Malicious Downloads - Be Mindful!

Malicious downloads can cause havoc in IT. This type of software is engineered to cause maximum penetration to IT cybersecurity defenses and is a real, constantly developing threat. In light of the large malware payload delivered via the dark web last week, we thought it might be a valuable reminder to look at the cause and effects of these downloads, as well as discuss some options for both threat prevention and recovery.

WHAT IT IS

Generally, malware is described as any software designed to inflict harm on an IT system. The targets are as varied as the methods, but include networking architecture, PCs, servers, IoT devices (such as smart TVs and appliances) and mobile devices. More specifically, the most dangerous malware usually attempts to extract access information, financial information, or control of systems. This category (and article) admittedly ignores categories of attacks such as Denial of Service (also called a DoS, which attempts to bring services offline by overloading internet packet traffic). Attacks such as DoS are interruptive and can cause damage via lack of access, but do not rise to the level of threat that a bad actor with “keys to the castle” brings.

The attack referenced above relates directly to the topic of malicious downloads and falls firmly into the category of “most dangerous” types of malware. In summary, a collection of over 100,000 trojan horse files (in this case a Remote Access Trojan or RAT) was released to the public. The idea behind a trojan horse is that a file or utility is disguised as something it is not: in this case, most of these documents pose as business-related items including templates, forms, and finance items. Utilizing search engine optimization (SEO) techniques, the dark plan is to trick an unsuspecting user into using a search engine such as Google to find the file and open it, which will then do much more than provide a simple template. You can read more about this malware release here.

HOW IT HAPPENS

The most common technique for malicious downloads occurs via phishing. With work-from-home being much more commonplace than even 18 months ago, more documents are emailed than ever. (After all, it is no longer as simple as walking over to a co-worker’s desk to accomplish a task for many types of workers.) As such, getting a PDF or other communications file via email is far from abnormal on its face. In many phishing attempts, an even more targeted view will be taken. This is called spear phishing, and often identifies a sender as being within the organization, such as a boss’s name and email or a general name such as “hr@yourbusinessname.com”. You can read about some of the headaches of phishing in this previous article.

The SEO technique is arguably even more devious. As noted, in this specific situation, criminals are attempting to use a search engine’s optimization against it: by scoring well on, for example, Google’s rating algorithm, a business-related search result for “Accounts Payable Receipt Template” may actually link directly to malware. Since the user was searching for and navigated to the link him/herself, the warning bells may not be ringing as loudly as if the download was solicited (such as the case with email phishing).

HOW TO PREVENT IT

This sounds scary. How can a business operate like this?

It certainly can be scary, but luckily there are a multitude of layers of defense that can greatly reduce risk of malicious downloads becoming a problem. (A quick note: it is virtually impossible to remove risk, although it is possible—and frankly not all that difficult—to make a breach exponentially more difficult. Still, anyone who touts complete risk removal is likely not sharing the full truth and his/her advice should be taken with a grain of salt. A few grains of salt. In fact, just keep the saltshaker nearby.)

Human Training

Perhaps the most basic step is to ensure a business or organization’s employees are trained in what to look for. After all, it is very difficult to know what to look for if an employee has no frame of reference. Unfortunately, ignorance here can be very costly in terms of time and money.

There are several options that businesses and organizations can choose in preparing their workforce. Many firms will choose to have a mandatory training, whereas others may have some kind of practical exercise or in-house conferences on IT security.

We recommend using a service to provide both education and on-going training. Through our partners at KnowBe4 and Bullphish, the correct solution for your organization and budget can be found.

Virus Scanning

Hopefully, in 2021, an “of course we need to” solution, Anti-virus software is a key component in prevention (although no longer as large a solution as it formally was—primarily because most malware will be engineered to confuse or obfuscate anti-virus processes).

At Certified CIO, we deploy Webroot to all of our managed IT customers. Webroot serves as a traditional anti-virus, but as well includes a product called Evasion Shield. Evasion Shield improves the efficacy of Webroot by detecting and blocking scripts emanating from malicious downloads. Additionally, Huntress offers Managed Detection and Response, working internally and externally relative to an IT system to add additional layers of cyberdefense.

