A couple of posts back, we exposed the facts about a particularly unpleasant form of malware. We had to tip our hats to the hackers and cyber criminals of today. Not because we approve of infecting computers with viruses or hacking private information, but because there are some very innovative methods of attacks that they are employing. These tactics are a mix of phishing, social engineering, and technical techniques designed for one purpose: To infect your system and generate as much profit as possible for their creator. Our hope is that this post finds you before they do, so that your organization stays protected.
Without further ado, here are five ingenious malware attacks you should know about!
1. The Drive-by Download
Creatively named for its ability to infect your computer without you even noticing, the drive by download searches for system vulnerabilities, particularly in web browsers. These vulnerabilities typically exist due to apps or add-ons that have not been updated. By exploiting these holes in security, the malicious code can install itself in a system without being detected. Staying away from sketchy websites definitely helps avoid this type of malware, but it is alarming to know that even reputable websites can be infected with this malicious code, capable of automatically scanning for vulnerabilities and downloading itself onto your system. The best solution against these attacks is to make sure that your organization’s software is up to date. Taking a few minutes to go through and download needed updates will take a lot less time than trying to recover systems that have been infected via drive by download techniques.
2. The Unsubscribe Button
Ah, the unsubscribe button. Seeing one in an email is like a white flag from spammers, signifying that they will accept defeat and quit bombarding your inbox. Recipients are often anxious to hit the unsubscribe button. And this is part of the reason why malware attacks are so effectively disguised in unsubscribe button attacks. And, knowing that taking a moment to click a button in order to save the trouble of having to sift through the spammer’s emails in the future feels good, right? Well, there are reasons why you might not want to.
First, you give the hackers information about yourself. You are responding directly to them when you click on the button. So, now they know your email address is active, valid, and that you check it. If unsubscribing requires an email response, they can derive even more information out of the metadata accompanying your email. In fact, unsubscribing could just make you subject to more emails in the future.
Second, an unsubscribe button could be an innocent looking link purposed to infect your computer. By taking you to a page designed by the hacker, you could be subject to an infection via methods such as the Drive-by Download, mentioned above.
3. Have you heard of the “HoeflerText Font”?
We’ve seen the HoeflerText Font Hack making headlines in recent tech news, as well as this article on Forbes. The tactic seems to be a hit lately amongst hackers. This is how it works: You’re browsing in Google chrome, when you unknowingly navigate to the compromised website. A notification pops up, saying that you need the “HoeflerText Font” in order to view the page. It seems harmless, and it makes sense. The webpage simply uses a font that you don’t have downloaded (additionally, HoeflerText is a real font name). However, it’s just a tricky disguise for a dropper that will appear as a “font installer” once clicked. This dropper could install nasty malware on your computer, such as ransomware.
This one is really quite interesting. The scheme was discovered this year in connection with ransomware infections. Cyber criminals use it in an attempt to extend their reach as far as possible by offering ransomware victims an alternative to paying: Infect two other systems, and your system will be decrypted for free. Its an ingenious plot to manipulate their victims to work for them. While we would hope that nobody would attempt to infect others in order to save him or herself, this new method goes to show that hackers will stop at nothing to infect as many systems as possible. It also shows that care should be taken with every email, even from known sources. Malware attackers are very deceptive, and could even trick a friend into infecting your computer with the popcorn method without them understanding what they are doing. Here’s an example:
5. Malicious Apps
The extensive growth in the use of mobile devices is accompanied by a growth in mobile security threats. Besides email, phishing, and other social engineering attacks, hackers have heavily exploited app stores as a method of infecting devices. For example, security experts recently discovered 132 infected Google Play Store apps. This is concerning because mobile device users generally assume that all applications coming from built-in app stores are safe. In this case, the app developers themselves were unaware of the malicious code residing in their applications. The apps were actually infected during the e development process, meaning that the applications were hacked even before they were released. A tiny Iframe was discovered in each of the 132 apps, which was designed to connect to a remote server and download another payload – which could contain anything. Luckily, most of the apps were discovered before large-scale damage was done, but many of the apps had up to 10,000 downloads. This goes to show that care needs to be taken even when downloading from reputable sources, especially in a workplace where the use of mobile devices and BYOD is as popular as ever.
Build Your Defenses
Cyber criminals will undoubtedly continue to evolve their tactics and exploit weak systems and defenses to their advantage. The battle to keep your organization’s systems safe takes place on two fronts: your knowledge and your preparedness. By staying up to date on the latest security threats, your organization can learn from others’ mistakes–without having to make them. Additionally, company systems must reflect that knowledge. By protecting data entry sources (such as email), and creating effective, secure back ups, you can ensure that you and your company will be protected from the majority of malware attacks.
Micro Focus SecureWeb Gateway protects your organization in one of the most vulnerable fronts to malware: email. A survey by Malwarebytes found that 46% of infections came from email. Secure Web Gateway protects your email systems by preventing dangerous emails from ever reaching your mailbox. Secure Web Gateway scans for viruses in the subject, body, and attachments of an email. If the attachment contains a virus, the email message will be stopped at the gateway. If the body or subject of the email contains a malicious link or a virus, the email is blocked. With thousands of definitions updated frequently, your protection is ensured. Secure Web Gateway’s intuitive web interface provides easy access to tools, including exceptions, text filters, quarantine, and administration. These tools make for the most customizable, effective, and easy to use antivirus service on the market.