It feels like every time we turn around there is a new cybersecurity threat to report that organizations need to protect themselves from. Malware is an unfortunate reality of living in a digital world, but there are many lessons we can learn from these attacks to safeguard sensitive material.
What is Malware?
Malware is a shortened phrase for any Malicious Software infecting a server without the consent of the owner. The software hackers infect a system which depends on what their intentions are; some examples of malware include:
- Viruses
- Trojans
- Ransomware
- Spyware
Security breaches from malware attacks can cause extensive tangible and intangible damage to a company, all of which is expensive to repair. Fortunately, we can take away valuable lessons on how to protect against them from those who have experienced these destructive software programs firsthand.
Recent Destructive Malware Breaches
Bad Rabbit
Using an Adobe Flash Update as the cloak, Bad Rabbit is a ransomware virus that hit Ukraine and Eastern Europe in late October. According to Naked Security, the malware infiltrates files on the computer system using a list of usernames and passwords buried within the software. These credentials include passwords derived from a worst passwords list. The malware then encrypts files on a computer, rendering them inaccessible unless they pay a specific amount.
The moral of this malware story? From personal computers to enterprise security systems, passwords are a critical part of protecting against cyberattacks of all kinds. Make sure your passwords are strong and change them on a regular basis. To further guard your data, consider using a two-tier authentication process when accessing protected files.
WannaCry
Many government systems were attacked by the WannaCry ransomware in May 2017, exposing a Windows vulnerability on systems around the world. As CSO Online explains, “Once launched, WannaCry tries to access a hard-coded URL (the so-called kill switch); if it can't, it proceeds to search for and encrypt files in a slew of important formats, ranging from Microsoft Office files to MP3s and MKVs, leaving them inaccessible to the user. It then displays a ransom notice, demanding $300 worth of Bitcoin to decrypt the files.”
What can you glean from this hard hitting malware attack? It is important to update your computer systems with patches when they’re released, especially those marked as critical. The CSO article states, “The patch needed to prevent WannaCry infections was actually available before the attack began… However, despite the fact that Microsoft had flagged the patch as critical, many systems were still unpatched as of May of 2017 when WannaCry began its rapid spread.”
CloudBleed
In early 2017 it was discovered that Cloudfare, a cloud security company for enterprises, was violated. Unlike the ransomware discussed above, CNET.com explains, “Cloudbleed is the name of a major security breach from the internet company Cloudflare that leaked user passwords, and other potentially sensitive information to thousands of websites over six months.”
There are a few lessons to be taken away from Cloudbleed. One of the most obvious is that no one is immune to cyberattacks and malware. With proper updates, patches and security measures, however, you can prevent your enterprise from becoming the victim of attacks like this.
As technology evolves so will the cybersecurity threats; it’s important you take every precaution to safeguard your valuable information from getting into the wrong hands. Want to know where you can improve your enterprise security measures to protect against any potential cyberattacks in the future? Contact WEI today for a comprehensive security and threat prevention assessment.