Both of these products are included in our Certified CIO Managed Services support packages.

MFA

Multi-factor Authentication is an additional layer of defense, and an effective one. MFA requires an additional input from an authenticated user often via mobile app, biometrics, or physical token to ensure the person logging in is indeed the person who should be logging in.

Certified CIO integrates with Duo MFA for MFA due to its ability to “play well with others” with regards to various software needs and architectures across our customers’ systems. We encourage all end customers to incorporate MFA into their policies due to its exponential security gains.

Zero Trust Policies

Having zero trust policies as a mainstay of an IT approach is important. This harsh sounding term basically means that an application must be approved to allow execution. This strict set of controls is very helpful in corralling rogue software and malicious downloads before it has a chance to do its intended harm. This can be a delicate balance, as most often the new installations will be intended and benign…but unfortunately it only takes one bad apple to really spoil the day.

Certified CIO uses Threatlocker for this, a tool that features AI to learn normal behavior of end users prior to its activation. This means that the software is aware of what a user normally does and which apps are expected to be used. In the event that an unexpected app is installed, Threatlocker will stop the execution and create an alert that will be checked by a technician in real-time and approved, disapproved, or inquired upon. This admitted inconvenience is minor and rare, but again the payoff is that no programs will be executed without the system’s knowledge and IT staff approval. We are currently engaged in the learning process for this tool, with roll-out happening on a controlled basis. Again, this is provided at no additional cost to our Certified CIO Managed Services customers.

HOW CAN MY BUSINESS OR ORGANIZATION GET THESE PROTECTIONS?

This is the easiest of all to answer: by joining the Certified CIO team and opening your doors to increased IT value, security, and productivity. Click the Contact Us button for more information!

Tabbie Coulter

great professional service and very timely!! would highly recommend for your IT needs.

Jessie Palma

I love this company. They have soo much talent there and they always fix it so quickly! They are very professional and courteous! I've gotten to know some of them because we treat each other like human beings :) It's like having an extended family.

Fernando Perez

Awesome management! Great company.

Joseph Silbaugh

I needed to add an older laptop to the business account for my use on the road. CIO did everything remotely for me. It made the task so easy. They updated everything, added my office 365, my 3 emails and checked everything. Great job, quick and efficiently no stress. I recommend them highly

Kay Westerhold

Always a quick response. Issue solved and can continue on with the task every time. Great job CCIO!!

Bill Fissell

The service was prompt, friendly and knowledgeable. Could not ask for more than that.

Kevin Slack

Upgraded our router with Comcast. It did not go smoothly until Steve Plumlee got involved and got everything working well. When Steve is working on our IT issues, they get resolved. Amen.

Hickory Falls Family Entertainment Center

Thanks for going more in-depth with your engineers and investigating solutions and resolving some of our email challenges.

Bill Moorman

Certified CIO is a smart, professional and friendly team of engineers to work with. I am a bright person but computers can make me feel incompetent. The team at Certified CIO never allows you to feel awkward even asking the most basic questions. You have been a lifeline many times. Thanks for your support.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Better IT for Business. Call Today!
(717) 340-6000
(443) 283-0666

Malicious Downloads – Be Mindful!

WHAT IT IS

HOW IT HAPPENS

HOW TO PREVENT IT

Human Training

Virus Scanning

MFA

Zero Trust Policies

HOW CAN MY BUSINESS OR ORGANIZATION GET THESE PROTECTIONS?

Better IT for Business. Call Today! (717) 340-6000 (443) 283-0666

Malicious Downloads – Be Mindful!

WHAT IT IS

HOW IT HAPPENS

HOW TO PREVENT IT

Human Training

Virus Scanning

MFA

Zero Trust Policies

HOW CAN MY BUSINESS OR ORGANIZATION GET THESE PROTECTIONS?

Share This Story, Choose Your Platform!

Better IT for Business. Call Today!
(717) 340-6000
(443) 283-0666