We’ve heard about a lot of major malware issues this year, affecting consumers, and both large and small companies alike. This article lists and discusses some of the biggest malware problems that we’ve faced in 2018.
Ransomware has continued to be an ongoing and serious threat to businesses in 2018. Ransomware is true to its name, and infects your computer or device, encrypts all of your data, then demands a sum of money to unencrypt your data. This type of malware effectively holds your data to ransom, hence the name. Ransomware typically infects computers through email attachments and unsecured ports, in particular unsecured remote desktop protocol connections, being the most common forms of entry. The most difficult and dangerous for 2018 are Crysis/Dharma, GandCrab, and SamSam. Ransomware has been targeting more businesses this year, so be aware.
Crypto Mining Malware
Crypto mining malware, or crypto-jacking, is another threat that has really taken off this year. Crypto mining is using your CPU’s processing power to break down complex algorithms and ‘mine’ new Bitcoin or another cryptocurrency. This isn’t a problem when people are using their own devices and processing power to do this, but lately people have been using malware to infect other people’s devices and use their processing power to mine cryptocurrency for them. This uses enormous amount of processing power, and if your computer is affected, you’ll notice that your CPU usage is at 100% constantly, slowing down your computer and using battery very quickly. There are many variants of this malware and they use many potential entry points including infected websites, an exploit in Oracle WebLogic, Microsoft vulnerabilities, and many others. This type of malware can be very difficult to detect and remove. The three worst offenders this year have been GhostMiner, WannaMine, and Coinhive.
Banking Trojans & Botnets
The third major threat to businesses this year is banking trojans and botnets. Banking trojans specifically seek to gain and exploit credentials found on infected devices. These trojans are increasingly going after banking institutions and businesses and stealing valuable information. Botnets are typically targeting cloud service providers, logistics companies, online technology businesses, mobile app companies, and marketing and ecommerce organisations. Some of the worst for 2018 include Emotet, Trickbot and Zeus Panda. Both botnets and banking trojans are increasing their features and capabilities and becoming increasingly dangerous.
How Do I Protect My Business?
- The first thing you can do is make sure that you have good virus and malware protection on all of your work devices. Ensure that your protection has the latest updates. We use and recommend Webroot Secure Anywhere It’s an effective cloud-based solution that updates itself and won’t slow your machine down. Contact us for more information.
- Use new versions of available programs, as old versions may have security vulnerabilities that newer versions have resolved.
- Make sure that you have good IT policies and practices enforced at your workplace, such as preventing all staff from using external devices in conjunction with work devices. This involves plugging in or connecting any USBs, external hard drives, mobile phones, etc. to any work devices. This will assist in preventing clean devices from becoming infected.
- Ensure that you educate all of your staff about your IT policies, and educate them about risks, for example, opening questionable emails and links can infect your devices very quickly.
- Keep regular, reliable backups of all your necessary data to an external device, external hard drive, or cloud storage. If you ask, “how often do I need to back up my data?” the answer should be, “how often do you use that data?” If you are using and updating your data every day, and it is crucial data to the running of your business, then back up that data every day. If you rarely use older data, such as archives, only back up that data every six months or yearly.
Until large software companies fix their existing security vulnerabilities, every business that uses their software is a potential malware target. Software companies have been working quickly to address weaknesses, however, the technology and techniques that malware are using continue to evolve rapidly. Your best defence as a business is to stay informed about all new threats, inform your staff, and protect your workplace devices.