Military Grade Malware
Today’s malicious software is developed by shady enterprises intermeshed with criminals and sinister intelligence organisations in places like Israel, China and North Korea. Their malicious tools are either sold openly across the internet, or eventually leak onto it through their careless exploits and associations. Stuxnet and Wannacry are both examples of modules that exploit weaknesses deliberately inserted into the firmware of routers, processors, printers and cameras during manufacture, allowing “payloads” that serve a specific criminal intent to be bolted on to order.
Although worms were involved in the Stuxnet and Wannacry attacks, the most common threats are trojans. Clicking on seemingly innocent email attachments or website links installs malicious software, opening backdoors for further exploits. Exe files can be disguised as Word “doc” files, graphic images or Excel macros. Employee mistakes can compromise entire corporations.
The evildoers present themselves as legitimate corporations. Sadly, some of them are – their owners are even household names.
Two thirds of companies say that they would not pay a ransom, but do when it actually happens. Every time someone pays more attacks are guaranteed, putting us all at risk. Ironically, fear of fines under DPA and GDPR legislation for failing to protect their data often makes companies quietly pay up.
More sophisticated suites of file integrity monitoring software offer better protection than any traditional antivirus program (see https://www.promisec.com/file-integrity-monitoring-software/).
Unfortunately many web users don’t understand what an HTTPS web address means. It indicates that encryption is used while your information is in transit, but it cannot vouch for the integrity of the website you are visiting or any server it connects to. Phishing gangs often host malicious pages on sites with legitimate SSL certificates.
Dropbox and other Cloud services also reassure users they are secure, but they are often the very means by which hackers steal large quantities of data. Large transfers over Dropbox are often ignored by network monitoring teams because they look normal.