In recent years, cyber attacks on companies by malware have become more sophisticated and sophisticated. It is necessary to acquire basic knowledge on a regular basis and prepare countermeasures in case of infection. This article explains basic knowledge about malware, how it differs from viruses and ransomware, what to do in case of infection, and measures to prevent infection.
Malware is a term coined by combining malicious (meaning malicious) and software (software), and is a general term for malicious software created with the intent to operate in an unauthorized and harmful manner.
Viruses are malicious programs that propagate themselves by inserting code into other programs. Ransomware is a malicious program that encrypts files on an infected computer, rendering them unusable, and demands a ransom in exchange for their restoration. Both ransomware and viruses are types of malware.
→Related Article] What Happens if Infected with Ransomware? What should companies do?
This section describes the specific damage and risks to a company if an employee's computer or other device becomes infected with malware.
When it is discovered that a computer has been infected with malware, it is necessary to take immediate action. The initial response to prevent the infection from spreading further, the investigation of the infection route and damage, and other urgent tasks require costs and human resources, which can put pressure on normal business operations.
It is difficult to avoid malware infection completely, but an incorrect initial response can lead to a situation that becomes known outside the company. Inadequate response to information leaks and insufficient information provision to customers and business partners can also lead to a loss of trust.
Some of the most malicious malware encrypts files so that they cannot be opened. In the manufacturing industry, production lines can come to a halt, and in hospitals, systems related to electronic medical records and reimbursement can be affected, making it impossible to continue medical treatment. Not only would this cause economic loss, but it would also damage trust.
In addition to losses due to business stoppages and loss of trust, there are also legal risks depending on the data handled. If the infection causes a breach of privacy or leakage or misuse of personal information, the company may pay fines if it is legally liable.
The following is a description of the most common types of malware.
A computer virus is a malicious program that propagates itself by inserting code into other programs. They are named viruses because they cannot exist on their own, but rather alter parts of a program to create an alter ego and propagate in a form similar to that of a disease infection.
Ransomware is a term coined by combining the words "ransom" and "software." It is malware that encrypts files on an infected computer, rendering them unusable, and demands a ransom in exchange for their restoration. In recent years, ransomware that threatens to disclose stolen data if the ransom is not paid has also become popular.
Worms are another type of malware. It is named "worm," meaning "insect," because it does not need another program to serve as a host and can exist on its own.
Spyware, as the name suggests, is malware that looks like a spy. It is installed on PCs and other devices without the user being aware of it, collecting and leaking the user's personal information and passwords. Companies with a large amount of customer information especially need to take countermeasures.
There are several infection routes of malware, but we will introduce some of the most common ones.
URLs and attachments in e-mails are the most typical infection route. They are disguised as file names or file extensions that may be relevant to the business, and when clicked on, malware is executed and infection occurs.
You can also be infected by browsing malware-infected websites. In many cases, the infection may go unnoticed, and the risk of infection increases when using bulletin board sites or illegal video sites outside of work.
There is also a risk of infection when installing software. There are various cases where software is made to look like common items or installed together. Be careful when installing free software, such as making sure the site you are downloading from is a trustworthy site.
Inserting an external storage device such as a USB flash drive into a computer or other device can cause malware hidden in it to be automatically executed and infect the device.
Using software or services that allow file sharing with an unspecified number of people can result in the unintentional introduction of malware that can infect you.
This section describes measures to prevent the risk of malware infection.
The use of EPP anti-virus functions and EDRs is the most typical method of preventing infection. Functions vary by product, including malware detection, identification, removal, and quarantine. Some can be used online, but make sure the functions are available offline, as they must be shut off from the network as soon as the infection is discovered.
Operating systems are often found to be vulnerable after their release, and continuing to use an older version is the same as leaving vulnerabilities found in the past unchecked. It is very important to regularly update your system and keep it up-to-date to prevent malware.
Malware infection via e-mail and websites can be prevented through employee IT literacy. Regularly raise awareness and alert employees through security training and simulated infection drills.
To prevent malware infection and its spread, establish and thoroughly enforce internal security systems, such as prohibiting the bringing in and use of personal USBs and mobile devices, setting password change periods, and setting up VPNs.
Initial response to malware infection requires extreme caution and prompt handling. It is effective to consult in advance not only with your own security department but also with outside specialists.
This section describes what to do in the event of a malware infection.
There is a risk of infection spreading to other terminals connected to the same network, so quickly disconnect the network by unplugging the LAN cable in the case of a wired connection or turning off the Wi-Fi connection.
Unless you are a security expert yourself, it is dangerous to solve the problem on your own. Promptly share the incident with the person in charge within your organization.
Consult not only your own security department, but also outside specialists. This will enable you to take appropriate action as soon as possible and minimize the damage.
Security software will detect malware. A full scan can take nearly half a day. Do periodic scans depending on how often the device is used to reduce the time to detection.
It is necessary to identify which systems were affected, how they were accessed, and what data was compromised. Thoroughly scan the company's terminals to determine the attack methods and intrusion routes, and further investigate each infected and suspicious terminal individually to determine the details of the damage and the cause of the infection.
Malware detected by security software can be immediately quarantined and removed. If the malware is a file that you have manually downloaded, you can delete it. If the problem persists, initialize the device.
Since initial response to malware infection requires extreme care and prompt processing, we recommend using a professional service. Cyber Security Investigation Package, which is recommended by several insurance companies.
This is an effective solution for initial response that includes the minimum necessary investigations to respond to a cyber attack, such as EDR investigations and dark web investigations, in a single package. Additional investigations, such as Wi-Fi vulnerability investigations, NDR investigations, and penetration tests, can also be conducted. For companies that do not have personnel with specialized knowledge, concerns remain about the speed and expertise of contingency response. Based on the know-how gained from our overwhelming track record, FRONTEO will support your initial response to cyber attack damage.
→ [Related Article] Cyber Security Survey Package "Cyber Security Survey Package" service website
→ Contact FRONTEO for cyber security inquiries