Some threats to your company computers are simply nastier than others. The worst malware can prove to be especially destructive, virulent, costly, embarrassing, compromising, or difficult to remove without professional-grade data sanitisation. Below are three of the biggest threats that users, companies, and administrators face today.
1) WannaCrypt0r (WannaCry)
WannaCry is the grandfather of all modern self-replicating, easy-to-use, crypto locker malware programs. WannaCry's malicious family of encryption programs are spread via local LAN and WLAN networks, misleading links to trojans, spam emails, and remote wardialing to find unsecured routers. It goes by many different names, many of which contain some variation of 'Crypt'. WannaCry is difficult to detect while on the move, quick at reproducing, and especially damaging to older machines running a Windows OS released before Windows 7. WannaCrypt0r has now caused chaos in Russia, China, Britain, and India through disrupting networks and demanding ransoms en masse.
Released into the wild by anonymous cybercriminals in early May 2017, WannaCryptor and its many derivatives target key file folders on Windows computers. The files are encrypted, then a ransom payment to be made in Bitcoin is demanded to unlock them. The OS itself is still usable, albeit with pop-ups prompting the user to pay. A countdown timer steadily increases the ransom amount.
While a remote killswitch was discovered by accident during the May 2017 NHS WannaCry crash, hackers have since adapted and diversified. A range of similar programs now use the EternalBlue port exploit pioneered by WannaCry to gain access to and encrypt otherwise secure computers. BadRabbit and Diskkoder.C are two particularly nasty ones to watch out for.
2) GozNym
A custom-built, data-logging trojan made out of two previously separate items of malware, GozNym has been spread worldwide through malicious download links and old-fashioned email phishing by a Russian crime ring. GozNym has only registered around 40,000 confirmed infections. However, the 'quality, not quantity' approach it employs only makes it that much more dangerous to those unfortunate users.
GozNym focuses on spreading to high-value targets, such as wealthy personal users, through phishing. Once installed on a device, it hides in plain sight by replacing fields on legitimate banking and shopping websites with phishing fields. These fields will send any data inputted twice - once to the intended destination, once to the hackers. The individual and corporate victims then have their accounts drained, via wire transfer.
Gozi IFSB is the part of the malware that handles field injection, logging, and transferring stolen bank details. Nymaim is known for sophisticated silent running, allowing the malware to idle in the background of the OS when not in use. Due to Nymaim, most major anti-virus and anti-malware programs have a high chance of failing to detect GozNym.
As of July 2019, 5 out of the 10 original creators of GozNym have been arrested by Interpol. However, the trojan remains in the hands of other cybercriminals and should still be considered extremely dangerous. Organised rings, complete with money laundering chains, are suspected to be the main culprits behind its continued spread.
3) Hacktool:Win32/Keygen
Hacktool (and variants) is an illegal desktop program in common circulation amongst private users. While it's not actively malicious in the same way that a trojan is, it forms a major headache for software companies. Hacktool enables piracy on a grand scale by generating or bypassing the keycode protection steps required for each new installation of a program.
Legitimate ISOs and executables can have their inbuilt copy protection cracked by the invasive analyser, allowing users to run free copies of programs without a disc or product key. Companies selling popular but expensive products (such as Adobe) are the usual financial victims of Keygen programs.
If an employee uses a business machine with Keygen-cracked software running on it in the course of work, your business may be held criminally responsible for their actions. Keygen programs can also be modified for use as a backdoor for trojans, adware, and other potentially unwanted programs (PUPs) that clog up devices and puts your customer’s data at risk of theft.
How To Prevent A Malware Attack
Most companies use a professional anti-virus package, which is successful at warding away most cyber threats. However, many of the most virulent malware threats are undetectable by anti-virus software and may remain on a device even after its HDD is wiped by conventional means. To prevent this, always subject recycled and retired IT assets to professional data shredding/sanitisation to ensure malware programs are completely eliminated. For more information please call 01332 371989 today.
Image Source: pixabay.com