Posts

Nodersok: How Can You Protect Your Enterprise From Malware Threats?

By Slava Gorelik – Founder and VP R&D


Malware threats to data

Hackers are getting more ingenious by the day with fileless invisible malware types that escape detection. Nodersok is the latest in the line, but it is only one amongst many. Top 10 malware infections in 2019 included Emotet, Wannacry, ZeuS, Dridex, and Kovter. How can an organization secure itself against such: malware threats to data?

What is Nodersok?

In September 2019,  researchers from Microsoft’s Advanced Threat Protection (ATP) team discovered a fileless multi-stage infection, node.js based malware. They dubbed it Nodersok. Fileless threats pose a different level of  Malware threats to datachallenge compared to file-based ones and need advanced techniques to manage prevention. Nodersok uses valid tools and ensures nothing malicious is written to the disk. The malice resides in-memory. The entire Nodersok campaign runs in four stages, finally disabling the Windows Defender Antivirus and turning the machine into a proxy. Nodersok has affected a range of industry sectors with a particular fondness for the education sector.

How prevalent are malware attacks?

Different though they are, these forms of malware show certain common aspects:

  • Microsoft Office is a favorite
  • Email is the primary attack vector
  • Over 60% of the attacks target the small business category. 

How do you protect your organization and data from them?

Malware protection in Office 365

New call-to-action

If your enterprise has moved to Office 365, you have taken a step in the right direction. Office 365 comes with built-in protection that prevents the introduction of malware into Office 365 via a client or from an Office 365 server.  Exchange online ensures that all emails travel through the Exchange Online Protector (EOP) which scans and quarantines in real-time.

Microsoft also offers Advanced Threat Protection (ATP) with an email filtering service that provides additional protection against phishing. Similar protection exists for Sharepoint Online and OneDrive for Business as well.  With all the defense in place, malware threats to data still do materialize and while there is no consistent globally agreed way to track and report a cost per infection, in 2018, in the US alone the average cost per breach was $7.9 million.

Data loss from threats like malware are an established reality and enterprises both big and small cannot afford to take the risk. For malware to infest your organization, all it takes is one wrong click, one crafty phishing attack, one infected flash drive. Office 365 cannot protect you from data loss/corruption due to such attacks at your end. This is why third-party SaaS backup is so critical to protecting your organization’s data.

How can SaaS backup protect against Malware threats to data?

The damages of malware threats to an organization include data corruption, data loss, identity theft, and security/network breaches. The repercussions of such an attack go far beyond financial loss; they can decimate a company’s reputation and customer base, which has taken years to build, in a few hours. When struck with a malware attack, the best way to minimize its damage is to ensure business continuity with quick disaster recovery.

Central to that is having a reliable backup and recovery solution. SaaS backup of Office 365 can enable you to easily and quickly recover an accurate copy of your data and can completely blunt the malware attack. Office 365 does come with native solutions like Recycle Bin, however, they offer limited-timespan restores and recovery can be cumbersome. 

How can CloudAlly help?

CloudAlly pioneered cloud backup way back in 2011. Resultantly we have nurtured a mature suite of robust SaaS backup solutions for Office 365 Backup, Sharepoint and OneDrive.  We were also ranked #1 by Newsweek by over 10,000 IT Pros.

We offer a full-featured 15-day free trial which you can activate and start backing up your data in minutes and are very highly rated and recommended by our users. We also offer considerable discounts for educational institutions, non-profit organizations, and as a part of our partner program. Contact us and we will be happy to have an expert guide you.

Malware Removal

Malware Removal (& Ransomware off course)

The information technology industry has for some time now recognized the need for Malware and Ransomware protection, in the form of tools, software, best-practices, and backup. Malware removal – in particular is recently becoming a hot topic with IT pros.

Malware RemovalAnti-virus software firms, and anti-Ransomware detection & removal institutions have long sought to counter this threat to business continuity, in a joint effort to protect, and defend by cyber security methodology.

Surprisingly, in an out of the blue announcement the FBI releases what appears to be a free ‘do-it-yourself’ solution for companies attached by a vicious Ransom virus – GandCrab: “FBI Releases Master Decryption Keys for GandCrab Ransomware.

 Apparently, the FBI has shared this with multiple European agencies in an effort to combat an ultra threatening virus, which makes this a 1st in cyber anti-crime global cooperation.

The full code & story is shared here: www.bleepingcomputer.com 

 

What is GandCrab?

GandCrab operates using a ransomware-as-a-service (RaaS) business model, selling the right to distribute the malware to affiliates in exchange for 40% of the ransoms. GandCrab was first observed in January 2018 infecting South Korean companies, but GandCrab campaigns quickly expanded globally to include US victims in early 2018, impacting at least 8 critical infrastructure sectors. As a result, GandCrab rapidly rose to become the most prominent affiliate-based ransomware, and was estimated to hold 50% of the ransomware market share by mid-2018. Experts estimate GandCrab infected over 500,000 victims worldwide, causing losses in excess of $300 million.”

Its never too late!

Alternatively, some CIOs conduct preemptive measures to recover from such disasters, by backing up on alternate data centers, such as Amazon AWS (which differ from their business solutions data centers on Azure or Google), and gain the ability to restore from any point in time, any user or their whole MS exchange data, into a new cloud solution installation.

It makes sense to backup on cloud, and for the initial 14 days its completely free to fully try out the capabilities of a backup & restore solution such as CloudAlly.com provides.

