A big Thank you to Professor Andrew Jones from Hertfordshire University for his regular thoughts on Cyber Fraud issues and how to protect yourself. I know of Local companies who have lost several hundred thousand pounds in lost production, due to hacking and not following this advice.
Please read it, and if you have any queries, please ask them on the site so other members can seethe Q and A trail.
Malicious Software and how to protect yourselves from it
What is Malicious Software?
Malicious Software, also known as malware is any software that is designed to intentionally cause damage to a computer, server, or computer network. It comes in many forms including computer viruses, worms, Trojan horses, ransomware, spyware, adware, and scareware, among others.
Malware, in its various forms, may encrypt or corrupt files and erase data, steal passwords or data, log keystrokes, track browsing habits to spam the email contacts of the user, deplete the system resources, or install a backdoor to take over control of the computer.
A computer virus, much like a virus in the natural world, is designed to spread from host to host and has the ability to replicate itself. Once a virus has successfully attached itself to a program, file, or document, it may lie dormant until circumstances cause the computer or device to execute its code. In order for a virus to infect your computer, the infected program has to be run causing the virus code to be executed. Once the virus has infected one computer, it can then go on to infect other computers on the same network. Viruses can be spread through a wide range of mechanisms such as email and text message attachments, Internet file downloads and social media scam links. Viruses can be disguised as attachments of socially shareable content such as funny images, greeting cards, or audio and video files. Over the last few years there has been a noticeable shift from people writing malware (and viruses in particular) to impress their peers or ‘for a laugh’ to producing it for hire and to make money.
A computer worm is a type of malware that spreads copies of itself from computer to computer and can replicate itself without any human interaction. Unlike the virus it does not need to attach itself to a software program or file in order to cause damage. Worms can be transmitted via software vulnerabilities or arrive as attachments in spam emails or instant messages (IMs). Once opened, these files could provide a link to a malicious website or automatically download the computer worm. The most famous worm to date is Stuxnet which initially attacked the nuclear facilities in Iran.
A Trojan horse (also known as a Trojan) is a type of malware that is normally disguised as a piece of legitimate software. Trojans are often used by cyber-thieves and hackers to try to gain access to a users’ system. Users are typically tricked by some form of social engineering into loading and executing the Trojan on their systems.
Spyware, as its name suggests, is software that’s designed to gather data from a computer or other device and forward it to a third party without the consent or knowledge of the user. Spyware normally gets onto a computer by attaching itself to another program that the user intentionally downloads and installs but it may also get onto a computer through all the other avenues that other malware takes, such as when the user visits a compromised website or opens a malicious attachment in an email.
Ransomware is a type of malware that prevents or limits access to a system or network by encrypting files on the system. When a system is infected with ransomware, either the screen itself or the files on the system get locked. The affected person or organization would then have to pay a ransom to get the files decrypted. There are two main types of ransomware; crypto ransomware and locker ransomware. The crypto ransomware encrypts the resources, such as the files, folders or hard drives, the locker ransomware locks the users out of their systems or devices and deny access to the system/device itself. This is becoming one of the most prevalent forms of malware infection. Last year there were a number of significant ransomware attacks that badly affected Hospitals in the UK and elsewhere.
There are a number of actions that you can take to reduce the risk of infection by malware. These include:
- Use all necessary computer security software including anti-malware and do virus scans at regular intervals. A good anti-malware product should include anti-phishing technology as well as giving protection against viruses, spyware, ransomware, and other online threats.
- Create a backup of all important files. Regularly update the backup. If your anti-malware recognises a piece of malicious software, it will not allow it to run and will either automatically delete it or quarantine it and ask the user what action to take next.
- Educate your users to be aware when surfing the web, downloading files, and opening links or attachments. Teach them to never download text or email attachments from people they don’t know or that they are not expecting, or download files from untrusted websites.
- Ensure that all software, programs and applications are regularly updated.
- Get the users to report any unusual activity such as running out of hard disk space, the computer running slowly or new files appearing.
What do you do if you have been infected by malware?
If you are certain that you have been infected with malware, the safest and best course of action is to wipe the media with a disk wiping tool, re-install the operating system and applications and copy your data from a backup (having checked that the backup is not infected).
If you suspect that any of your devices are infected with a computer worm, run a malware scan immediately. Even if the scan comes up negative, continue to be proactive by following these steps. It is worth bearing in mind that no anti-malware product is 100% effective, so if you are still suspicious, use a second product.
The actions that you take will depend on the type of malware that you have been infected with but should include:
- Step 1: Disconnect the computer from the Network.
- Step 2: Enter Safe Mode. Do this by turning your computer off and on again. Then, as soon as you see anything on the screen, press the F8 button repeatedly. This will normally bring up the Advanced Boot Options menu. From there, choose Safe Mode and press Enter.
- Step 3: Delete Temporary Files. While you are in Safe Mode, you should delete your Temporary Files using the Disk Cleanup tool. To do this:
- Go to the Start menu;
- All Programs (or just Programs);
- Accessories -System Tools or Windows Administrative Tools (depending on the version)-Disk Cleanup;
- Scroll through the Files To Delete list, and choose Temporary Files.
Deleting these files could remove malware if it was programmed to start when your computer boots up.
- Step 4: Download and run a Virus Scanner. If you have been infected by malware, it means that any anti-malware that you are running did not intercept it you should download (on a different computer) and then transfer it to the computer in question and install (or run):
- A real-time scanner, such as AVG AntiVirus free or Avast Free Antivirus, which scan for malware in the background while you’re using your computer;
- An on-demand operating system scanner, like Microsoft Safety Scanner, but this needs to be run manually each time you want to scan.
It may be necessary to use both types of scanner to remove the malware. Depending on the type of anti-malware that you have installed, it may be necessary to reconnect to the internet and download an additional product.
It may be necessary to remove a virus manually. You should only attempt this if you are experienced at using the Windows Registry and know how to view and delete system and program files.
Once you have removed the malware, you will need to recover (from your backups) or reinstall any damaged files or software.
Carry out a post incident analysis to understand what has happened and to review and improve your defenses.
Apple Mac computers – avoiding and getting rid of malware on an Apple Mac
Many users of Mac computers think they can’t get viruses or malware. This isn’t true, however, the number of viruses and malware targeting Mac computers is lower than for Windows PCs. Some well-known examples of malware for Mac computers include MacDefender, MacProtector and MacSecurity. These may all appear to be antivirus products but they are all malicious and have been designed to fool Mac users into handing over their credit card or Apple ID account details.
To prevent malware infections, make sure all your software and apps are up to date and that you’ve installed the latest OS fixes and updates directly from Apple.
If you think malware has been installed on your Apple Mac, for example, you’re seeing pop-up messages asking for your Apple ID or credit card details, then quit the app / software you think might be infected, launch your Activity Monitor and locate the app in question, or search for the malware named above. When you’ve identified the malware, click the Quit Process button and quit the Activity Monitor. Then go into your Applications folder and drag the unwanted software into the Trash, then empty the Trash.
As with a PC, it is a good idea to add protection. You should only download products from the Apple App store, as these have been tested to ensure that they are not malicious.