As I began to write this blog article, it dawned on me that this is the 30th anniversary of my IT career. My career in the wacky world of IT began in 1986 when the first mass-market of PCs and Macs were in full bloom. Microsoft DOS was the most popular operating system, running on x86 XT and AT computers. MS Windows 1.0 had just been released, Lotus Notes ruled the spreadsheet market and WordPerfect was the de-facto standard for word processing. The commercial and personal use of Internet as we know it today, didn’t exist…it was only a few years away in the future. With all the great advances in IT technology since the introduction of the “world-wide-web”, otherwise known as the Internet, people all over the world, on a massive scale, are communicating through email, instant messaging, and social media sites like Facebook and Twitter.

People have so much access to news, sports and entertainment and video from all over the world. We now have smartphones which have more processing power than the computers that guided the Apollo spacecraft that landed man on the moon. Thousands upon thousands of apps exist that we use every day for things like banking…personal access to our bank accounts from our smartphones.

But unfortunately, with all good things that the Internet provides, there’s the dark side. It seems to reflect everything about mankind that has existed since the beginning of time. Good versus Evil…Open and free communication for Good versus Hateful divisive speech.

Oh what a tangled web we weave,

When first we practise to deceive! (Marmion, an epic poem by Walter Scott)

Walter Scott wrote that in 1808, but he may as well been writing about the Internet today.

Deception and stealth are the keys to the dark art known as hacking, practiced today by very skilled programmers. Every day, new exploits are written and distributed to unknowing victims, and the motivation is simple…profit.

Cybersecurity is the industry devoted to stopping hackers, but unfortunately, with limited success. The reason that’s so is because the hackers are usually one step ahead and becoming more cunning & devious in their methods.

Malware in its various forms is the constant, lurking danger that faces all users on the Internet, or cyber-world. Cybersecurity threats and attacks are constantly evolving. Malware describes a family of threats…viruses, worms, Trojan horses, spyware, adware…the list continues to grow. One type of malware, however, is now upon us all and presents a “clear and present danger” for home or office users and IT professionals alike, and it’s called ransomware.

Ransomware is one of the threats that has immediate and damaging effects on someone’s files and data. It’s introduced onto someone’s computer through a malicious download, typically from visiting a website, or opening an attachment in an email. Most people are never aware of the download because it often doesn’t display a message while it’s downloaded or installed. And worst, many anti-virus/anti-malware programs don’t catch or prevent the download or installation.

And then suddenly, before you know it, this ransomware will encrypt all of your data on your local drives, any attached USB drives and even mapped network drives that you have write-permission to. Next, you’re prompted with a message to pay a ransom or else…what a nightmare. And if you do pay up the ransomware, the promise from these hackers to unencrypt your data is often not fulfilled. Now you have less money and no data…misery is compounded.

And then your next thought is “why oh why” didn’t that fancy anti-malware program that you paid for, catch the problem before it happened. Well, unfortunately many of these programs are looking for malware “signatures” (the bits and bytes that make up the malware) to identify the threat. In other words, some other unfortunate souls had to be infected by this malware and identified before the signatures database is updated on your system…what a sordid mess.

There are some excellent anti-malware apps available but even those don’t always prevent what’s known as “zero-day attacks”…zero-day, meaning that anti-malware companies didn’t recognize this new attack and identify its “signature”. The truth is that most of the cybersecurity industry operates in a purely reactive mode. They’ll stop the known attacks but if that malware is new or an existing malware was re-written by the hacker (software code changed), it now is not known…reminds me of Donald Rumsfeld, the US Secretary of Defense in the Bush administration. Below is his famous quote:

Reports that say that something hasn’t happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns – the ones we don’t know we don’t know. And if one looks throughout the history of our country and other free countries, it is the latter category that tend to be the difficult ones.

That quote still makes me laugh. He actually said this publicly during a press conference.

So, what are we to do? Weep and mourn, and curse the Internet? Unfortunately, Pandora’s Box has been opened and is here to stay, at least for a long while.

The latest malware that hit the news recently is GozNym… Although this form of malware is not technically ransomware, it’s quite ingenious and stealthy.

