Almost nothing is safe from hackers looking to infiltrate and compromise our systems.
Hospital computers held hostage, department stores’ credit-card data stolen, Department of Defense personnel data lost because of a stolen laptop, homeland security at risk because of emails loaded on to personal servers.
These are just a few of the menaces that we often read about in the headlines and that threaten to compromise our computer-based productivity, client data and financial stability.
This article is not intended to make you an expert in cyber security. Instead, the goal is to make you aware of how vulnerable we are and give you some basic knowledge of the different types of attacks we face with today’s networking systems.
It seems everything is in some way connected to the Internet: our phones, home appliances, home-security systems and even our cars. As a result, almost nothing is safe from hackers looking to infiltrate and compromise our systems. We hear and read about malicious software, often called malware. Yet, rarely are we told what malware actually does.
In this section we will explore some of the more common types of malware and what they do. Later we will look at some prevention techniques that can be used to protect your systems.
What is malware?
Malware is any unsolicited software that finds its way onto a computer’s system without the user’s knowledge. It can come in many forms, including adware, viruses, worms, Trojans, spyware, rootkits, backdoors, log bombs, botnets, ransomware, and polymorphic malware.
Adware is a type of spyware that displays advertisements that usually draw on the user’s Internet activity.
Viruses are programs designed to spread from one system to another through self-replication. The activities performed by viruses include data deletion, corruption and alteration. Some viruses that are replicated can spread so fast that they consume entire systems. Viruses usually latch on to a host. The host can be a file or the boot sector of a hard drive. If the virus attaches to the boot sector, it will be activated in the memory when the system is started.
Spyware is code that collects information about users without their direct knowledge or permission. Spyware can be fully malicious if it seeks to gain information to perform identity theft or credential hijacking. Many advertising companies use less malicious forms of spyware to gather demographics about potential customers. However, in either case the user is often unaware that the spyware is present or that it is gathering information that is periodically transmitted back to some outside entity.
Rootkits are special tools that embed themselves within an operating system. If a Rootkit positions itself at the heart of an operating system, it can manipulate information seen by the system. Rootkits that are positioned effectively will become part of an operating system. This makes them very difficult to detect. After a Rootkit has infected a system, it should no longer be trusted or considered secure. There are some Rootkits that cannot be effectively removed.
Trojan malware is designed to look like something legitimate. It tries to trick the user into installing it. Once installed, it has access to what was once a secure system.
Logic Bombs are programs that remain dormant until they are triggered at a specific time or by a particular action to unload their payload. Internet transactions, such as those done through online banking, are the most common targets of this type of program.
Botnet is short for “robot network.” It is used for mass deployments of malicious code that can often lead to denial of service or flooding attacks.
Backdoor is a term used to describe a hole in a network, a computer or, sometimes, a program. The hole allows unauthorized access. Oftentimes programmers will have a special user account or password that they can use to access a system if problems arise. These are called maintenance hooks. Remote-access programs can also be used to open a backdoor into a system.
Ransomware is one of the newest and possibly most dangerous threats we currently face. This code takes over a computer system and holds it hostage. It alters the network data and places an encryption code in each file it can reach. Users are told that they must pay for the encryption key in order to regain access to the files. Hackers will normally ask for payment in a method that is untraceable. This could be in the form of digital currency such as Bitcoin or untraceable money cards such as MoneyPak or Green Dot. Sometimes even after paying a ransom, the files will still be compromised. The only true method for getting files back is from the most current backup.
Polymorphic Malware is code that attempts to avoid detection through changing its signature. The most common way this is done is by encrypting the core code of the malware. Detection software can be defeated by this sort of encryption.
How to prevent problems
Most of the malware discussed here can be avoided by making sure the computers and servers in your network have a current operating system and are otherwise up to date and are patched regularly. Patches are computer updates from software vendors and are usually downloaded.
All systems should have an antivirus and antimalware program loaded locally onto the computers and servers. Those are the last lines of defense should something get through the perimeter defenses.
For perimeter defense, a firewall should be in place to close any unnecessary ports and deny access to the local network. Ports are like gateways or openings to your network.
They are given numeric equivalents to available Internet services. An example: Port 80 is assigned to be the default for general Internet access. Port 80 is normally left open for browsing of the Internet.
Firewalls can be based on hardware or a network. The former is usually provided by a third party. Many emails systems contain spam filtering.
However, the best practice is to use a third party such as Barracuda, Proofpoint or Mimecast. Additionally, there are Domain Name Service providers that can augment your other forms of protection as well any local DNS server you may have put in place. In simplified terms, DNS comprises a series of servers that is used to resolve the full name address (an address that humans understand) to its numeric value.
For instance, when you type in www.google.com your computer really doesn’t understand where it is you want to go, so your DNS provider will translate the information into something the computer can understand. In the case of www.google.com the numeric address is 126.96.36.199.
You can actually type the numeric value instead of the full name address, and it will take you to the same place. The third party DNS service would be placed before the firewall, making it the first line of defense against cyber attacks.
Law firms should have computer-risk assessments done as well as business-continuity plans in place in case a mishap occurs. Last, but definitely not least, every employee at a law firm should be trained in spotting suspicious emails and programs. Many mishaps can be avoided if the staff is kept up to date on the latest cyber threats.
Stay connected and stay safe.