Insights For Success

Strategy, Innovation, Leadership and Security

Virus

Use Google Chrome's built-in antivirus to scan windows

GeneralEdward Kiledjian

As millions around the world work from home, corporate security teams have ramped up their protection protocols because the threat actors are very active. Many threat actors have also lost their “day jobs” and are relying on their nefarious cyber activities to pay the bills/

From an antivirus perspective, most users will be properly protected by the free Windows Defender included with all versions of Windows 10 . You may have clicked on a questionable link or opened a questionable attachment and you scan your computer using Windows Defender. Sometimes you may want a “second opinion” and the question is which online scanner should you use?

How about none of them. Why not rely on the free antivirus included in Google Chrome. What, you say. Google Chrome? Chrome the browser? Why yes.

Open the Google Chrome browser

In the address bar, enter chrome://settings/cleanup

You click on Find and let it run.

So what is it looking for?

  • Hijacked settings detection - It will detect if a browser extension ha changed your settings without your consent.

  • Chrome Cleanup - Sometimes you download and install the software you need and install unwanted secondary software unwittingly. Often times this is how some of the download sites monetize their service. Chrome will detect many of these unwanted installations and remove them.

  • ESET Antivirus - Google can change the AV engine anytime but right now they have partnered with ESET.



Obviously, this isn’t a complete antivirus and should be relied on as your primary protection mechanism but it is nice to know there is a second opinion waiting for you if you ever need it.

How to protect your PC from infection

GeneralEdward Kiledjian

Think of all the valuable data your PC contains (pictures, files, invoices, contacts, etc). Now imagine losing all of that data Virus' are still a thing but you should be more worried about ransomware, worms and all of the other digital creepy crawlies roaming the net looking to make you their next victim.

Go read my article entitled "How to secure Windows 10".

Backup everything, then back it up again

In 2012, I wrote an article entitled "The best way to protect your data - images, music, documents". The main point is that you should always remember the 3-2-1 rule of backups:

  1. Have 3 copies of all of your important data (1 primary and 2 backups)
  2. Make sure your 2 backups are on separate media technologies (e.g.1 on a hard drive and the other in the cloud or 1 on a hard drive and the other on a tape backup)
  3. 1 of your backups should be offsite in a remote location that would not be impacted by a major disaster that hits your area (e.g. in the cloud).

The advantage of most cloud backups is that they support version control which means if you infect your files with ransomware, you can always go back to  a known good version. My backup strategy involves:

  1. 1 primary version of my data and a local hard drive backup
  2. 1 complete synchronization of my files on a fully encrypted trust no one online storage service
  3. 1 complete backup using a remote backup service (like backblaze or carbonite)

Update everything

WannaCry created an incredibly outcry in the tech world with thousands of companies getting infected in hundreds of countries. The truth is that an update published 2 months prior patched that vulnerability. Updating computers in large companies is complicated but your home PC shouldn't be.

You must must must update your operating system and applications regularly to stay protected.

The latest version of the operating systems from Microsoft, Apple and Ubuntu are all configured to auto-update themselves. In addition to the OS, make sure you periodically check for application updates.

If you use an Apple Macintosh computer, you may even want to use something like MacUpdate Desktop to constantly check if any of your installed apps have updates available.

Leave the built-in firewall on

Some "Security" apps turn off the built in firewall but it is critically important to ensure it is always on. On Windows, you can turn if on/off with these instructions. You can find information about the Apple Mac application firewall here

Use an antivirus

The question I get asked the most often is should I buy a third party antivirus for my home computer and my answer is no. Anytime you add a third party tool, you increase the attack vector therefore rely on what Microsoft bundles with Windows 10. You can follow these instructions to change the Windows Defender Antivirus cloud-protection level to 10.

In February I wrote an article entitled "Companies buying bitcoin to prepare for cyber extortion" and in there included this paragraph:

Companies have started to jump on the Ransomware protection bandwagon. An EDR &”next-generation AV” company called Cybereason offers a free product called RansomFree. They claim it protects against 99% of ransomware by monitoring how applications interact with files on your computer. Did I mention RansomFree is free? I haven’t used their product and thus can’t recommend it but it does seem to be useful and could really help the average consumer ensure they don’t end up getting victimized.

You can run something like RansomFree on your home PC in addition to the Windows antivirus. 

Upgrade the fleshware

The truth is that even the best most advanced technology can't prevent an infection if the user does something stupid. Often users are the weakest link the the corporate security chain and you are no different. 

Using good security hygiene will go a long way to protecting you. Basic tips:

  • never open an attachment from a user you do not know well or that you are not expecting
  • never click on a link embedded in an email
  • never install applications from untrusted sources (including torrents or anything pirated)
  • Remember that you can also get infected from a website so use Google Chrome with the the Ublock Origin plug-in

What to do if you get infected?

If a user's PC or Mac does get infected, their first thought is to find someone that can clean it. The truth is that once your PC is infected, it can' really be cleaned properly or trusted. At that point, you must do  a clean re-installation from a known clean source and then recover your files from a known good backup.

Some technical support companies will offer cleanup services but don't do it. Once your PC is infected, you don't know what else could be lurking in the background waiting to strike again. The best course of action is to start fresh.

