Search

Malware - The Uninvited Guest

Today, the biggest threat to business IT systems and data is malware; malicious software used to disrupt or shutdown computers, steal sensitive information or gain access or control of corporate networks.


Increasingly, we are being called in to help businesses that have been compromised by the inadvertent launching of hidden malware attached to innocent-looking emails.  When this type of attack first appeared in our mailboxes it was easy to spot the emails were fake, but these days the scams are much more sophisticated and the host emails hard to differentiate from the real thing.  


That is why 52% of Australian businesses that reported experiencing a cyber attack fell to an email or phishing scam – significantly higher than the second-most-common form of cyber attack: hacking attempts, which represented just 35%, according to the latest Norton SMB Cybersecurity Survey.


While business IT systems detect and stop the majority of malware, some still make it past the security system and into the network, where they sit in an employee's mailbox like a ticking time bomb.  All it takes is a distracted or uneducated user to activate the malware by clicking on an embedded link or attachment and all hell can break loose.


What's the impact?  Depending on the purpose of the malware it could create a hole in your security perimeter and download additional malware.  If it is ransomware, it could encrypt everything that the compromised user has access to on the network. When ransomware is activated a message is displayed on the screen along the lines of "Pay up and we will give you the decryption key and access to your network".  (We had one case where a user with administrator-level access activated malware which encrypted the entire network.)  

What should businesses do to minimise the risk from malware?


Antivirus software:

  • Ensure it is installed and regularly updated (new AV products match behaviour!) 

  • Use different antivirus products on servers and user computers

  • Configure antivirus software to scan content that has already entered the business i.e. users’ mailboxes


Backups:

  • Make sure a robust backup solution is in place

  • Regularly test the backup: the easiest recovery from ransomware is restoring from the last-known good backup


User access rights:

  • Don't give users admin rights unless it's absolutely necessary


If you have any questions or need any assistance with IT security feel free to call us or send an email.