Keeping clients' computers safe and profitable for over 30 years
Home Forms About Current Newsletter subscribe
Search All Articles
Browse by Category
Symantec's Internet Security Threat Report
Every year Symantec produces a threat report analyzing how things have changed during the preceding year. The 2018 report on 2017 provided us with some interesting insights into the threat landscape.
Ransomware
The year started out with ransomware as the biggest threat, but as the year progressed, Crypto currency mining made major inroads. Ransomware is malware the encrypts the victims own data and will only return access to it for a fee. This was so profitable over the last few years that the field became swamped with new vendors demanding exorbitant prices.
2017 was the correction year as ransom prices fell and new players entered the crowded market of attackers. Antivirus makers also became better at detecting and blocking them. There was also a move toward higher value targets like hospitals. They do this with spearphishing attacks. This is an attack directed at a particular target. For example, a junior accountant could get a spreadsheet from what appears to be the head accountant, or a secretary could receive an email apparently from the CEO demanding immediate dissemination of these notes for the board. Or, of course, it could go the other way. The CEO or lead accountant could get the malware infested email apparently from their subordinate. When the email is opened, the ransomware is released and your data starts getting encrypted.
If your backup program saves to an external drive which Windows accesses with a drive letter, like the E drive or the X drive, then the data on your backup can be encrypted as well. The Ransomware simply moves through all your drives encrypting your documents, PDF files, accounting files, spreadsheets etc. Anything they can get to, they can encrypt.
Crypto Currency Mining
Crypto currency mining steals the victims' CPU cycles to mine for crypto currencies. The CPU becomes hotter, potentially limiting its life, and slower. The CPU is busy mining. Furthermore, the increased CPU usage and the additional cooling required, increases the victims electric bill, often substantially.Supply Chain Attacks
They also noted an increase in supply chain attacks. Miscreants attack programmers and companies. They insert their malware into the supply chain, so they are disseminated by legitimate software vendors by mistake. They have also hijacked the software update process when the update process wasn't fully secured.Mobile Malware
Mobile malware attacking cell phones and tablets increased 54% in 2017. 24,000 malicious mobile applications were blocked every day.Mitigation
Ransomware
- Solid Antivirus, I recommend Nod32
- Practice safe email. I've done two short videos to help you, here and here, and a short articles here and here.
- If you get a lot of spam, I suggest Mailwasher Pro to pre-scan your emails and remove spam and potential attacks. My article on Mailwasher.
- A backup program like Spideroak One which does not use Windows drive letters. Often cloud backup solutions use their own programs to write the files to the cloud, so they cannot be encrypted by an infected Windows computer.
- Do not get conned by companies claiming the 'magic bullet' super ransomware prevention. Ransomware is just another kind of malware attack. The normal methods of stopping malware work to stop ransomware too.
Crypto Currency Mining
- All the normal Internet safety rules apply here too. Three pertinent articles:
- Brian Krebs 3 rules for Internet safety
- The single best Online safety tip
- Ad blockers are necessary
- CoreTemp allows you to monitor the load on your CPU and the temperature. This will reveal if some external source is adding to your CPU load. I wrote about it here.
Further reading:
Symantec's reportDate: May 2018
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.