Malware Restore

Malware Watch – Restoring from a Malware Incident

Malware Restore – IT managers are often faced with information technology incidents which alter their work environment, and affect their on-going operations, causing them to take measures which restore daily business activity.

Such incidents (where malware restore is necessary) are often ex-organisational and pose a serious concern for business continuity.

Malware activity is such an incident, but what is Malware?  The classic Wikipedia description of Malware is: ” Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network. Malware does the damage after it is implanted or introduced in some way into a target’s computer and can take the form of executable code, scripts, active content, and other software. ”

Malware Restore

In a recent real incident a US Florida town decided to pay malicious hackers $600,000 (£475,000) to get its computers working again.  Malicious hackers managed to break into this US town’s computers, and insert a Malware code, which enabled them to disable IT operations until the ransom was paid.

In this case payment was made by Bitcoin, 65 Bitcons, in return for a return to normal IT operations.  This story was recently reported by the BBC Florida town pays $600,000 virus ransom.

It might seem so but this is not an isolated event, news & media organisations such as Associated Press have reported that in 2018, 1,493 such ransomware attacks occurred, resulting in an estimated payout of $3.6m for hackers.

Cyber security firms are a proven resource for trying to stop such incidents before they happen, but more and more its become recognized that 3rd party cloud to cloud backup is an effective recourse to restore data in main business solutions such as Office 365 email exchange, G Suite, Salesforce.com, etc.  Companies which backup their cloud business solutions, are able to restore their data, and setup IT operations again (on a new IT environment), avoiding ransom payments to hackers who wish to disrupt their business and gain from such activity.

Data Protection – Malware Restore

In order to enable a point-in-time restore, its obviously necessary to start by activating a backup for the selected business solution.  Click Here to download our why backup eGuide.

If you’ve experienced such a Malware incidents, and want to learn more about backup, email us.

 

 

 

 

Malware Protection & Attacks

How to Protect Oneself from Malware Attacks

Protecting your company data is the most critical task your IT department has. This team of specialists works tirelessly to keep out intruders only to have their coworkers inadvertently let them differently. While your business may have many safeguards in place to catch and clean up these mistakes, there are ways to prevent malware attacks before they happen. Protecting oneself from malware attacks? How?


What this article is about:


Additional Layers of Security

You may think your employees are the most vigilant in the world, and they may very well be. However, without a layered security system in place, cyberattacks can still break through. Your business needs an extensive security suite of antivirus, firewalls, and antimalware software to help keep out unwanted visitors.

Using Updates and Plugins

One of the easiest ways for a hacker to attack your infrastructure is through holes in your company’s software. Whether it is the operating system, internet browsers, or mobile devices, keeping titles up to date is one of the most important things you can do to protect corporate data.

Browsers, operating systems, and plugins often receive regular security patches from their manufacturers. It is easy for you to push them off and let them wait until a more convenient time for your employees. However, by doing so, you are cracking a door for intruders to exploit. Once the updates roll out, act immediately to ensure the best coverage. Immediate action is doubly true for mobile devices which often get up off due to low storage or battery power.

On web browsers, ensure all employees enable the click-to-play plugin. Many attackers use the ads to install their viruses on to unsuspecting computers. These ads autoplay and often found on well-known sites. The click-to-play plugin stops Java or Flash ads from running, unless the user clicks on them, helping to reduce the chance of accidental infection.

Safe Browsing

Companies often restrict their employees online browsing abilities. However, even sites that your business has deemed okay for workers to visit need to be used with caution. Employees should do the following every time they go on the internet:

  • Log out of websites when finished: It does not matter if it is a social media site you regularly use to update information for the company or a banking site you use to check your balance during lunch, always log out. Hackers with the right skills can use your browser’s cookies to gain access to places you remained logged into.
  • Use Secure Connections: Sites with padlocks to the left of the URL provide a secure connection between your system and the website server. This added encryption helps to protect against intrusions in the data stream.
  • Strong Passwords: Don’t use passwords that are easy to guess such as birthdates, pets’ names, or anniversaries. Passwords should contain upper and lower cases letters as well as numbers and special characters. For optimal protection, you need a different password for each site you log into.

Other Important Tips

Most employees defer to their local IT department in the event of a computer malfunction. It is the best practice because you know that the gurus of IT are going to clean the system without infecting it further. However, for employees who work from home, having access to the local IT department might not be a feasible option. These workers are more likely to be taken in by fake tech support numbers that may appear on the screen when their system gets infected. Corporations can help by making sure all employees, home-based and onsite, have access to the correct contact for software and hardware support.

Also, educate your workers on phishing and spoofing scams that may appear in their inboxes. It is essential that you remind them never to call the institution the message is from to verify authenticity before using links. Learning how to spot phony messages can protect both your company and individual workers from data loss.

Malware attacks can happen to any business, big or small. Taking steps to protect your infrastructure and training your employees on safe practices can curtail any malicious intrusions. Even the most secure systems can still be successfully attacked, so in addition to education and layered security, you should also backup your data. CloudAlly offers complete backup and recovery solutions for Office 365, SharePoint/OneDrive, G Suite, Dropbox, Box and Salesforce, allowing you to quickly recover data in the event of a malware attack. Start to backup your data and your account with a Free 14 day trial.


Now that you know more about malware protection and attacks, you might want to have a look at what we created for you…

L2-Discover-Disaster-Recovery-Best-Practices-for-Business-Continuity