Digital Journal: Where do most malware attacks originate from?
Douglas Crawford: Malware attacks as part of state sponsored cyberwarfare, politically motivated cyberterrorism, or business-related corporate espionage are a growing threat. The vast majority of malware attacks, however, are performed by cyber-criminals.And if the term “cyber-criminal” sounds glamorous or high-tech, think again. The dark web is littered with websites that sell off-the-peg viruses which can be deployed by small-scale criminals with minimal technological know-how. This low bar has had the unfortunate effect of democratizing criminal hacking. And when combined with a huge proliferation of Internet-capable devices in the world, all of which make for potential targets, the gains from engaging in this activity are huge while the chances of getting caught are low.
DJ: Who is developing the viruses?
Crawford: Malware development itself was traditionally the preserve of spotty teenagers more interested in geeky kudos than profits, but this has changed. Professional malware developers do not even have to commit a criminal offense themselves (and thus risk facing legal consequences) to profit from their craft. They need just need to sell their “product,” risk-free, to criminals on the dark web.It is worth noting that malware does not need to be particularly sophisticated to be profitable to criminals. Infecting machines with malware is a numbers game, and if even a very basic malware program is distributed widely enough it will always find vulnerable systems using old unpatched software, no or poorly implemented anti-malware software, etc., that it can infect. An interesting new development, however, is the appearance in civilian criminal hands of sophisticated malware tools that were developed by governments for cyber-warfare purposes. The WannaCry ransomware, for example, which infected some 213,000 Windows computers in 150 counties worldwide, was spread using an exploit developed by the United States’ NSA. The Petya virus that swamped Ukrainian computers 2017 was spread using the same NSA-developed exploit.
DJ: What are the risks from malware attacks?
Crawford: Malware attacks are reaching epidemic proportions and are a major threat to both businesses and individual Internet users. Indeed, the scale of the problem is so large that it is almost impossible to quantify. Recent reports, however, show an 18.4% year-on-year increase in the number of malware attacks, taking the total so far in 2018 to an estimated 9.32 billion.In terms of how serious it can be to become infected by malware… well, it can range from humorous messages being scrawled on your desktop to a criminal hacker having total control of your system with access to all your files and data. Alternatively, keylogger malware can hoover up your passwords and banking details as you type them, and then send that data off to a hacker. Ransomware, on the other hand, will lock you out of your own system until you pay a usually hefty fee. So malware attacks can be very serious indeed.
DJ: Attacks in the Ukraine are making headlines. Where are these coming from?b]Crawford: Ukraine has accused Russia of a carrying out a sophisticated cyberattack on the country’s infrastructure. The network equipment of one its major water filtration plants was infected by the VPNFilter virus, and with a highly hostile ongoing political climate between the two countries, it is little surprise that the finger is being pointed at Russia. This view is supported by Cisco Talos researchers, who believe the sophistication of the VPNFilter malware strongly suggests that it was state-sponsored. It was Talos who discovered VPNFilter in May this year when it found that the malware had infected some 500,000 thousand routers in at least 54 counties. Once a router has been infected by VPNFilter, an attacker can steal website login credentials and monitor communications between networked devices. VPNFilter can also be used to attack an infected router, making it unusable, and therefore preventing users and attached systems from accessing the internet. Russia’s territorial ambitions on neighboring Ukraine have led to a very tense political stand-off in recent years, which occasionally turns violent. Ukraine became independent in 1991 after the dissolution of the Soviet Union, but this act of “betrayal” has never been accepted by Russian nationalist hardliners. Russian hostility to Ukraine only increased when it applied to join NATO in 2008, and Vladimir Putin has advanced a policy of isolating Ukraine politically and militarily. Ongoing paramilitary operations against the Ukraine government by Ukrainians loyal to Russia are widely believed to be sponsored by the Russian government. In June 2017, Ukraine was rocked by a series of powerful malware-based cyberattacks that overwhelmed large numbers of websites, including banks, ministries, newspapers and electricity firms. The malware, named Petya, was ransomware. Ukraine was not the only country affected by Petya, but with 80% of all infections occurring in Ukraine, suspicions were strong that it had been deliberately targeted by Russia.
DJ: What can companies best do to protect themselves from such attacks?
Crawford: Technical security measures, such as deploying strong two-way firewalls, performing regular anti-malware scans, and keeping all software up-to-date with the latest security patches, should be every business’ first line of defense.Businesses should also seriously consider deploying two-factor authentication (2FA) for logging in to corporate systems and accessing sensitive files. In addition to a simple username and password, 2FA requires a physical token such as a YubiKey or valid iris scan signature which only genuine authorized employees possess. This greatly reduces the chances that a hacker can access a system even if that system has already been compromised in some way by malware. Any company worth its salt should regularly be backing its data religiously, but it should also do this to a remote location that will not be affected if its local servers become infected by ransomware. Doing so ensures there is will always be a backup copy of its precious data, which could save the company a fortune trying to save vital business data by paying ransomware demands.
DJ: What can employees do to reduce attacks?
Crawford: When it comes to security, the biggest point of failure is always us fallible humans. By their very nature, people make mistakes and do illogical things. We have, for example, all been warned about phishing scams for years now. Yet the annual worldwide impact of phishing could be as high as $5 billion.The best way for companies to mitigate the part human error plays in spreading malware is to run security awareness courses to alert staff of the dangers and remind them to practice basic digital security hygiene. And such courses should be run regularly. Seductive though the idea might sound in theory, businesses should also resist the notion of allowing BYO devices. Permitting staff to connect to sensitive office LAN networks using un-vetted devices packed with software and files from who knows where, is just plain crazy.
DJ: Do you think the public are sufficiently aware about attack risks?
Crawford: Yes and no. Stories of malware attacks make the headlines on an almost daily basis. Another day, another million customer account details are hacked and leaked online from somewhere. Yawn.Yes, people are aware that malware is a threat, but the sheer omnipresence of this threat can mean it easily becomes a background drumbeat. This often leads to dangerous complacency, as it is very hard to maintain a constant state of alert about such an ongoing issue.
DJ: How about consumers, what can they do in terms of cyber protection?
Crawford: The steps consumers can take to protect themselves from malware attacks are very similar to those businesses should take. Use a good antimalware program and keep it up to date. Ensure all software is up to date. Secure email, bank, and other sensitive accounts with two-factor authentication (most consumer-level 2FA uses authentication via SMS or smartphone app).
Source : http://www.digitaljournal.com/business/surveying-international-malware-threats-q-a/article/527866