CryptoLocker ransoms corporate victims. Zeus botnet steals bank information. ZeroAccess botnet triggers bitcoin mining and click fraud. While scien
ce fiction-sounding in name, these digital Trojan horses are merciless and real, attacking thirty percent of small businesses—that’s 1 in 5 receiving at least one spear-phishing email annually—according to the Symantec Threat Report for 2014.
Cybercrime even reache
d a 3Points client this year, bringing a worldwide epidemic close to home. Infected with CryptoLocker, the company was ransomed for access to locked files. To add urgency, the cybercriminals threatened doubling their ransom if not paid within 48 hours. Happy ending: Good backups save the day. 3Points removed the infected machine and restored the data.
So, what methods do cybercriminals favor most? How and why do viruses penetrate firewalls and antivirus barriers? How can businesses limit risks and increase email safety? Discover five steps to safer email in this brave new digital world …
First, Who Are They?
Cybercriminals are getting smarter, their tentacles are reaching farther, and they don’t care who you are or what you do. They look for easy ways to make money. Sometimes, the bots—a robot-like software application that repeatedly spreads malware over the Internet—are computer-generated in the form of spam. In other instances, digital sweatshops in places like Russia and Eastern Europe engage junior gang members to launch millions of attacks and gather intelligence on targeted businesses (MailOnline, 2013).
“Know thy enemies” was a strategy conceived by Sun Tzu, a Chinese military general back around 500 BC. The predators he battled are not so different than cybercriminals who pillage the pocketbooks of corporate prey. Let’s start with the most common malware threats out there for small business: CryptoLocker, Zeus Botnet and ZeroAccess.
CryptoLocker encrypts and locks personal files, ransoming them for a price ranging from hundreds to thousands of dollars (Krebs on Security, 2014) paid in the form of bitcoins to a decryption service operated by cybercriminals. Most vulnerable files include Microsoft Office documents, photos and MP3 files.
Zeus Botnet is the granddaddy of different malware strains that steal online banking information through legitimate-looking emails. One variant is called
Gameover Zeus, which creates thousands of domain names, registers them and then lies in wait until the domains are accessed, infecting unsuspecting users. To give you an idea of the virus’ insidious spread, researchers at Arbor Networks identified 127 victims on July 14 of this year, 429 by July 21, and 8,494 on July 25. The most infected country was the United States (PC World, 2014).
Rounding out the trio, ZeroAccess affects Microsoft Windows operating systems in either bitcoin mining or click fraud. The latter may be disguised as advertisements. ZeroAccess controls approximately 1.9 million computers (Symantec, 2014).
5 Steps to Protecting Your Business from Cybercrime
1) Keep antivirus/spam filtering subscriptions up to date. Track updates (yes, write them down and know where you put the list) and make sure the latest versions of antivirus software are installed on your system. Hacking is the primary cause of breaches so shoring up your defenses is key (Symantec, 2014).
2) Eliminate Windows XP and other unsupported hardware and software. Using outdated, unsupported technology like Windows XP or unpatched third party applications is like leaving every door of your house wide open. Infections target the most vulnerable users. Microsoft stopped supporting Windows XP on April 8th of this year so the problems will only get worse. A better alternative is to upgrade your Microsoft Operating System as well as any third party solution. The end goal? Avoid out-of-date architecture.
3) Entry points and passwords. A brute-force attack (one in which the perpetrator is guessing every possible combination of password to create a security breach) starts at the firewall. Configured properly, the firewall acts like an iron mask for your company. High points of vulnerability include the router and wireless access points (open ports on the firewall). 3Points has found Wi-Fi Protected Access version 2 to be a reliable solution. We also recommend a three-part approach to password policies that include character complexity, password lengths and a limited number of login attempts.
4) Scan websites and PCs daily for malware. Daily scans allow you to assess vulnerabilities regularly. Why wait until you have a problem, right? We advise a two-pronged approach: a good web filter alerts you to potential threats on a given website (like a bouncer outside a building). Antivirus protection then removes the malware once detected (like the bouncer inside the building who throws the “garbage” out). We use a myriad of tools, depending upon the latest infections, including Malwarebytes and AVG CloudCare.
5) Restrict email attachments and develop procedures for infection response because your greatest weakness … is your people. Blocking certain attachments—anything that ends in “.exe,” for example, which is an executable or installable file—is critical. Nobody should ever open these. Sometimes, cybercriminals will tempt you with filenames like “FedExBill.exe.” Don’t fall for it. Even more importantly, make sure your team doesn’t either. Conduct team meetings on basic security protocols. Instruct employees on what suspicious malware looks like. Draft procedures and reporting processes for handling them. If you think you are infected, you need to do something right away. If your team is prepared, they’ll know just what to do.
3Points Serious About Cybercrime
Megabit may be our resident mascot around 3Points, but what he symbolizes stands true: 3Points is serious about protecting small businesses.
The 3Points Tech Team, our in-house research and development group, is experimenting with imaging software. We’re capturing images of workstation activity so we can better understand when viruses cross the line. Another area of research involves Deep Freeze, a system resource software for Windows and PCs as well as other applications that specifically protect Microsoft-based systems. Also, we’ve found SonicWALL devices for network and mobile technology, along with the TotalSecure package, inhibit common malware attacks.
A word about Apple devices. While it’s true they are less prone to infection, they are not immune. Sophisticated viruses have and will continue to penetrate some Apple algorithms, just to a much lesser degree than with Microsoft operating systems.
We invite 3Points clients to ask questions about email protection, especially if you suspect an attack has been launched. In the spirit of Megabit, we are here to serve and protect.
Rob Waugh/MailOnline (January 17, 2013). The Terrifying rise of Cyber Crime: Your Computer is Currently Being Targeted by Criminal Gangs Looking to Harvest Your Personal Details and Steal Your Money [article].
Brian Krebs/Krebs On Security (August 6, 2014). New Site Recovers Files Locked by CryptoLocker Ransomware [blog].
Lucian Constantine/PC World (August 14, 2014). New Gameover Zeus Botnet Keeps Growing, Especially in U.S. [article].
SlashGear (November 2, 2013). Windows XP is 469 Percent More Infection-Prone Than Windows 8 [article].