Proactive Security: The Virus you Don’t Know you’ve Downloaded
In our previous article, “Are Updates Even Important?” we discussed that antivirus software works by identifying signatures on downloads to determine whether or not the file should be quarantined. We also discussed how new threats are developed at such a rate that it is difficult for antivirus software to know every signature out there.
But did you know that there are a number of ways that malicious software can sneak past your line of defense, just as the Greeks used the Trojan horse to deliver soldiers past the walls of Troy?
Types of Malware that Generally Goes Undetected:
Polymorphic Malware is a term given to malware that has the ability to manipulate its signature. If the malware is discovered by antivirus software, it can morph itself to use an unknown signature that your antivirus does not recognize as a threat.
Weaponized Documents are files in which the virus code is embedded deep within the script of the file. Antivirus software usually only scans the surface document, but once the file has downloaded, your machine reads the script and begins to execute the malicious commands. This initiates the virus, but only after it has been scanned by AV. This allows the virus to work in the background without you even knowing, attacking your computer or potentially your entire network.
Drive-by Downloads are viruses that you can get from visiting a compromised website. Whether it’s the new business you’re thinking of working with, or your usual hair salon down the street. If a website has been compromised, a hacker can take a legitimate business’ website and insert malicious scripts. Those scripts inject a command into your system without your consent. Drive-by downloads can also be hiding in an ad that either contains malware or misleads you to believe you’re checking out a product, when really it brings you to a website designed to initiate a download. Sometimes they arrive in your inbox disguised as a Bank, Apple or Netflix urging you to authorize a payment or change your password – then lures you to a webpage where they can steal your personal information. All of these are designed to trick you into downloading malware or giving up personal information – without you or your antivirus realising it has happened.
Fileless Attacks are sly. As we mentioned above, antivirus programs scan a file before determining whether or not it is a threat. In the case of fileless attacks, there is no file – and therefore there is generally no scan initiated. They can be installed either in a similar fashion to drive-by downloads, or in some cases, through an open listening point in your Remote Desktop Protocol. Because they are fileless, they are generally executed within the memory of your computer, or by a cybercriminal manually running malicious processes through a hidden remote connection. SentinelOne found a 91% increase in fireless malware attacks in 2018.
How do you protect yourself from a threat your antivirus doesn’t even know how to look for?
It all comes back to a multi-tiered, proactive security plan:
- Step 1: Install antivirus and anti-spam as your first line of defense.
- Step 2: Run updates and patches to ensure those defenses have accurate intel.
- Step 3: Keep consistent back ups running for all critical files, applications and databases.
- Step 4: Monitor your backup routine to make sure your data is being backed up successfully.
- Step 5: Combine your back up with an effective disaster recovery plan to make sure that the restore will work if and when you need it.
A Disaster Recovery Plan is designed to take into account how much it costs to run your business and how much data and uptime you can afford to lose without putting you out of business. Having a thought-out recovery plan in place not only protects your data, it protects the longevity of your business. That is called Recovery Time and Recovery Point Objective: click here to calculate yours.
With all of these proactive security steps in place you are safeguarding your systems in the event a cyber threat makes it past your primary line of defence. That way if your system is compromised beyond repair, the final resort is resetting your system to back to a healthy point of recovery, before it was hijacked.
You may lose a few minutes, hours or days of data (depending on your recovery goals) but the majority of your data will be back to a healthy state – without having to pay a hefty ransom – so that you and your employees can get back to normal as soon as possible.