Only six years after the first personal computer was introduced in 1975, the world was introduced to the very first computer virus: Elk Cloner. It was written to infect the Apple LLC’s operating system, known then as Apple DOS 3.3. Once the virus was triggered, it displayed a poem explaining how Elk Cloner was copying itself all through the victim’s machine and that it may be no easy task to reverse its effects.
It did not take long, however, for people to start pushing the limits past simple pranks and start making malicious software designed as actual attacks against their victims. In the early 1990s, for example, malware authors were learning the art of evasion. They understood that they could now benefit from hiding malware inside documents instead of just supplying their victims with more obvious standalone executables. By the mid-2000s, more than a million known computer worms were circulating around the Internet. Email spam was also becoming big business as malware authors stood to make serious cash by blasting out unsolicited email, “spam,” and getting just a percentage of users to buy their goods or click on links. And by 2010, Stuxnet was introduced to the masses followed by spin-offs that included Duqu, Flame and the Regin Trojan. The point is that malware has evolved from attacking individual users to gaining entry to tens of thousands of people’s banking information.
While technology and personal habits mature with each new cyber attack, the threats lurking around the corner do the same at a seemingly uneven pace. Because we can’t predict exactly what’s ahead, Fred Touchette, senior security analyst at AppRiver, has identified tips and best practices to prepare for ever-changing and always evolving malware threats.
Preparing for Malware Threats
Click through for seven tips and best practices to help prepare your organization for the ever-changing and always evolving malware threat, as identified by Fred Touchette, senior security analyst at AppRiver.
Don’t Get Comfortable
It is important for both IT teams and end users to never become complacent with regards to computer-based attacks. It is unlikely that these attacks will go away — instead they will continue to evolve and search for the path of least resistance to get to what they want. Organizations and individual users should stay current on the latest threats by visiting security forums and ensure they have the latest patches applied to their systems.
Knowledge Is Power
Whether you’re a massive organization or a small business, one security feature that’s often free and underutilized is an ongoing employee education program. Human beings are the weakest link in the security chain and should therefore be given a great deal of attention as to how they can protect themselves.
Get Layered Protection
AppRiver’s Q2 Global Security Report showed that over 81 percent of emails filtered between April and June 2015 contained spam and/or malware. However, malware isn’t just coming through email anymore. With malvertising campaigns against the likes of the Huffington Post and Yahoo, among many others, downloading a virus can be as easy as clicking on the wrong ad while getting a daily dosage of Hollywood gossip. Adding layered protection, like spam and virus filtering, Web protection, and email encryption will help you and your organization block malware from all angles.
Do not open attachments from unknown people or attachments that appear suspicious. This is a very, very common method for attackers to use – delivering malware straight to your inbox, which is both convenient and highly effective. Do not click on an unsolicited link or open an attachment unless you know it is reputable.
Only Use Trusted Sites
There are roughly 252 million registered domains and a large portion of those domains are malicious. Some are quite obvious while other, legitimate sites can be compromised and host malware within their pages. Stick to the well-known, established sites to increase the odds of staying safe online.
Have a Reliable Backup Strategy
Cryptolocker and its spinoffs, CryptoWall and CryptoDefense, made their first appearances around September 2013. This family of malware also known as ransomware had been around since the late 80s, but most of them didn’t create such a panic as Cryptolocker since most were easily subverted. Cryptolocker, however, employed strong encryption to scramble nearly every file on its targets, making them impossible to recover without the unique, private key used to encrypt them. Even if the Cryptolocker infection were successfully removed, the files would remain encrypted and unusable. This instantly made many of its victims aware of the importance of a reliable backup strategy.
Review Financial Accounts Regularly
Review financial accounts regularly for suspicious activity. Sometimes a victim won’t realize they have been attacked. By monitoring accounts on a regular basis, you raise your chances of catching an attack before it causes too much damage. Catching breaches early helps stop the attack, recuperate damages, and possibly even catch the attacker.