Part 3 – Malicious codes, malicious insiders and denial of services
In the last two articles of this trilogy, we looked at the types of IT attacks that business owners should be wary of, covering threats from phishing to theft of devices, not to mention viruses, worms and those evil Trojans. But while we’ve covered most of the main bases, we’ve barely scratched the surface when it comes to the sheer number of threats out there. According to antivirus software developers McAfee, new malware is being released at the rate of around one file every second. So it’s little wonder those fighting the problem face an epic challenge keeping up. And these huge numbers of IT attacks are losing Australian businesses like yours a great deal of money.
The Australian Crime Commission estimates that cybercrime now costs the country more than a billion dollars each year, with small and medium businesses being most at risk. What’s more, these attacks are common – in a survey from Ponemon which looked at figures from 30 average Australian companies, some 47 successful attacks a week (up from 41 in 2012) were reported. Clearly cybercrime is a big and growing problem.
But don’t lose hope. Yes, the online world is becoming scarier than ever but, as they say, “forewarned is forearmed”. If you know what risks you’re facing out there, you have a better chance of countering them. So let’s look at the final three threats on our list.
Malicious Codes – the evil spells of the online world
Malicious code describes a code or software type that was created with the intention of causing damage, unwanted effects, or security breaches. These malicious codes can be delivered by viruses, worms and Trojans. More worryingly, they can be picked up on legitimate websites where the content has been altered to hide malicious code and other nasty surprises.
Malicious codes are made by hackers and programmers to gain access to certain files or cause disruption on your networks, and very often they will be made to attack a single company. The code could enter your system as an email attachment or when you’ve visited the infected website. They also come in the form of scripting languages, plugins from your browser, or even Java or ActiveX, programming languages that are created to enhance web pages.
And, as these are often tailored, unknown pieces of coding, few standard IT protection systems will spot them. Unlike other types of malware or viruses, malicious code can activate itself and most victims don’t know anything about it until it’s too late. And once activated, malicious code won’t just affect a single computer; it infects networks and spreads itself, via emails, to steal passwords or delete data files, and do even greater damage.
Malicious code can’t usually be caught by traditional anti-virus software. However, if you’re using a new browser, unsigned plugins won’t run automatically on that browser. You need to manually accept them with a click. And if you are ever prompted to accept any unsigned plugins, well we’d strongly recommend against it.That said, you should still also apply the usual procedures that help keep you safe from malware. Use firewalls to control network traffic between computers and the internet, stay vigilant and don’t paste suspicious-looking links or text into your address bar, keep your browsers up-to-date, and if something seems suspicious then don’t click. Remember, if a deal sounds too good to be true, it probably is.
Malicious Insiders – the enemy within
We keep telling you that there’s a lot of danger out there on the internet, but small and medium-sized businesses can face even more serious threats from within. Yes, somewhere among your seemingly loving and loyal staff sits someone who could bring your company tumbling down. It could be someone who bears a grudge, sees a way of benefitting themselves financially, or is planning to leave and start a similar business with your contacts, codes and templates. An IT attack by an insider can be the most devastating attack of all, as you’re not just having your systems compromised but your trust shattered by a member of staff who you may even have considered a friend, especially if the business is small. What’s more, firewalls, anti-virus software, and intrusion detection systems won’t be any help to you at all. After all, in many companies, employees will all have access to confidential data, files and accounts. The extent to which insider attacks are so much more damaging is shown by the figures. In Australia, attacks by insiders or staff can take up to 51 days to contain and solve, compared with outside attacks that on average take 23 days to contain. This is because insiders know what they are looking for and where the juiciest data is, and they probably have the passwords to get at it.
Malicious insiders are a problem that needs more than IT to combat. You need to put policies and procedures in place. Even smaller companies can compartmentalize so that not everyone has IT privileges everywhere. Have strict password policies in place and track the use of any privileged accounts. Screen and carry out background checks on people you are interviewing for positions, and consider malicious insiders in your company risk assessment. Make sure you monitor and respond when behaviour seems suspicious, stay on top of people’s work problems, and deal properly with issues that cause bad feeling or resentment.
Do remember, though, that most people are trustworthy most of the time, and you don’t want to create an atmosphere of suspicion. But if you do have to let someone go, deactivate their computer access immediately following their termination.
Denial of Services – a business under siege
A Denial of Service (DoS) attack can be one of the most frustrating IT attacks of all. Basically, it shuts down your networks, making it impossible for people to use your services. That means that, if you’re selling things online or taking booking or appointments, no legitimate customers can access your site or sales page – and they’ll soon go elsewhere. The attack can also stop staff and account holders from accessing the services they need. DoS attacks work by flooding the target with traffic, causing it to crash or run so slowly that it becomes unusable.
DoS attacks are unlike malware attacks in that they don’t try to breach your security systems and steal data directly, but instead make your services inoperable. Such attacks are often used by people trying to make a point – activists, for example. It is also a process used for simple extortion, or even by unscrupulous business owners looking to cripple their competition. If the denial of service goes on for a long time, you can lose revenue and customer trust, and your long-term reputation may never recover. DoS attacks happen in two ways: either with one attacker flooding your servers so they have too much traffic and grind to a halt, or by way of an attack from many machines in what’s called a Distributed Denial of Service attack, often carried out via botnets.
To protect against a DoS attack, it is being wary that counts. You need to monitor your internet traffic to see if there are unusual patterns, spikes, or visits from suspect IP addresses that show someone could be testing your systems. You can also have a third party conduct a Pen Test to simulate an attack on your computer system, network or web applications and find vulnerabilities that an attacker could exploit. It is well worth testing against a variety of attacks, in order to ensure readiness. It is also important to have a plan and response team in place at all times, so that you can minimize the impact should a DoS attack take place. In addition to the IT team, include all staff members from your customer support and sales departments, to ensure that everyone knows their role.
Vigilance is the key to staying safe
This brings an end to our three-part blog about IT threats faced by small and medium-sized businesses. As you’ll have noticed, there are a lot of monsters out there, and new malware beasts are being created all the time.
Eternal vigilance is the best weapon you have to fight hackers attacking you with viruses, malware, worms or malicious coding. Be careful what you are doing online, and always think before you click. Of course, technology can help protect your organisation, but only if it is upgraded and tested regularly. Make sure that your firewalls are in place and that anti-virus software is upgraded as new updates come out.
Training, too, is a tool that lets you fight the darker sides of the net, so hold regular workshops for staff on the likes of phishing scams, using social media safely, and how to check suspicious links. And keep up with IT blogs that can warn you of the new risks out there. If you’re careful, don’t get complacent, and keep your IT fighting fit, the chances are you, your staff and your business will enjoy your very own happily ever after.
For any information or tips about keeping your business IT safe from attacks, call the experts at Empower IT, who’ll be glad to help out.
Part 1: IT attacks – Malware, viruses and botnets
Part 2: IT attacks – Stolen devices, phishing and web-based attacks