November 3, 2016

    3 Ways You’re Opening Up Your Servers To Internet Viruses

    Internet viruses are no small thing. If you think your company can’t experience serious consequences from a cyber infection, think again. They’re dangerous, they’re costly and they could be happening right now if you don’t have the proper protocols in place to ensure prevention.

     

    1. Malvertising

    If any of your employees are surfing the Web, they’re vulnerable to this form of cyber threat -- the kind that infects unsuspecting users by embedding malicious code in online ads. Malvertising is difficult to fend off because it can be found on many trusted websites that use third-party advertising services.

    Make no mistake: Malvertising is a very real, very dangerous attack, and your company is susceptible to its consequences. An employee doesn’t even have to click on the ad or mouse over it. Just being on the website that contains the harmful ad puts them at risk of infection.

    “Piggybacking on rich advertising features, malvertising offers persistent, Internet-scale profiling and attacking. The sheer size and complexity of online advertising -- coupled with the Byzantine nature of who is responsible for ad content placement and screening -- means attackers enjoy the luxury of concealment and safe routes to victims, while casting wide nets to reach as many specific targets as possible.”

    It’s critical to ensure that you keep your servers safe from this type of cyber attack. A recent Forbes article provides four steps you can take to protect against malvertising:

    1. Install an antivirus program that will identify and neutralize exploit kits, or install a program like Malwarebytes’ Anti-Exploit. These programs monitor browser and plug-in operation and block exploit kits that are probing for security vulnerabilities.
    2. Uninstall browser plug-ins you don’t use, and set the rest to click-to-play so that you get a message or icon on the screen when you load a webpage that wants to load a plug-in. Browser plug-ins, especially Java and Adobe’s Flash, are usually the most vulnerable elements in your system.
    3. Make sure your browsers, plug-ins and operating systems are kept up-to-date. Out-of-date versions almost always contain security vulnerabilities, and the exploit kits will find them.
    4. Install an ad blocker, but be aware that ad blockers won’t eliminate all malvertising. Also, many ad blockers block a lot more than ads, and they can break a website by blocking necessary content.

    2. Email

    If an employee receives an email that contains a hidden Internet virus, the effects can be detrimental and widespread. The following types of viruses spread through email pose a significant threat to all kinds of businesses:

    • Attachment -- This is the most prevalent category. A virus program is attached to an email and concealed with a deceiving name and/or message that tricks the recipient into clicking.
    • HTML or "active content code" -- In this scenario, virus code is written in a software language and executed when the recipient opens the message to read it. It can even be launched by opening the message in a preview window.
    • Multipurpose Internet Mail Extension (MIME) -- The attacker overloads the email "header" with information, and the overflow of information goes into the memory to run programs, so the virus can run unnoticed.

    To fully understand how detrimental these email viruses can be, check out the following examples from a recent Science Alert article, which details some well-known viruses that have had major effects on company servers over the years:

    • Melissa, from 1999, used a Word document attachment to load up porn sites and forward itself to more email addresses through a macro. When it hit, it caused an estimated $80 million in lost productivity and clean-up costs.
    • In 2003, SQL Slammer almost literally broke the Internet. And this time, there was no social engineering involved. Instead, the virus targeted data servers held by major companies, fooling them into giving it access to their systems, before sending itself out to other computers from its new host. The snowballing effect of more and more servers getting infected overloaded whole sections of the Web, causing an estimated $1.2 billion in damage within the first five days.
    • Storm Worm, from 2007, used a link inside an email instead of an attachment. Once the link was clicked, it could silently install code and hook the recipient’s computer up to a botnet, which can be used for anything from targeting attacks on servers to running spam email campaigns. As botnets typically involve so many computers, security firms find them difficult to stop.

    It’s essential to stay well educated -- and to educate your entire company -- on the ways that Internet viruses can be spread through email and attack your servers.

    3. Mobile

    Does your company offer multiple modes of connectivity for employees in and out of the office? Laptops, smartphones, tablets -- these mobile devices all help businesses achieve greater levels of productivity and efficiency, but they also come with their fair share of dangers. As they become more and more technologically advanced, they become more difficult to protect.

    “Just when one thought that mobile devices were safer than the old-fashioned desktops and laptops, the world is telling us that it is actually as unsafe, if not more. Hackers are constantly trying to find that chink in the security armor through which they can break in and compromise data. And, with the bring-your-own device (BYOD) culture fast catching up at the enterprise levels, data security challenges can only go one way -- north of where it is now.” (CXO Today)

    Preventing mobile devices from opening up your servers to Internet viruses demands a proactive approach. CXO Today recommends taking the following actions:

    • Use multi-factor authentication wherever possible. This makes the users go through more than a single level of authentication when collaborating with the enterprise systems, thus making vulnerability lower from external attacks, while ensuring legitimate entrants and the security of the data, especially that of the cloud.
    • Keep devices updated. Even if a hack hasn’t taken place, updating software will ensure that a future possibility is likely to be thwarted.

    Has an Internet virus harmed your company servers through one of these or other means? Let us know below. To find out if your business is practicing secure procedures to protect critical information, take Sharetru’s interactive quiz.


     

    Tag(s):

    Martin Horan

    Martin, Sharetru's Founder, brings deep expertise in secure file transfer and IT, driving market niche success through quality IT services.

    Other posts you might be interested in

    View All Posts