Every day we get more information on the Corona Virus or Covid 19 via Special Reports, News Updates and the like. This virus has infiltrated most of the world. In an effort to slow the rate of infection many countries and states have either suggested or mandated the closing of businesses and the gathering of more than 10 persons. In an effort to stop or at least slow the rate of infection we have been told to wash our hands, cover our mouth when we cough, and stay at least 6 feet away from others.
Some businesses have allowed employees to work from home. Regardless if you are working from home, helping your kids with their online classes, or just keeping in touch with friends and family you’re probably using some type of computer to communicate. Just as with the Corona Virus your electronic devices can become infected and pass that infection on to others. So let’s talk about how to protect ourselves and the devices we use to communicate.
So what type of illnesses can our electronic devices catch? There are 3 main categories and causes of infection:
What is a Computer Virus?
Reference & credit: Comodo Antivirus article
A computer virus is a malicious code designed to spread from host to host by itself without the user’s knowledge to perform malicious actions. It imposes harm to a computer by corrupting system files, destroying data or otherwise by being a nuisance. The reason for designing a computer virus is to attack vulnerable systems to gain admin control and steal confidential information — Cybercriminals prey on online users by tricking them.
How does a Computer Virus Spread
A computer virus spreads through removable media, internet downloads, and e-mail attachments. In other words, a virus spreads while the user is viewing an infected advertisement, visiting an infected website, opening the attachment in the email, or clicking on an executable file. Besides that, connecting with an already infected removable storage device such as a USB drive also spreads the infection.
There are two ways by which a virus operates; the first type starts replicating itself as soon as it lands on the computer; the second type remains dormant until it is triggered. Therefore, it is essential to install robust antivirus software on a computer to steer clear of all such threats.
Computer Virus Types That You Need Know
Computer viruses come in different forms, and the most common infections are:
- Boot Sector Virus
- Direct Action Virus
- Resident Virus
- Multipartite Virus
- Polymorphic Virus
- Overwrite Virus
- Spacefiller Virus
- File Infector Virus
Boot Sector Virus –
The Boot Sector virus infects the master boot record, and it mostly spreads through the removable media. It is a complex task to remove this virus and often requires the system to be formatted.
Direct Action Virus –
The Direct-Action Virus remains dormant on a computer until the file containing the virus is executed.
Resident Virus –
The Resident Virus inserts itself in a computer system’s memory. It is hard to identify the virus, and it is equally tough to remove it.
Multipartite Virus –
The Multipartite Virus infects and spreads in multiple ways. This virus infects both the program files and the system sectors.
Polymorphic Virus –
A Polymorphic Virus is more capable of altering its signature pattern whenever it replicates thereby rendering it hard to be detected.
Overwrite Virus –
As the name suggests, an Overwrite Virus spreads through emails and deletes all the files it infects.
Spacefiller Virus –
The Spacefiller Virus is also known as Cavity Virus; it occupies the empty spaces between the codes. It does not harm the files.
File Infector Virus –
A File Infector Virus is also known as Parasitic Virus because it comes attached to program files, such as .COM or .EXE files. The best way to detect file infector viruses is to use virus detector software.
Computer Virus Symptoms
The list of computer virus symptoms include:
- A slow performing computer
- Pop-ups automatically showing up on the screen
- Programs running on their own
- Automatic multiplying/duplicating files
- Presence of unknown files and applications on the computer
- Files getting deleted or corrupted
What is Malware?
Reference & credit: Veracode article by Neil DuPaul
Malware is short for malicious software, meaning software that can be used to compromise computer functions, steal data, bypass access controls, or otherwise cause harm to the host computer. Malware is a broad term that refers to a variety of malicious programs. This post will define several of the most common types of malware; adware, bots, bugs, rootkits, spyware, Trojan horses, viruses, and worms.
Adware (short for advertising-supported software) is a type of malware that automatically delivers advertisements. Common examples of adware include pop-up ads on websites and advertisements that are displayed by software. Often times software and applications offer “free” versions that come bundled with adware. Most adware is sponsored or authored by advertisers and serves as a revenue generating tool. While some adware is solely designed to deliver advertisements, it is not uncommon for adware to come bundled with spyware (see below) that is capable of tracking user activity and stealing information. Due to the added capabilities of spyware, adware/spyware bundles are significantly more dangerous than adware on its own.
Bots are software programs created to automatically perform specific operations. While some bots are created for relatively harmless purposes (video gaming, internet auctions, online contests, etc), it is becoming increasingly common to see bots being used maliciously. Bots can be used in botnets (collections of computers to be controlled by third parties) for DDoS attacks, as spambots that render advertisements on websites, as web spiders that scrape server data, and for distributing malware disguised as popular search items on download sites. Websites can guard against bots with CAPTCHA tests that verify users as human.
