We often read about cyber-attacks, and some of you may even
have heard of the expression zero day vulnerability, but this exotic world is
usually pretty far removed from our everyday lives.
If for example you’ve been following the story of the Sony Pictures hack, or FBI reports on the widespread proliferation of Iranian malware, and you would be forgiven for thinking that this doesn’t actually
affect you. This week, however, I’m beginning to realise that this may not be the
case.
We see computers with malware infections every day, and most
of these are actually relatively unsophisticated, regardless of the harm they
cause to the system. A typical infection is most likely to come from visiting a
compromised website, as these days people are too savvy to risk opening infected attachments.
Anybody can radically reduce the risk of what we call drive-by infections by ensuring
that their operating system is up to date, and that they have a good (also up
to date) antivirus program in place*.
If it is a superficial infection then we use a variety of
cleaning tools - the art is in determining which tools to use at any given
time, and in which order, and also how the tool is used, and our standard
operating procedure will change according to the prevalent threats at any given
time. Most customers won't appreciate the level of care that goes into what we call a Level 1 clean.
A proportion of machines, typically 10% to 20% depending upon the threat cycle, will be so
badly compromised that we carry out what we call a Level 2 clean, which is
where we back up any user data, and completely wipe and reinstall the computer. In most cases
this is because we’ve identified a root kit, which is where the operating
system itself has been overwritten to mask nefarious activities; in this case wiping
the machine is often the only way we can be sure that we are returning the
computer with an operating system which has not been compromised.
In the last couple of weeks however, we've seen a
fundamental shift in the nature of malware attacks, and while our industry is
used to reading over-hyped articles about malware threats in the press, in this
case you would be hard pressed to find any mention of this in the mainstream
newspapers.
At the start of the week the technical press reported that a
widely used plug-in for WordPress had been compromised on a huge scale with
more than 100,000 infected sites having been identified. It appears that these
attacks were exploiting what’s known as a zero day vulnerability in Firefox and
Internet Explorer. The term zero day attack refers to an attack that has not
been previously identified, and is therefore one that developers have not had
time to address and patch.
Since this happened we have seen a surge in cases of computers
misbehaving without any apparent reason, which is to say our scanning tools aren't finding anything to explain this behaviour.
What’s been particularly worrying is the case of a customer
who has just narrowly avoided a bank fraud which almost certainly resulted from
the interception of his on-line banking credentials. In itself this isn’t
unusual, however unlike most victims he didn’t click on a link in some phishing
email, but logged on via a bookmark. Most worrying of all is the fact that two
weeks ago the machine in question came in with a malware infection and we
carried out a level 2 clean, which means that we can be sure that he was using
the most up-to-date virus scanner, drivers, and operating system updates.
So this Christmas I’d like to wish you a particularly vigilant holiday,
and a cyber safe New Year.
*If you’re on a budget we recommend AVG Free ,
although the most recent versions have become so insistent in their nagging you
to purchase the paid-for version that I’m more inclined to point you towards
our preferred paid-for option which is Eset Smart Security, which has
consistently been at the top of our A list for a decade.
No comments:
Post a Comment