Hopefully you have backups and everything will work out just fine. If you don't have backups and your files are encrypted by ransomware, you can always check out a free online site called No More Ransom Project and see if they offer a free decryptor for your ransomware. There are no guarantees your infection strain has a decryptor but it doesn't hurt to check.

 

Companies buying bitcoin to prepare for cyber extortion

GeneralEdward Kiledjian

In an uncertain world where kidnapping for ransom is an all too common occurrence, many hostage negotiators use the no-concession policy. They justify this position by explaining that paying a ransom makes it more likely that the perpetrators will try it again and often times the ransom is used to fund illegal or terrorist organizations.

Although I have seen very little empirical evidence to prove that this no-concesion approach is more desirable than paying the ransom, this mentality was brought into the digital age when cyber-ransoms, cyber-extortions and crypto-malware became prevalent. 

More and more companies though have started to take a different approach and are now prepared to pay ransom in exchange for saving their networks, devices and information. To meet these demands quickly, some companies have started to store bitcoin as a risk mitigation strategy.

Why this change of heart? Many of the most popular well written malware was actually designed to ensure victims could recover their data when the ransom was paid. This attention to detail and solid customer service by the bad guys, means victims are now relatively certain that they will be saved if they pay the ransom. 

Sure paying the ransom means funding organized crime and will likely fuel the next wave of crypto-malware but companies have a duty to protect their organization (rather than take the moral high ground).

This change in mindset is so pronounced that traditional physical K&R (kidnap & ransom) negotiation experts have started to test the cyber-extortion and cyber-ransomware negotiation space. 

True verifiable numbers are hard to find but firms like Recorded Future ( a cyber intelligence company) has stated that it believes the cyber-ransom market has now reached the 1B$ mark. Kaspersky says a company is cyber-attacked every 40 seconds.

Obviously crypto-malware can be counter-acted by proper, regular offline backups but many companies don't start a robust recovery program until it's too late. They either pay the ransom or lose their data. Its that plain and simple.

Right now the advantage is with the attacker. Corporate information security groups have to bat 100% to keep the company safe. This is expensive, time consuming and not always achievable. The attacker just need to infect 1 machine on the network and then can propagate and move laterally from there. 

Companies have started to jump on the Ransomware protection bandwagon. An EDR &"next-generation AV" company called Cybereason offers a free product called RansomFree. They claim it protects against 99% of ransomware by monitoring how applications interact with files on your computer. Did I mention RansomFree is free? I haven't used their product and thus can't recommend it but it does seem to be useful and could really help the average consumer ensure they don't end up getting victimized.

It is clear that this malware is written by extremely skilled and determined threat actors. This isn't code written in somebody's basement but rather a professional extortion company with developers, quality assurance and even customer support to ensure a paying customer is taken care of. 

So the question is will your company prepare by buying and storing bitcoin? If you will, how much should you store? that is the new question.

Locky Ransomware is king of SPAM emails

GeneralEdward Kiledjian

Image by Yuri Samoilov used under creative commons license

We had lower than normal SPAM numbers for the last couple of quarters but the evil scourge of the internet is back with a vengeance. Company CISOs and personal users probably noticed a rise recently of emails containing variants of the locky ransomware (encrypting) malware.

The number of SPAM emails containing malware reached an all time high, according to Proofpoints Q3 2016 report

Proofpoint Q3 email badware statistics

Proofpoint said Locky was found in 96.8% of all malicious SPAM attachments. The vast majority contained a ZIP file containing a JavaScript file. We also saw Office documents containing malicious scripts, HTA files and WSF files.

Definitions:

  • HTA : HTML Application
  • WSF: Windows Scripting File

Other "fun" things found in these malware bundles included:

  • Pony Infostealer
  • Vawtrack banking Trojan
  • Tordal malware dropper
  • Panda Banker banking Trojan
  • CryptFile2
  • MarsJoke
  • Cerber

It's not all bad.... exploit kit activity is down 93% compares to the start of 2016. 

2015 will be the year of targeted stealthy malware

technologyEdward Kiledjian
Image by spencer used under Creative Commons License

Image by spencer used under Creative Commons License

2014 was the year of the hack. The year of the spectacular hack. You know this because these major incidents were reported in your run of the mill 6PM news show (not just the tech press).

As we start a fresh new year, what can we expect?

This isn't your father's malware

Virus' and malware started out (in the early days of computing) as a way to show hacking was possible but didn't harm anything. Then we started seeing basic virus' that wipe the MBR of a hard-drive but this was easily recoverable. Then we had a lull where virus' were boring and unspectacular. 

A couple of years ago we started seeing malware designed to convert your home computing devices into zombies to power the DDoS attack armies of evil doers everywhere (computer, smartphone, router, smart devices, etc). End of last year we finally found out about Regin (link, link). Regin seems to be the most sophisticated espionage tool the world had ever seen. 

This uber capable malware is stealthy and remained unknown for years while it gathered intelligence for its master from government, research institutions, telecommunication companies, airlines, corporations and individual. Researchers believe this was state-sponsored but aren't pointing a finger to any specific country. 

Looking at the tools we use to detect and analyse malware, we also see a significant increase in the number of highly targeted and extremely sophisticated that easily slips through traditional antivirus based security tools. Late in 2014 we even saw a couple that are also cautious not to run in a clean virtualized environment to prevent detection by behavioural scanning engines.  

Expect 2015 to be an "interesting" year with highly advanced malware that will require a new bread of detection tool.