Malware goes to College

Malware goes to College

A little while ago, I wrote on this Blog about the threat that the form of malware known as Ransomware poses to our online security. Now I want to focus on the particular threat that Ransomware poses to universities.

I’m thinking of a recent case in which one prominent university fell victim to this menace, with worrying results. When the Ransomware infection hit the university in question, it locked down exam results shortly before they were due to be announced. No decrypter could be found for the specific infection, but the university had, fortunately, digitally backed up all of its exam results by recording them on excel spreadsheets. This allowed the administration to painstakingly reconstruct the locked-down results, but the announcement of those results was delayed for almost one month.

Backing up or Backing Down?

Depending on I.T. and administrative procedures, the consequences of Ransomware attacks can vary widely from one university to another. A recent attack on the University of Calgary in Alberta, for example, compelled that institution’s authorities to pay a ransom of $20,000 to have their computer systems files decrypted. The ransom had to be paid, simply because the university had failed to properly back up its data. This must be one of the most expensive lessons ever learned at any university.

Securing the University in a Risky Environment

Unfortunately, the bigger picture is worrying. Ransomware threats are constantly increasing in number and becoming ever-more sophisticated. What should our universities do to avoid getting “system infected” warnings due to Ransomware activity? One highly recommended precaution is to use automated and isolated backup mechanisms, together with an Intrusion Detection System (IDS) both at network level and for critical assets. An IDS is a powerful resource in the battle against Ransomware, because it provides specific insights into any potential threat. The AlienVault Unified Security Management (USM) platform may be especially desirable, because it has inbuilt IDS with SIEM (security information and event management) and real-time threat intelligence. Both of these features can help in the rapid detection of Ransomware and other threats.


What Is the Stegano Exploit Kit and How to Avoid It

What Is the Stegano Exploit Kit and How to Avoid It

Avoid Stegano – Just Don’t Click

Think twice before you click on any adverts while browsing your favourite websites. The latest malicious software has been found embedded in banner adverts on high profile news and information sites.

Stegano – the Exploit Kit That Takes over Your System shimon sheves - cyber

Traditional viruses have been known to exploit local systems, infiltrate files and even corrupt hard drives. Stegano takes cybercrime one step further by distributing a malicious software exploit kit called DNSChanger in your computer. This infamous code kit made its first appearance back in 2012, infecting millions of computers.

How DNSChanger Works to Cause Mayhem

As hinted by its name, once it has infiltrated your computer this vicious exploit kit works by changing DNS server entries and pointing them at servers that are controlled by the cyber attackers. In other words, once your computer is infected, you may think you’re going to your daily news site, or social media website, but in actuality, you’re being redirected to a fake site where your personal information may be compromised.

It Gets Worse…

The combination of Stegano and DNSChanger also enables attackers to gain control over your unsecured routers. So far we know of more than 166 models that are vulnerable to the attacks. Makes that have been affected include: D-Link, NetGear, COMTREND ADSL Router and Pirelli. Once the virus is in your router, all devices connected to it – tablets, phones, gaming consoles, etc. – are in danger. Though the scope of the damage caused by the Segano-DNSChanger combo is yet to be uncovered, previous attacks have been known to infect over a million devices per day.

How to Protect Yourself Against Attacks Shimon Sheves - firewall

First of all – do not click on ads and banners, no matter how legitimate they seem, no matter how trustworthy the site hosting them is, just don’t. Next – make sure that your router software is up to date and ensure that your router password is strong enough to withstand a brute force attack. You could also try disabling your remote admin settings and updating or changing your local IP address to help combat any malicious software gaining entry to your system.