Mitigating the Risk of Malware Infections

malwareinfection.JPG

Malicious software, known as malware, is a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system or of otherwise annoying or disrupting the victim.

The following is a list of the different types of malware:

  • Adware is software that displays unwanted advertisements to a user, often via pop-up windows or banners in web browsers.
  • Ransomware is software that attempts to extort money from victims by restricting access to a computer system or files. The most prevalent form of this profit-motivated malware is crypto-ransomware, in which file are encrypts and can only be decrypted with a key held by the malicious actor.
  • Rootkits provide root-level/privileged access to a targeted system, allowing the threat actor to initiate a variety of malicious activities. Rootkits are notoriously hard to detect and remove. 
  • Spyware is software that covertly gathers user information without the user’s knowledge. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else.
  • Trojans are computer programs that appear to have a useful function, but also have a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program. 
  • Viruses are computer programs that can copy itself and infect a computer without permission or knowledge of the user. A virus might corrupt or delete data on a computer, use email programs to spread itself to other computers, or even erase everything on a hard disk.
  • Worms are self-replicating, self-propagating, self-contained programs that use networking mechanisms to spread itself.
  • Logic Bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.

Malware infections may not only cause adverse impacts to an organization’s operations but, depending on the breadth of the infection and the criticality of the systems impacted, they can also result in risks to health and public safety, revenue loss, legal consequences, and reputational damages.  All organizations are advised to ensure they are employing proactive measures to help prevent, detect, respond to, and recover from malware incidents. Please see below.

cyber-security-1915628_640.png

PROTECTION AGAINST MALWARE
As technically feasible, deploy anti-malware software on all endpoints capable of running anti-malware software including, but not limited to: laptops, desktops, servers, tablets, and smartphones.

  • Configure anti-malware software to perform periodic scans of the endpoint and real-time scans of all files from external sources as the files are downloaded, opened, or executed;
  • Configure anti-malware software to quarantine any malicious code detected and to send an alert to the organization’s IT service desk and/or information security team;
  • Configure anti-malware software to automatically apply and keep current with anti-malware vendor updates;
  • Ensure anti-malware mechanisms are actively running and cannot be disabled or altered by users; and
  • Configure anti-malware software to maintain an audit log of all anti-malware software activity.

 
ADDITIONAL SECURITY MEASURES

The information below is a non-exhaustive list of additional security measures organizations can implement to decrease their cyber risk.

  • Keep software and hardware updated with the latest security patches and updates.
  • Implement a backup strategy that includes scheduled backups of data and critical system files.  Test backups regularly and consider maintaining multiple backups in different locations for redundancy.
  • Implement network segmentation to isolate critical systems on a network and reduce the impact of a cyber incident.
  • Follow the Principle of Least Privilege for all user accounts and services, ensuring permissions are not granted beyond what is necessary for their work role, and enable User Access Controls (UACs) to prevent unauthorized changes to user privileges.
  • Implement a Defense-in-Depth cybersecurity strategy, establishing barriers across multiple layers of the organization.
  • Disable all unnecessary ports and services as they may be used by malware to propagate to other systems within the organization’s network.

 
The NJCCIC’s Statewide Information Security Manual includes a robust set of strategic and tactical policies, procedures, and standards that can be implemented to strengthen information security. Organizations are encouraged to review and adopt the Manual’s guidelines to enhance their security posture.

REPORTING

The NJCCIC requests organizations to notify us if a malware infection or unauthorized access is discovered on your network. Organizations can notify us by submitting a Cyber Incident Report or calling 609-963-6900 ext. 7865.