In the context of software, a bug is a flaw produces an undesired outcome. These flaws are usually the result of human error and typically exist in the source code or compilers of a program. Minor bugs only slightly affect a program’s behavior and as a result can go for long periods of time before being discovered. More significant bugs can cause crashing or freezing. Security bugs are the most severe type of bugs and can allow attackers to bypass user authentication, override access privileges, or steal data. Bugs can be prevented with developer education, quality control, and code analysis tools.
Ransomware is a form of malware that essentially holds a computer system captive while demanding a ransom. The malware restricts user access to the computer either by encrypting files on the hard drive or locking down the system and displaying messages that are intended to force the user to pay the malware creator to remove the restrictions and regain access to their computer. Ransomware typically spreads like a normal computer worm (see below) ending up on a computer via a downloaded file or through some other vulnerability in a network service.
A rootkit is a type of malicious software designed to remotely access or control a computer without being detected by users or security programs. Once a rootkit has been installed it is possible for the malicious party behind the rootkit to remotely execute files, access/steal information, modify system configurations, alter software (especially any security software that could detect the rootkit), install concealed malware, or control the computer as part of a botnet. Rootkit prevention, detection, and removal can be difficult due to their stealthy operation. Because a rootkit continually hides its presence, typical security products are not effective in detecting and removing rootkits. As a result, rootkit detection relies on manual methods such as monitoring computer behavior for irregular activity, signature scanning, and storage dump analysis. Organizations and users can protect themselves from rootkits by regularly patching vulnerabilities in software, applications, and operating systems, updating virus definitions, avoiding suspicious downloads, and performing static analysis scans.
Spyware is a type of malware that functions by spying on user activity without their knowledge. These spying capabilities can include activity monitoring, collecting keystrokes, data harvesting (account information, logins, financial data), and more. Spyware often has additional capabilities as well, ranging from modifying security settings of software or browsers to interfering with network connections. Spyware spreads by exploiting software vulnerabilities, bundling itself with legitimate software, or in Trojans.
A Trojan horse, commonly known as a “Trojan,” is a type of malware that disguises itself as a normal file or program to trick users into downloading and installing malware. A Trojan can give a malicious party remote access to an infected computer. Once an attacker has access to an infected computer, it is possible for the attacker to steal data (logins, financial data, even electronic money), install more malware, modify files, monitor user activity (screen watching, keylogging, etc), use the computer in botnets, and anonymize internet activity by the attacker.
A virus is a form of malware that is capable of copying itself and spreading to other computers. Viruses often spread to other computers by attaching themselves to various programs and executing code when a user launches one of those infected programs. Viruses can also spread through script files, documents, and cross-site scripting vulnerabilities in web apps. Viruses can be used to steal information, harm host computers and networks, create botnets, steal money, render advertisements, and more.
Computer worms are among the most common types of malware. They spread over computer networks by exploiting operating system vulnerabilities. Worms typically cause harm to their host networks by consuming bandwidth and overloading web servers. Computer worms can also contain “payloads” that damage host computers. Payloads are pieces of code written to perform actions on affected computers beyond simply spreading the worm. Payloads are commonly designed to steal data, delete files, or create botnets. Computer worms can be classified as a type of computer virus, but there are several characteristics that distinguish computer worms from regular viruses. A major difference is that computer worms have the ability to self-replicate and spread independently while viruses rely on human activity to spread (running a program, opening a file, etc). Worms often spread by sending mass emails with infected attachments to users’ contacts.
While these types of malware differ greatly in how they spread and infect computers, they all can produce similar symptoms. Computers that are infected with malware can exhibit any of the following symptoms:
- Increased CPU usage
- Slow computer or web browser speeds
- Problems connecting to networks
- Freezing or crashing
- Modified or deleted files
- Appearance of strange files, programs, or desktop icons
- Programs running, turning off, or reconfiguring themselves (malware will often reconfigure or turn off antivirus and firewall programs)
- Strange computer behavior
- Emails/messages being sent automatically and without user’s knowledge (a friend receives a strange email from you that you did not send)
Malware Prevention and Removal
There are several general best practices that organizations and individual users should follow to prevent malware infections. Some malware cases require special prevention and treatment methods, but following these recommendations will greatly increase a user’s protection from a wide range of malware:
- Install and run anti-malware and firewall software. When selecting software, choose a program that offers tools for detecting, quarantining, and removing multiple types of malware. At the minimum, anti-malware software should protect against viruses, spyware, adware, Trojans, and worms. The combination of anti-malware software and a firewall will ensure that all incoming and existing data gets scanned for malware and that malware can be safely removed once detected.
