Antivirus software (AV) is designed to detect and block or remove potential malware threats and viruses that arrive, before they infect your system. And most perform according to the promise – up to a point.
Think about this: According to Symantec, in some months up to 60 million new malware variants are generated.
But the teams who are writing antivirus software need to understand how a piece of malware works before they can adapt programs to discover and neutralise it. And in the time it takes for this this process to complete and be disseminated to users, the new virus is out there with no generally available remedy.
The real biggie is this (apologies to the hard core techies out there, this is a business persons’ translation). Antivirus software is basically designed to stop malware and nasty applications being installed onto your computer but more and more of the cyber crooks tools are browser based or RAM based (aka file-less infections) and not traditional “applications” and so never hit your hard drive – so the AV doesn’t get he chance to scan, detect or block/remove it…
A Real and Typical Example
You search on Google for info on a GoPro camera. You end up on a blog that offers a review. There is malicious code on the page because the webserver has been infected – it is likely the unwitting host to a maliciously inserted exploit kit. You’re infected in less than a second and you are completely unaware.
The attackers redirect your browser to a malicious website that hosts their infection method (this is called a drive-by attack). This site then proceeds to scan your browser to see if there are any security holes (unpatched Java, flash, pdf plugin). The scan finds a security hole in your unpatched Java. It drops the payload through the hole in your Browser. The payload then proceeds to do what is was programmed to do:
– Collect your personal and/or financial and/or customer information;
– Encrypt your data and ask for ransom;
– Join your computer up to an anonymous robot workforce.
There are some basic things you can do. Be aware, make your staff aware – more often than not simple awareness, taking care and taking a second to think before clicking AND applying the 4 simple rules below can reduce your exposure.
1. Keep your installed software up to date – yes that means diligently and regularly patching;
2. Don’t install software you didn’t explicitly request;
3. If you are unsure about an email sender, delete it and DON’T click on any image or link contained in it;
4. If you no longer need a piece of software, uninstall it.
Kevin Morgan is a Director at FooForce, a long established Sydney based IT Services and Consulting firm specialising in delivering services and solution to the SME market across Australia and internationally. FooForce are one of a relatively few ISACA accredited providers of formal globally recognised Cyber Risk Review and IS Audit and Risk Assessment services.