trojan

You cannot completely safeguard your computer simply by using anti-virus software. However, you can significantly reduce your chances of getting problems.

This week I’ll be discussing some of the potential risks and some steps you can take to reduce them.

Step Up Your Security

There are a number of basic steps the average user can take to significantly enhance the security on their PC and protect it, some of which I've mentioned before.

  1. Make sure windows updates are installed as soon as they are released. I cannot stress this point enough. Yes, occasionally updates can break things (this is rare and remedial information is often available within hours!), but they protect against known exploits. Microsoft releases their updates on the second Tuesday of every month and in the UK you should be able to install the latest updates shortly after 6-7pm on the day. Out of band updates occasionally come out to fix major problems, but those are the exception rather than the rule. Go and check your windows update settings. Ideally they should be set to download and install automatically and where possible tick the box to allow recommended updates.  Visit the Microsoft website to allow updates for other products to make sure programs like Office are also patched.
  2. At home, make sure your router has a firewall on it which is turned on. Most modern routers now have this by default, but it is good to check anyway. Also, check that you have made your admin password secure, or at least changed it from the default one. There are lots of sources online (such as RouterPasswords.com) listing the common admin usernames/passwords for routers and firewalls. This is your first line of defence which if vulnerable, due to misconfiguration, puts your entire network at risk.
  3. Make sure your computerfirewall is enabled. Since XP SP2 this has been the default on all new operating systems, but can often get disabled to test network connectivity or through applications.
  4. Install an anti-virus product. Whilst some people have been known to claim you don’t need one (such as John McAfee himself!) it is generally accepted that this provides another line of protection against known threats and some degree of safety against unknown threats (heuristic scanning).
  5. Try to avoid using your machine with an administrator account. This way, if you get an infection then the damage it can do to your system is limited. Using the “Run As” option to install programs can be useful, although if you already had a key-logger installed then this just captures your credentials for the bad guys. Ideally, keep an admin account just for installing and your normal user account for day to day use.
  6. Be vigilant. Social engineering is getting significantly more complicated. Attachments in emails that look like they’re from your friends could be harbouring malware. Your friend’s email account might have been hacked either directly or a scammer has found their login and has mined their contact information.
  7. Invest in a good backup. This needs to be more than just a copy of your files to another disk if possible. Something that has a rudimentary knowledge of versioning is required to provide the best possible protection against something going awry.

Held To Ransom

Recently there have been several reports of a fiendish new piece of ransomware circulating called CryptoLocker. CryptoLocker encrypts most of the data files on your machine using a properly implemented version of public key cryptography. Once your files are locked, you then have to pay the hackers to unlock them. You are then left with a choice of paying up (never recommended), restore your files from a backup, or accept they’re lost.

If your backup supports some degree of versioning and you have a good idea when the infection happened, chances are good that once your machine has been disinfected you’ll be able to restore an unencrypted copy from the backup. Otherwise you can say goodbye to your data (see this post from Sophos on the potential of CryptoLocker). This nasty has been known to be bundled as part of the Zeus botnet and in phishing emails. There are rumours that it is being spread through infected web servers too.

Over the last 5-10 years there has been much more of a commercial element to malware as opposed to a purely mischievous or hacking mentality. This along with increasing IT knowledge among malware writers and the potential amounts of money to be made has meant that these extortion scams are getting more complicated and harder to defeat.

Corporate Protection

While the above can apply to both home and corporate systems, corporate needs additional protection to prevent both infection and leaking of confidential data. The approach needs to be multi-faceted with user education being a significant part of the equation. It’s no good having decent security measures in place if your users don’t know how to work them or don’t feel they can raise concerns about questionable emails.

The following should also be considered:

  1. Make sure you restrict, as much as possible, any inbound ports in your firewall.
  2. Implement an outbound firewall to limit the ports that are open. An average office might just need http and https from workstations. Allowing users to send emails direct or pull in their home emails (where the security, if present, almost certainly won’t be as comprehensive as in the workplace) presents extra risks
  3. Perform regular checks on all systems for signs of attacks or any changes that were not expected. An unexpected change to your password file on a web server should set alarm bells ringing immediately.
  4. Invest in some good monitoringsoftware and make sure you know how to set it up properly to detect unauthorised changes. The first thing a competent hacker would do would be to hide themselves. This won’t be instantaneous at the point of intrusion though, so your software should at least flag that a change has occurred even if it is transient.
  5. Consider an application aware firewall that does some packet inspection and use this to restrict traffic as much as possible. You might use this to block Skype, Facebook, free email (outlook.com, yahoo etc.) and other non essential sites, without interfering with business operations.

Although an unpleasant thought, you should consider the possibility that a security breach could occur from within. Do you have a policy about USB drives or files that are allowed to be sent via email? Access to sensitive files or information should only be given to those that need it , this mitigates the risk greatly. Maintaining access logs to this information and using software to spot “out of character” accesses are other ways you can prevent this issue. Also, while your users should be aware of the security measures you have in place, the precise details need not be disclosed.

If you have any questions or would like some help, feel free to get in touch with us at BirchenallHowden.

Written By: Jason Ede

______

Sources: Versioning | Search Software Quality Fiendish CryptoLocker Ransomeware: Whatever You Do, Don't Pay | The Register Destructive Malware CryptoLocker On The Loose | Sophos

2 Comments