- Keep software and operating systems up to date with current vulnerability patches. These patches are often released to patch bugs or other security flaws that could be exploited by attackers.
- Be vigilant when downloading files, programs, attachments, etc. Downloads that seem strange or are from an unfamiliar source often contain malware.
Spam is the electronic sending of mass unsolicited messages. The most common medium for spam is email, but it is not uncommon for spammers to use instant messages, texting, blogs, web forums, search engines, and social media. While spam is not actually a type of malware, it is very common for malware to spread through spamming. This happens when computers that are infected with viruses, worms, or other malware are used to distribute spam messages containing more malware. Users can prevent getting spammed by avoiding unfamiliar emails and keeping their email addresses as private as possible.
Wetware: The Major Data Security Threat You’ve Never Heard Of
Reference & credit: Forbes article by Adam Levin
Wetware is a term of art used by hackers to describe a non-firmware, hardware or software approach to getting the information they want to pilfer. In other words, people. (The human body is more than 60% water.) Wetware intrusions happen when a hacker exploits employee trust, predictable behavior or the failure to follow security protocols. It can be a spearphishing email, a crooked employee on the take or a file found while Dumpster diving—and, of course, all stripe of things in between. Whatever it is, there’s a human being involved.
The findings of the Ponemon Institute study point to the dire need for better wetware precautions when it comes to the security of health care records. Consider that 40% of the health organizations in the study reported more than five breaches in the past two years.
According to the study, since 2010 “the percentage of respondents who said their organization had multiple breaches increased from 60% to 79%.” Also by no means inconsequential is the fact that medical identity theft—where an imposter uses a victim’s credentials to obtain health care—nearly doubled in the past five years, from 1.4 million adult victims to more than 2.3 million in 2014.
The breaches comprising these figures were not all the size or severity of Anthem or Premera, which combined leaked extremely sensitive personally identifiable information like Social Security numbers, birth dates and bank account numbers belonging to more than 91 million consumers. While the $2.1 million average cost to health care organizations is eye-catching, it involved incidents with an average of 2,700 lost or stolen records, a figure that runs the gamut from Anthem and Premera to breaches that were decidedly on the smaller side.
As Larry Ponemon rightly pointed out in an interview with Dark Reading, while many of the incidents involved the exposure of “less than 100 records,” that in no way trivializes those events. According to the study, “Many medical identity theft victims report they have spent an average of $13,500 to restore their credit, reimburse their health care provider for fraudulent claims and correct inaccuracies in their health records.”
With 91% of the health care companies who responded to the study’s questions reporting at least one incident in the preceding two years, it’s clear that whatever we’re doing to address the health care breach problem is woefully inadequate. What’s more, it is clear that the problem is wetware. Better practices need to become part of the work culture in the health care industry.
When participating organizations in the study were asked what worried them the most (with three responses permitted), 70% said the biggest concern was a negligent or careless employee. That figure was followed by 40% of respondents who thought cyber attackers were the bigger worry and 33% who were worried about the security of public cloud servers. Respondents also cited insecure mobile apps (13%) and insecure medical devices (6%).
With 96% of respondents saying that they had a security incident involving lost or stolen devices, the fact that cyber attacks—state-backed and criminal—are the leading cause of breaches should keep you up at night, but the more terrifying take-away here is that doubtless many of those attacks wouldn’t be possible were it not for the human factor. There is plenty of overlap between the proactive criminal and the clumsy employee to make these figures start to seem like so much digital rain in a lost scene from “The Matrix.”
These days, smartphones and tablets are on the most-compromised or stolen list. Earlier on in the data breach pandemic, laptop computers and desktops were at the top of that list. While it is interesting on some level how the information gets compromised, at the end of the day, a breach is a breach is a breach. Health care industry: you’re all wet.
The bottom line here is that hackers of all stripe are having a field day because the wetware problem has been largely unaddressed, and until people become the alpha and omega of the process that leads to a zero tolerance solution, data breaches will continue apace.
How Do We Protect Ourselves?
There are a number of things we can do yo protect ourselves:
- Install quality antivirus / antimalware software
- Be careful to not click on links you don’t understand
- Don’t open email attachments from unknown senders
- Use robust passwords
Characteristics of strong passwords
- At least 8 characters—the more characters, the better.
- A mixture of both uppercase and lowercase letters.
- A mixture of letters and numbers.
- Inclusion of at least one special character, e.g., ! @ # ? ] Note: do not use < or > in your password, as both can cause problems in Web browsers.
Since robust passwords are often difficult to remember you may consider using a Password Manager.
There are a number of great products out there to help protect your electronic devices. Please install and use them on all devices on your network. Practice good human [WetWare] habits. Use robust passwords on all of your accounts. In this way you can not only protect yourself but protect others you communicate with. Cheers!