Thursday , 23 November 2017
Home » NEWS » THIS WEEK’S GURUS » What sinister security threats are haunting businesses this Halloween?
Chris Boyd, malware intelligence analyst, Malwarebytes
What sinister security threats are haunting businesses this Halloween?

What sinister security threats are haunting businesses this Halloween?

It’s that time of year when the vampires and witches start brushing the dust off their best suits in preparation for Halloween. While all kinds of monsters roam the streets outside, we may forget the spooky threats which face us in our homes and businesses – 2017 has provided the scariest security stories for this Halloween.

This year has seen some of the largest attacks on record. WannaCry terrified the nation by crippling our NHS earlier this May, infecting the computer and phone systems across 16 health services. Staff were forced to cancel appointments, turn away patients and work with pen and paper. More recently the Equifax scandal compromised the personal information of over 143 million Americans, with a further suspected 15.2 million British customers also at risk.

With these large-scale attacks taking the news by storm this year, it’s not hard to believe that there have been more data breaches in the first half of 2017 than the whole of 2016 put together.

So, let’s examine the half-witted security threats from the horrifying ones and how businesses can protect themselves.

Locky rises again!

Locky ransomware is just like a zombie. Every time we think it’s dead, it rises again, stronger than ever – but instead it is after our precious data rather than our actual brains. It went unnoticed in the shadows early this year, but came back into full force with another iteration this summer.

And it’s not just Locky threatening businesses; Magniber ransomware is a new strain of ransomware, distributed by Magnitude Exploit Kit and replacing the formerly distributed Cerber, Bodysnatchers style.

The increasing number of ransomware families is enough to make a CEO shake in their boots, but it isn’t actually the most fearful thing in existence. DIY ransomware is becoming increasingly popular and is often programmed by complete amateurs making it extremely unreliable. Unlike the pro ransomware, there is no guarantee of getting your files back after paying the ransom.

Creepy cryptomining

Cryptomining in the browser is a newly discovered threat and has since become very in vogue. It sneakily works in the background of visited websites and publishers have been taking advantage of it. This has gone undetected for a while, as most ad-blockers don’t currently detect them.

The effects of cryptomining can be debilitating to a business’ productivity levels, and eventually may end up costing them a lot of money in equipment replacements. It might not sound too serious but, just like The Mummy, it sucks the life right out of your computer. Running at 100 per cent CPU usage, even for a short time, will overwork, overheat and slow your computer down. It might even send it to an early grave if it is constantly exposed.

Businesses need to consider blocking dubious websites using this technology as a preventative measure. But as cryptomining occurs on legitimate websites as well, installing security software and blockers, such as uBlock Origin, will offer more protection.

Freaky phishing emails

Did you know that the major perpetrator of ransomware infiltrating business software is emails? Which means that one of the biggest threats businesses will always have to contend with is you.

Employees who aren’t educated in spotting email phishing is a business’ worst nightmare. According do our research, hackers send an email which may appear to be from a colleague with a suspect attachment (affecting 17 per cent of our respondents) or an infected link (affecting 23 per cent). Once opened, malware can infiltrate the whole business network and shut an organisation down.

Businesses need to invest more time and resources educating their staff on the risk and consequences of opening fraudulent emails and how to spot them. If this was done more regularly, the security risk would be lowered significantly.

There can be a happy ending

Unlike our favourite Halloween horrors, this story does not need to have a bloody ending. Unfortunately, it is a reality that businesses can never be 100 per cent safe from hackers. For instance, our data showed that certain anti-virus vendors are still letting in 20 per cent of malware.

But, businesses can prepare and minimise damage for when an incident does occur. Taking a multi-layered approach to security, using both anti-virus for traditional threats and anti-malware for the more advanced ones, will provide greater security. Following these steps can ensure that your business does not fall victim to security horrors this Halloween.        

 

 

About Dean Alvarez

Dean is Features Editor at IT Security Guru. Aside from cyber security and all things tech, Dean's interests include wine tasting, roller blading and playing the oboe in his Christian rock band, Noughts & Crosses.

You can reach Dean via email - dean@itsecurityguru.org