Below is portion of an online article about GosNym:

If you think you can rely solely on your bank’s internet security to protect you, think again. Researchers at IBM Security have uncovered new malware that targets consumers in order to steal money from their accounts.

“We already know of $4 million that was stolen by this malware,” said Etay Maor, an executive advisor with IBM Security.

The worst part: It’s still out there. Maor led the Israel-based team that discovered the malware, which has already been used against undisclosed banks in the U.S., Canada and Europe.

The virus, known as GozNym, is a combination of two pieces of malware — one that infects the computer and the other that waits silently like a serpent until the user visits the website of a financial institution.“ The criminal is sitting on the other end obtaining that info in real time,” Maor said. What’s really different about this malware, according to Maor, is that it’s hard for researchers to even analyze because hackers doubled the encryption.

So What Can You Do?

Well, before you decide to chuck your laptop out the window, while using loud and “colorful” language…there is something you can do and there are some best practices you should follow. As I mentioned above, even today’s most sophisticated malware protection can be circumvented by malware. So, take some pro-active steps to make sure that you survive the “data apocalypse”.

  • Microsoft Windows vs Linux, Android or Mac OS: Windows is most targeted operating system for hackers, so use a computer with a different operating system to do your browsing. For many users this may not be an option or a major inconvenience. The reality is that people will use the OS that they are most familiar with or already have installed. But the fact is, Windows is the most vulnerable despite Microsoft’s repeated attempts to make it more secure. You do have options.
  • Web browsers: The next thing to examine is your choice of browsers. Microsoft’s Internet Explorer has been the most vulnerable browser due to many factors, so switch to Google Chrome or Mozilla Firefox. I could write a complete blog article on Browsers alone…
  • Open-source Host-based Intrusion Detection Systems (HIDS): Many companies employ Network-based Intrusion Detection Systems that monitor the network packets that flowing through the network. But host-based IDS monitors individual computers and analyzes operating system log files, changes to system files and software, and network connections made by the computers. There are free open-source available for Windows and Linux. Examples of HIDS are Snort and OSSEC.

  • Always make backups…like every day. Common sense, right? But here’s the catch…if you backup your data to a USB drive, you must remember to detach it from your computer afterwards. That’s not the way most people operate…If you keep that USB drive attached, those nifty backups will also get encrypted when the ransomware comes along. Also use a Cloud backup service to ensure you have a secondary backup…might save your marriage if those priceless family photos and videos are saved from disaster.
  • Lock down “administrative rights” on your computers. Microsoft Windows version 7, 8 and 10 allows you to give users non-administrative privileges. Most people violate this rule at home because of the hassles it creates but office IT admins should not grant administration rights on their own machines. My mother-in-law, who lives with us, once got our family laptop infected with 459 malware infections from visiting every obscure NBA basketball-related website. She was promptly banned permanently from using the laptop (by yours truly), and given her own iPad tablet. Kids and teenagers at home are also risky users. My older son loves browsing to music lyric websites while learning the guitar…those sites are often compromised and full of malware.
  • Be afraid, be very afraid: Stay vigilante and keep your systems and apps current with the latest patches to avoid attacks that rely on older versions of apps or web browser add-ons, such as Adobe Flash Player. This step is far from a cure-all but still important…It won’t protect your system from zero-day attacks but at least protect you from the “known knowns”.

  • Internet gateway & wireless routers. Here’s some more scary news…most wired and wireless routers are running old software that is vulnerable. There are new routers available that have very sophisticated integrated “next-gen” firewall features. Probably time to upgrade.

  • Email….Don’t open suspicious attachments: Just say no…and delete!

  • Attend my class! My classes are fun and informative, never boring. I have 30 years of interesting and entertaining stories from my IT career. And you will learn the latest stuff on cybersecurity and what’s known as “Ethical Hacking”. There’s much more to say on this topic but all good things must end…so long for now. We’re bombarded almost every day with new Cybersecurity attacks and terminology. In fact, “Cybersecurity” was once simply called “Information security” or “IT security” But “Cyber” sounds way cooler, right?

Attend a 5-Day workshop with John Cloutier:

Ethical Hacking

For more information, contact PLUS Specialty Training

+971 (0) 4 556 7171      info@plustraining.com      www.meirc.com/plus