Over the years we have heard about malware with exotic but sinister names such as BadRabbit (2017), WannaCry (2017), HeartBleed (2014), DarkHotel (2012) and the notorious ransomware Petya (2016) and its derivatives. WannaCry, a ransomware cryptoworm affected over 200,000 computers in 150 countries. DarkHotel was an interesting one in that it was spread via WiFi reception, typically in hotels and hence the name.
The most high-profile victims in recent times include: Yahoo (2013), eBay (2014), Equifax (2017), JP Morgan Chase (2014), Uber (2017) and Sony Pictures (2014). If it can happen to them, it can happen to you. In the early part of the last decade, cybercriminal activity largely involved data theft. More recently, it is ransomware. This involves, typically, encrypting or otherwise disrupting the target’s data and then supplying a fix when paid in bitcoin.
In the past several weeks, three chemical multinationals – two American. one Norwegian – were hit by ransomware attacks. Momentum, Hexion and Norsk Hydro found their IT systems attacked by the relatively new LockerGoga virus which encrypted files and disrupted systems. It’s thought that the disruption has cost Norsk around £30 million.
It’s estimated that cybercrime is currently costing organisations worldwide over US$ 500 billion a year and rising rapidly towards the US$1 trillion annually. This is just the commercial fallout; what price does one put on reputational damage?
Malware comes in many forms but as a general definition it’s software which maliciously attacks, steals or otherwise disrupts the IT capabilities or assets of individuals or organisations. The motivations of its perpetrators similarly vary: some do it for a kick, a form of vandalism; others are doing it literally as a form of cyber warfare; and then there are those who literally do it for financial gain, hence ransomware.
The oldest form of malware is our old friend the virus. A virus attaches itself to a program and then propagates itself to other programs when the original program is run. Like a real-life virus it spreads exponentially. A worm is like a virus but it’s a program in its own right: it doesn’t need a hose. A trojan, as the name suggests, appears to be a benign or legitimate program of value to users; of course, it is anything but. Unlike viruses and worms, a trojan requires human agency to be activated, e.g. opening an attachment. Today trojans are the most common method of activating ransomware.
Malware can be contracted and activated in hundreds of ways. First, virtually all people today have minimum two devices: mobile phone, desktop computer; most will have a third: laptop, notebook or tablet; some will have four or more of these devices. In most cases they will be synching with a network, a server, the cloud. Less so today, thanks to broadband, there are usb sticks. But these are being replaced by large file download sites such as WeTransfer and DropBox. Everybody is sending each other – either by email, Internet sites or social media – attachments, jokes, sound and video clips etc. Everywhere away from home or office, people connect to the Internet via third party wi-fi without a care in the world. Malware spreads, thrives, positively flourishes in these conditions.
The answer to all of these threats hasn’t changed in principle from the early days of the Internet: detection and protection. The big difference is that the enemy is cleverer, stronger, wiser, sophisticated. We must be so too. Fortunately, anti-malware practitioners continue to perform brilliant feats – miracles almost – to stay ahead of cyber criminals.
Trust no file. Trust no device.
QBS works with many key partners who are global leaders in the ongoing war against cybercrime and malware.
OPSWAT (‘trust no file; trust no device’) is based in San Francisco with another seven offices worldwide, including the UK. Several decades in the business, OPSWAT has built a strong reputation among national security agencies and departments of state where data security is an absolute imperative. They are also suppliers to leading corporations all sectors but, tellingly, in technology. Organisations such as IBM, Cisco, Xerox, Citrix, Sophos, F-Secure, ESET. Note the security names there.
OPSWAT’s flagship threat prevention platform is MetaDefender
MetaDefender comprises half a dozen distinct modules which address every possible vulnerability.
MetaDefender API: Advanced Threat Prevention Development Platform
MetaDefender Kiosk: Checkpoint for Portable Media
MetaDefender Email Security: Stop Email Threats that Evade Sandboxes
MetaDefender ICAP Server: Advanced Threat Prevention for Network Traffic and Storage Devices
MetaDefender Client: Advanced Threat Prevention for the Endpoint
MetaDefender Vault: Secure File Transfer and Storage
Then there’s MetaDefender Cloud and amazingly simple to use program which anyone can use to analyse any file, url, domain etc.
Author: Mike Patterson