Hello! If you are new to this series please start with Day 1. To all that are caught up welcome back. Today we will spend 5 minutes learning about stopping your business’s workstations from running malware (malicious software). This can happen many ways but usually involves an employee opening an attachment in an email, visiting a malicious link, downloading ‘free’ software or using an infected thumb-drive. Ultimately, regardless of how it got on the computer the outcome is the same… a bad day. If you suspect a breach, you might consider a Breach Impact Assessment.
When malware does take root on one of your computers it will have one or more objectives from the following list:
- ‘beacon’ / ‘backdoor’ – this type of malware provides attackers direct access and in many cases total control over your computer. They can see everything that goes on in it and download or modify any data they wish. This can be a first stage for other objectives below.
- ransomware – this type seeks to lock you out of this or all your computers and demands you pay the attacker to get your data and access back. Learn to prevent ransomeware.
- zombie or miner – this type will often connect your computer to a network of other hacked computers which now act as free computing resources for a whole host of illegal activities. If you are infected with zombie malware your computer can be used to launch attacks against others which might land you in legal hot water (at least until you can clear things up).
- adware – this one is somewhat benign and seeks to show you ads by which the attacker is paid by an ad-network service.
- other – the human mind has nearly endless creativity for good and evil so plenty of other objectives are possible but the big ones are listed above.
To help stop the malware from running an endpoint protection agent should be deployed. There are free AV programs but the good/modern ones cost money, often in the ball park of $10 / user / month but your mileage will vary greatly on your size and needs. Make sure your AV software bills itself as a NGAV (Next Generation Anti Virus) product. For specific recommendations please reach out to me I’ll point you in the right direction. Happy Hunting!
P.S. NGAV is no magic bullet but it might just save you from a really bad day/week/month.
CTO / Principal Engineer