The online security war between hackers and and anti-malware developers has moved on to keep pace with the development of new technologies. As new malware is detected and blocked, the hackers invent new malware and are expanding into new distribution vectors.
Online Security is not only anti-malware applications and devices. It is an attitude of mind and awareness in users. Alert and knowledgeable users are an essential component of an online security environment.
Phishing is far and away the most common method of malware distribution. It is a scatter-gun approach where a hacker takes a mailing list and sends an email containing a tainted link to the usually thousands of addresses on it, hoping that a small percentage will fall for the attempt and activate the malware. The email usually seems to come from a reputable source.
An unsuspecting user clicks on the link and is taken to a site where malware is downloaded to the PC. The download can be automatic, and without the user being aware of it.
When the download is complete, the malware is automatically installed and activated. If the PC is networked, it can then automatically propagate itself to all computers on the same network. The type of malware will vary, perhaps a keylogger to record and return user names and passwords, perhaps a tool to upload documents.
A more recent and dangerous malware variant is ransomware. The user’s systems and data are encrypted, making them inaccessible to the user. The hacker then demands a ransom payment before (or not) providing a decryption key.
A variant of the scatter-gun is the targeted phishing attack. In this variant, the hacker targets a specific organisation to steal financial or industrial espionage information. Specific individuals in the organisation are sent carefully tailored emails asked them to provide login information or to allow malware to be downloaded to their PC.
The intention is to be able to directly attack the organisations systems by logging in and stealing information. Financial services companies or e-commerce companies holding customer credit card or banking information are particular targets of this type of phishing attack.
This type of attack is also used in industrial espionage to gain access to secure databases and emails with the intention to steal confidential company information.
The most effective means of stopping phishing attacks is user education. In a corporate environment, many phishing exploits can be blocked by systems level anti-malware defences, but some will inevitably slip through.
When someone joins an organisation, part of their orientation process must include education about phishing and that they must not click on embedded links in emails, even if they seemingly come from reputable sources.
Other advice to users is to treat login information in the same way as they guard their bank ATM card PIN number. Don’t give it out to anyone, even if they say they are from IT, wanting to “update their software”.
On the technical side, keep anti-malware software up to date in both the application itself and the signature files it uses to recognise malware. Some organisations supply lists of dodgy websites which some anti‑malware applications can use to filter and prevent user access.
Another vector for introducing malware is where users bring devices from home, usually flash drives nowadays, but also portable hard-drives and DVD disks. Domestic systems tend to have more lax security procedures and it is common for malware to find it’s way onto removable media.
Commercial organisations should, as far as is possible, switch off USB ports and optical drives to prevent users attaching removable media and DVD disks. If that isn’t possible, then the PC must be configured to block access to the device until it has been scanned.
Disabling USB ports will also act against data theft where sensitive or confidential data could be taken from company systems on removable media.
While phishing is the usual method of transmission, followed by infection from unscanned portable devices, there are other less common methods. One such is a version of steganography. In this variant, malware is hidden in an image. Displaying the image activates it, again without the user being aware.
A less exotic version is embedding malware in email attachments. Often, organisations block email with specific types of attachment, for example system or executable files. Savvy users, and hackers have got around this restriction by embedding the forbidden attachment in another attachment, for example a document or compressed file. A user receives an email from a seemingly respectable source and opens the attachment, thereby activating the malware.
The best defences are again user awareness and up to date anti-malware software at the systems level and on the user PC.
Complete security against malware is not possible, as is blocking all entry vectors. User education will go a long way to reducing it’s incidence.