Malware is big business for cybercriminals. Among the problems are that it is an ever-evolving industry. Attackers will evolve certain malware families to help avoid detection and also to increase their time to operate.
Below are the top 5 malware hits projected by internet security companies for 2017. We’ve included our tips for helping you avoid these attacks in your own company.
- Ransomware: it’s not going away
2016 was an unprecedented growth year for ransomware. Since it was so successful last year, it’s likely to be a hot target for 2017 as well. Everyone asks the question, “Why would anyone pay for ransomware?” but the reality is, once your files are locked, it’s likely that you’ll pay as well even though we recommend against it. Protect your company from becoming a victim by:
- Having a predictable updating schedule for antivirus software across your network
- Run reminder campaigns for employees about phishing – those ZIP files and attachments could trigger ransomware
- Establish a backup of all data elsewhere, whether you use cloud-based backup or on-site
- Ad fraud: Facebook ads are more than just fake news
Cisco has released its 2017 Annual Cybersecurity Report, part of which addresses attacker behavior and lists ad fraud as the third most commonly observed malware.
From the report: “Facebook scams, which include fake offers and media content along with survey scams, ranked third on our list. The continued prominence of Facebook scams on our list […] highlights the foundational role of social engineering in many cyber attacks.”
- With the rise of bring-your-own-device (BYOD) in the workplace, it’s likely that employees will go online for personal use.
- Your people are your biggest line of defense against malware. Educate, educate, educate. Give common examples of ad fraud links.
- Paul Kubler, in this interview from Digital Guardian offers this advice: “Companies should employ at minimum a bi-annual training geared towards each user group (end-users, IT staff, managers, etc.) so that everyone is aware of the latest attacks.”
- Botnets: small size, but countless operations
These armies of private computers have been around the malware scene for years. But they stay around because they’re effective. In the internet security company Malwarebytes’ State of Malware Report 2017, they attribute botnets’ effectiveness “due to a botnet’s small size, ability to hide, and ability to execute an innumerable amount of operations.”
- Your computer can become part of a botnet without your knowledge.
- How to stay out of a botnet’s grasp: Don’t click on suspicious links. Don’t download attachments that you didn’t request. Keep your antivirus software up-to-date. Avoid those internet ads that say your computer is infected – those are malware.
Phishing emails send very convincing-looking requests to your inbox. Many are titled with information about an invoice, payment, confirmation or purchase order or shipping information. You might be prompted to update a password or security question on your financial or banking website – but in reality it’s a false webpage just looking to steal your information.
- Keep your applications, browsers and software up-to-date. Most patches or updates are happening because of known vulnerabilities that hackers are already exploiting. Don’t put off those updates.
- Malwarebytes warns against macro scripts as well. “Another method that became popular again in 2016 included the use of macro scripts inside of Microsoft Office documents (.docx, .xlsx, etc.), which would execute once the user opened the document and enabled macros.”
- Android malware
Malware targeting the Android OS is nothing new for the threat landscape. The State of Malware 2017 Report mentions that a “notable trend in 2016 was the increased use of randomization used by malware authors in an attempt to evade detection from mobile security engines. This has resulted in an increase in the amount of Android malware being detected.”
- Android Trojans have moved into the top 10 malware trends.
Cisco said it best in its recommendations. “The message for individual users, security professionals, and enterprises is clear: Making sure that browsers are secure, and disabling or removing unnecessary browser plugins, can go a long way toward preventing malware infections. These infections can lead to more significant, disruptive, and costly attacks, such as ransomware campaigns.”
Taking these simple steps will not block your company from any harm. But it will go very far to protect your exposure to the most common web-based threats. For the most part, malware doesn’t work without employees playing along. It’s the education of your workforce that will protect your brand, your reputation and ultimately your bottom line.