January 2019

Welcome to a new year. I wish I had happy news, but I don’t. Poorly prepared organizations could face a punishing 2019, given the number and severity of threats on the radar already this year. If you’ve delayed upping your cyber security defenses for any reason, don’t procrastinate until it’s too late. Chances are you’re already in the crosshairs of a malicious threat and you don’t even realize it. I’ve already received some questions about new threats this year that are both insightful and concerning.

Should we be concerned that the Federal Government is running cyber security ads urging organizations to “Raise Your Shield?”

Yes. This is not a drill. U.S. businesses are at the greatest risk in history, with much of the threats coming from highly sophisticated nation-state hacking groups in China, Russia, Iran and North Korea, whose singular purpose is to breach American organizations. To aid in the process, laws in China and Russia, in particular, allow government agencies to compel (i.e. “force”) firms in their nations to assist with state sponsored hacking efforts.

U.S. government officials, such as William Evanina, Director of the National Counterintelligence and Security Center warn that our nation’s businesses face their most significant threat in history. “Make no mistake, American companies are squarely in the crosshairs of well-financed nation-state actors, who are routinely breaching private sector networks, stealing proprietary data and compromising supply chains,” Evanina says. “The attacks are persistent, aggressive, and cost our nation jobs, economic advantage, and hundreds of billions of dollars.”

What can we do to “Raise Our Shield” within our company? First, I would recommend bringing in a team of outside cyber security experts to assess your networks, systems, defenses and cyber security protocols. This job is simply too big for most in-house groups . . . and furthermore, the repetition of tasks required by in-house teams can lead to common errors. But when inside IT departments are teamed with outside resources, who will challenge internal personnel, the spirit of cooperation and teamwork lead to enhanced findings, superior strategies and overall better security. Once your security team is in high gear, enlist your entire staff, using the five recommends from the government:

1. Strengthen your passwords

2. Lock-down your social media accounts

3. Delete suspicious e-mails

4. Don’t expect privacy when you travel

5. Know who you’re talking with (by phone, through e-mail or by text)

What is “malvertising” and what does it do? Malvertising, at least the malvertising that should concern you most, is a two-pronged cyber attack that secretly infiltrates systems with data-stealing malware before dropping ransomware onto the infected system.

Malvertising downloads are commonly triggered through encrypted ads which redirect users toward two malicious payloads (or types of malware).

The current and most dangerous example of malvertising first drops Vidar, a newer form of malware, onto your system, pilfering passwords, documents, screen shots, browser histories, credit card details, messaging data and even data stored in two-factor authentication software.

Make no mistake – this is a sophisticated, highly-customizable program that operates secretly inside compromised systems, allowing attackers to strip away private and personal information, sending it directly to a command-and-control server.

Once Vidar is dropped onto your system, the malware opens the door for new and frighteningly high-level ransomware known as GandCrab. What makes GandCrab so dangerous is that it is regularly updated to increase its potency and make it harder for security software to detect.

Based on the attacker’s goals and motivations, GandCrab can be used to extort payment, usually by Bitcoin, to unlock captured information, or be used as a decoy simply destroy everything on the infected system.

How can we protect ourselves from malvertising? A simple three-part approach can help keep you safe from malvertising.

First, stay away from Internet Explorer and Flash Player if at all possible. They serve as common transport vehicles for malvertising programs.

Next, keep your systems up-to-date, so security is at its highest. Lastly, use web protection and ad blockers to prevent redirections that trigger a malvertising attack.

What I’ve discussed today is only the tip of the iceberg. So be sure to watch for my monthly column, where I’ll present more strategies to keep you safe and more information to help you make informed choices.