Malware Defense - UNPLUG

What is “malware”? “Mal” is the Latin root word for bad or evil, while (in this instance) “ware” is short for software – so malware is bad or evil software. Viruses, trojans, keystroke loggers, packet sniffers … and of course the most evil of all, ransomware. An effective defense involves three steps:

1. Prevention
   
   
2. Detection
   
   
3. Response

Let's take a look at these steps.

(1) Prevention

Ideally, you don’t want to get malware on your computer or mobile device in the first place! Recognize the most common ways in which malware is delivered:

• Email attachments or links
  
  
• Malvertising (yes, cyber criminals pay for Google ads)
  
  
• Fake news stories/videos
  
  
• Infected games and other apps

Basic prevention includes simple good habits:

• Think before you click! (Why is my boss sending a business email to my personal account? Why is Amazon sending a shipment notification to my business email? Do I know this person? Am I expecting this email? Do I really need to watch this video?)
  
  
• Develop your natural skepticism! One of the most common ways of delivering ransomware is via resume sent by email. Clever, really, because isn’t that the one time you would open an attachment from a complete stranger? If you get an email from someone who says his Aunt Sue lives near your mom and your mom said your company was hiring, stop. Pick up the phone and call your mom (you’re probably overdue for a visit anyway) and ask her if she has a neighbor named Sue? And did she tell Sue to have her nephew email his resume to you? Mom will probably say “huh?”
  
  
• Refer to original sources of information. If you get an email or text from your bank wanting you to login, don’t click that link! Open your web browser and go to your bookmark or favorite site for logging in. If you try to watch a video and a box pops up wanting you to upgrade Adobe Flash, first ask yourself if you really need to watch this video. If yes, open a new browser window, go to adobe.com and download the upgrade from there, not from the popup box in the video.
  
  
• Work as a standard (not admin) user whenever possible. (We talked about this last month, remember?)
  
  
• Download games and apps only from official app stores. Check the developer's reputation.

(2) Detection

Despite our best efforts, sometimes it happens anyway. You’ve accidentally installed malware on your computer. How do you know? Common signs include:

• A box that pops up and quickly disappears, before you can read what it says. This is probably an installation script starting and quickly switching to background mode.
  
  
• Inexplicable noise. If your computer starts to talk to you, or you hear music playing that doesn't match what you are currently doing, there may be websites opened in the background, for various nefarious purposes.
  
  
• Inexplicable slowness. If your computer was fine this morning, but after lunch it seemed to get slower and slower even though you aren’t doing anything special, and no one else in the office is having the same problem, you probably have malware working hard in the background.
  
  
• An attachment or link that won’t open. If you click on something 3-4 times and nothing happens, beware – something happened! Just not what you expected.

(3) Response

Okay, it looks like you may have malware. What do you do?

(1) The first thing you want to do is isolate the possible infection:

• If you have a wired connection, unplug the ethernet cable from your computer or the wall.
  
  
• If you are on wifi, kill the wifi connection however you can. If you have control of the wireless router, unplug it.

Why? Two reasons: (1) You want to prevent the infection from spreading to other computers on the network. Most ransomware infections on a server came from an infected PC on the network. (2) Often the first malware installed is just snooping -- looking for unpatched software, how many computers are on the network, what kind of data, etc. and then contacts a server on the Internet to download and install the really bad stuff. If you disconnect from the Internet before the second stage installation happens, it’s usually much easier to clean up the original infection.

• Last resort, if you can’t physically disconnect or can’t kill the wifi connection (some malware actually prevents this), unplug the power cable. On a laptop, pull out the battery.

Why is this your last resort? It's best to keep the computer alive if possible -- though NOT connected to other computers nor the Internet. Diagnosing the problem and cleaning it up may be easier if the computer hasn't been rebooted. But if you can't kill the wifi connection or find the ethernet cable, shut it down however you can.

(2) The second thing you want to do is take a picture of your screen, so tech support knows what it’s dealing with.

(3) The third thing you do is Call for Help! Don’t take the time to send an email from that infected computer before unplugging. UNPLUG IMMEDIATELY and then send the photo of your screen to tech support from your phone.

Have I thrown enough at your for one day? :) I think maybe next week we’ll take a closer look at some of the different types of malware and what they do. Anyone interested?

This Week's Good Reads 7 Insights About Managing Cyber Risk You Can’t Afford To Miss Technical Approaches to Uncovering and Remediating Malicious Activity 94% of organizations experienced at least one business-impacting cyberattack in the past year How Can Security Keep Up with Multicloud Environments

Security Awareness Training Goes Virtual

Thanks to COVID-19, lots of things are going virtual, and that includes my employee Security Awareness Training. I've set up a small studio in our conference room (nobody there but me) so I can provide live training (almost) just like before! You can see me wave my hands and make faces while a wall of fascinating facts and practical tips slideshow across your screens, wherever you and your employees may be.

Contact me to schedule your employee training sessions. They're fun! ☺

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab of our new website.

Talk to you again soon!

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!