June 15, 2021

Good morning, everyone!

This week’s critical vulnerabilities: Microsoft’s Patch Tuesday for June revealed 51 vulnerabilities. Make sure your automatic updates were installed. (You did configure auto-update on all your devices and applications, right?) Adobe released patches for most everything ... again Google has updated Chrome again, fixing serious security flaws. Get in the habit of closing Chrome out completely and restarting it at least once each day, to be sure you are getting the automatic updates. Threat actors are actively scanning for unpatched versions of VMware vCenter Server and Vmware Cloud Foundation software. VMware released fixes for the critical remote code execution vulnerability in late May, but many systems remain unpatched. Make sure this isn’t your system. Patch All the Things!

Detecting & Responding to a malware infection

Last week we talked a lot about ransomware, and I identified my PDR matrix:

1. Prevent: Patch all the things, think before you click
2. Detect
3. Respond

I talk about Prevention a lot! So today, let’s talk about Detection. This is important, because the faster you detect a potential malware infection and react, the better your chances of a quick recovery. But first, one more thing on Prevention : NIST has released its preliminary draft of publication IR-8374 “Cybersecurity Framework Profile for Ransomware Risk Management” and it’s chock full of good info. If you just follow the preventative recommendations in the first two pages, you’ll be in good shape to prevent an attack. Okay, now, on to Detection!

Detection

Box that pops up and quickly goes away If you open an email attachment, or click on a link, and notice a smallish box, probably black background with some white lettering, that pops up and immediately disappears, Take Note! That usually means an application has started running in the background. If you aren’t expecting that, it’s a strong indicator of malware being installed.

Inexplicable noise If you are working on a spreadsheet, for example, and suddenly your computer starts talking or playing music, it probably means there are websites being accessed in the background. Many of the locker-type ransomware applications (they don’t encrypt your data, just lock up your PC) have very loud, strident verbal warnings about your computer being locked and demanding ransom payment to unlock it. These messages are designed to make you panic and respond to their demands.

Inexplicable slowness If your computer was working fine yesterday, or this morning, but you have noticed it’s getting slower and slower and slower, that’s another sign of malware. Whether it's ransomware busily encrypting your data, or other types of malware using up available memory, your computer is too busy to do your work.

Attachments that won’t open, or links that seem to be dead If you try to open an email attachment but it doesn’t work, don’t keep trying over and over – or worse yet, send it to someone else in the office to open it for you. If you can’t open it, either (1) it’s actually malware or (2) it was corrupted in transmission. Pick up the phone, call the person who sent it to you, and ask them to resend. If they reply that they didn’t send that to you, it’s malware.

What is your response?

UNPLUG! If you suspect you may have just installed malware on your computer, your first response should be to disconnect that device from the network and/or the Internet. Pull the ethernet cable (it looks like a fat telephone cable) from the back of the PC or from the wall. On a laptop or mobile device, turn off the wireless. If it won’t turn off, and you have control of the wireless router, go unplug it. You want to isolate the potentially-infected device as soon as possible, to reduce the possible spread of malware to other devices on the network. You want to interrupt the communication between the malware on your device and its command server on the Internet.

If you can’t disconnect the device from the Internet for some reason, you can power it off, but this is your last resort. Many types of malware are only installed when a device is booted up, so it’s easier to clean it off before it gets installed. But If you shut down the device, and then your IT person turns it on to check it out, you’re installing the malware right then.

Don't forget, though -- Prevention is the first step! You really don't want to get any kind of malware infection, especially not ransomware! But sometimes things happen, so you want to recognize the signs of potential infection and act as quickly as possible to minimize the damage.

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Talk to you again soon!

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

Security Awareness Training Goes Live Again!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Thankfully, live training is making a comeback! So wherever you and your employees may be, I can deliver a fun and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