Every day, I read another article about a company or city that has been infected with some form of malware. Which is any software program purposely designed to interfere with the normal functioning of a computer system for malicious reasons, such as to hold files hostage for ransom. One example that stuck with me recently was the SamSam ransomware attack that crippled municipal operations in Atlanta, Georgia, in 2018; it reportedly cost the city $2.6 million to recover. In 2018, the White House issued a report estimating that malicious cyber activity costs the U.S. economy between $57 billion and $109 billion annually. The internet is a new battlefield; we are in a cyberwar in which hackers are the enemy and malware is the weapon. Which is why we think it is important to know the top ways malware is spread.
Unfortunately, we only hear about the attacks on large companies or governmental entities. When, in reality, the majority of cyberattacks target small- and medium-size businesses (SMBs). Most never report the security breach. We feel that it is our duty to help educate you about this threat.
Hackers use many angles of attack to exploit computer systems, and they’re coming up with new ones all the time. While you cannot protect your company from every potential malware threat, understanding and avoiding the top four approaches used by hackers will go a long way toward reducing your risk of infection.
1. Phishing Emails
By far the most common method for hackers and state-sponsored hacking organizations to spread malware is through phishing emails. Hackers have become incredibly skilled at crafting emails that trick employees into clicking on links or downloading a file that contains malicious code. The old phishing emails from that Nigerian prince who wants to share some of his fortune with you (for a small fee) have been replaced with very convincing emails that even replicate a company’s logo and branding. These phishing emails come in all shapes, sizes, and colors, but we want to highlight the one thing they all have in common: a sense of urgency.
One telltale of a phishing email is the sender’s email address. In most cases, the sender may seem legitimate, like “Microsoft-Support”, but the associated email address is something bogus, like JohnDoe@MyDomainGotHacked.com. If you receive an email that you think is a Phishing email, report it to your internal IT security team so that they can evaluate it and block it. If you don’t have an internal IT security team, block it in your spam filter and then delete it.
2. Social Network Spam
Social network spam is a relatively new angle of attack for cybercriminals. When people browse social sites, looking at pictures or keeping up with old friends. They might not realize that the photo they are about to click on could actually be malware. Examples of this include photos or videos shared on a social site that, when clicked, take the user to a fake YouTube page that then requests the user to download and install a video player plugin. Once the “Video Player” is installed, you still cannot watch the video. But the criminal might be watching you on your computer, with full access to your device. The lesson here is: think before you click or download!
3. Remote Desktop Protocol
This one is a classic. I am still surprised when we perform IT discovery and cybersecurity risk assessments for potential new clients that many still have this huge vulnerability exposing their system to the internet.
Remote Desktop Protocol (RDP) is a connection protocol that enables a user to connect to another computer over a network connection. Cybercriminals now use automation to scan the internet, looking for computers that are open to RDP. Then, they try to guess a username and password to gain access to the remote computer. During one risk assessment, we showed the company that it had more than 18,000 failed login attempts for the administrator account in the last 24 hours. The night before, at 2 a.m., the hacker was finally successful and was able to log into the system. The company executives were shocked and had no idea that someone had been attempting to hack them.
Other times, cybercriminals purchase the username and password from the Dark Web. Once they have access, they are free to do whatever they want, which can include installing malware.
4. Drive-By Downloads from a Compromised Website
What if I told you that there was a cyberattack method that could infect your computer with malware without any action on your part? That’s right, you wouldn’t even have to click on any links. Sounds scary, right? It most definitely is. The average website is attacked 58 times per day in an attempt to infect it with malware. Once the site is infected, it will begin scanning the computer of anyone who visits the site, looking for vulnerabilities. These vulnerabilities can arise from out-of-date apps, missing operating-system patches or browser plugins. If a weakness is found, it is used to infect the computer with malware.
These are just a few examples of ways malware can spread through the internet and into your computer system. The good news is that with proper IT management, security best practices, multiple layers of defense and end-user security awareness training, a company can reduce its risk of cyberattack. Vigilance is key to staying one step ahead of cybercriminals. Ask your IT provider or internal IT department how it is protecting your company from the spread of malware.
By Shawn Brown, President and COO