Sitting around the family table last night, our discussion turned to network security. Why? Because it affects everyone from my 83 year old father using his iMac to my 16 year old nephew gaming in his basement. My brother in law, who works as an M&A consultant is concerned as is my sister the HR executive. We seem to be surrounded by cyberthreats – that are more real than perceived. The Internet is a nasty neighborhood that we all pass through daily. It is a crime ridden and dangerous Gotham that we are all stuck in, you need to know how to act.
Just like evolution from viruses, to botnets and malware families that we’ve seen over the past decade, bad actors continue to find new ways of reinventing old threats. Today, the top trend in modern malware is the proliferation of ransomware. Ransomware has come a long way from the non-encrypting lockscreen FBI scare warnings like Reveton. In 2016, there has been a constant flow of new ransomware families popping up, like Locky, Cerber, Madeba and Maktub, and this is only expected to pick up steam over the summer. Ransomware is very damaging.
A common way in for ransomware is via exploit kits, like Angler. These bundle many application vulnerabilities into one kit, and try drive-by exploits for each one in sequence. The more your apps are outdated, the more likely, some of these exploits might work and infect you with ransomware.
A very important part of a comprehensive security strategy is to use network traffic monitoring system that is based on machine learning and behavior analysis. As most of these attacks come in via internet channels, make sure your network protection can parse and analyze both email and web traffic.
The endpoint (user’s computer) is whether the ransomware infection takes place. So it is important to use a modern security solution here as well, with a signature-less approach. Signature-less approach, aka behavior detection is the only way to catch zero-day threats, that are new and do not have signatures written for them yet.
Windows has added this security feature to help you stay in control of your computer by informing you when a program makes a change that requires administrator-level permission. UAC works by adjusting the permission level of your user account. If you’re doing tasks that can be done as a standard user, such as reading e‑mail, listening to music, or creating documents, you have the permissions of a standard user—even if you’re logged on as an administrator. Take full advantage of it.
Don’t click on any emails or attachments you don’t recognize, and avoid suspicious websites altogether. As most of the infections come from user action – opening attachments or visiting websites, being vigilant is the most effective way to minimize damage.