stuxnet.
7.
Fileless Malware is a sneaky malware that makes changes in native operating system files in computer memory while deceiving the computer and information systems that they are valid files. Example: Duqu, Gootkit
8.
Keyloggers, or the malicious software (or hardware) installed to record each character you type on your device, such as Spyrix.
9.
Adware can infect computers using web browser extensions, application add-ons, plugins through advertisements. Fireball infected over 250 million computers worldwide as an adware.
10.
Wiper malicious code erases data which cannot be ever recovered. An example is WhisperGate
11.
A spyware is a malware which intrudes the systems and collects data without authorization. FinSpy, Pegasus and DarkHotel are infamous examples.
To avoid compromise and breaches of your systems, you’ll come to read, understand, and apply the following simple ideas from the main groups listed below.
1. Protection for your email, internet, application accounts
Phishing emails / Downloads / passwords / MFA / use non-admin accounts for general web surfing / Advertising / Websites
Get more info on how to detect a phishing email and do not open any attachments unless you are sure about their source. Moreover, do not download any software off the internet from sites you are not familiar with. Even from well known websites, you will have to check the software – using a hash algorithm – or ask an iQWeb specialist <link> to download it for you.
Get knowledge about creating strong passwords which contain various characters 15 or more while different for each account. Resort to password managers applications. If you have accounts with higher permissions, use those only for the specific work. For instance, if you have a manager’s account to access sensitive files, log out and log back in with an account with lower permissions to browse the web to do specific work-related research. Add MFA – Multi Factor Authentication when logging in to accounts holding confidential data or documents preferably using an authenticator
2. Protection for your devices, networks, systems accounts
Firewall/ Antivirus / Network security / Mobile security / Backups / monitor accounts regularly / update & patch the software / disable unnecessary processes/ vulnerability assessments / keep yourself updated and educate others.
This large group of devices, specific security applications are usually completed by the IT system specialists. Some tasks are so detailed – disable unnecessary processes or conducting regular vulnerability assessments – that require knowledge and experienced IT security specialists. Other tasks however, require users to get instructions to update their systems and applications on mobile, on desktops, PCs or laptops. Antivirus, protecting your computer from viruses, their installations and upgrades become more common for the average user. As well, users are encouraged to clean up their devices and keep only applications strictly necessary to run daily operations. For example, if on your personal mobile you had an app which helped you attend the gym, but you are not using it any longer, remove it. And keep separate your general WI-FI network from the work WI-FI providing segmentation and a separate access.
Given basic knowledge and the support of qualified specialists who install anti-malware to protect your systems, your organization achieves the important step to prevent malicious systems from attacking your networks, devices, and data.