"Attention! We've detected malicious activity on your computer. Download antivirus now."
Spyware, Keyloggers, Scareware (described in example above), Ransomware and more. It seems like malware, or malicious software, lurks around every corner of the Internet, be it in a threatening email attachment or false online advertisement. There are now newer, subtler ways for your clients to have their personal data stolen, and few will be able to detect the warning signs of the various types of malware attacks before the damage is done and the data is lost. It is time to teach yourself and your clients how to prevent malware from causing unnecessary problems on your computers and servers.
As your customers' MSP and trusted IT advisor, malware protection must be top-of-mind. In order to reduce the amount of infected client machines and mitigate the impact of attacks, however, continuous vigilance must be exercised by all. To prevent their businesses from cyber attacks, end users will have to learn secure browsing habits and likewise, IT solutions providers will have to install the highest grade antivirus software, all while reading up on the latest malware news for security patches and critical malware updates. We explain further in this go-to guide for protection against the viruses, worms, Trojans, etc. that fall under the malware umbrella.
Part 1: How Clients Can Reduce the Risk of Malware Infection
As you know, malicious programs are engineered to compromise systems, steal and exploit personally identifiable information (PII) like financial data and credit card numbers, as well as hold this information captive to extort payment or intel from victims. The costs of downtime and data loss combined with the shattered reputation that results from a malware breach are far too great for small-to-medium-sized businesses to take their online safety for granted. Because of this, you must urge your clients to be cautious in all their web-based dealings, and stress that they adhere to the following security measures, which we've compiled from sources, such as McAfee, Kaspersky Lab and PCWorld:
1. Be suspicious when prompted to download or install software
Even if you think you can trust the program because it's well-established or appears legitimate, that is not always the case. Attackers have become cleverer and know how to cloak their schemes in well-crafted, credible language. The takeaway here is that clients must verify that the software is valid before taking action. Encourage them to open up another browser tab and research the program. Make sure they understand not to click into the original prompt for more information. If the intent is malicious, with any luck, your user will see search results of posts by others warning users not to download the software. To be safe, you may choose to have them run the mystery application by you first. You should be the main purveyor of their cyber health.
What about for cases where the software itself is legitimate, but the version offered isn't? Unfortunately, attackers have been successful at impersonating common, harmless applications or services, such as Microsoft support. Train your clients to be wary of any - website pop-up ad, email, social media message, etc. - attempt to have them download something. If they'd like to download well-known software like Microsoft, instruct them to visit that company's website to do it - insist that they don't click any email links or ads, as these could be phishing schemes and malvertisements in disguise. Furthermore, teach them to look for websites with secure sockets layer (SSL) security. As we describe in How to Keep Clients Safe from Phishing Attacks and Online Scams this Holiday Season, that just means the URL for the page begins with "https://" and not "http://.
Along the same lines...
2. Avoid websites whose legitimacy and security can't be guaranteed
This is fairly self-explanatory, but still necessary to reiterate. As you learned in December's Malware Roundup, Internet users are 28 times more likely to be infected by malware if they use content theft sites. Piracy websites aren't the only ones with low security, but it just goes to show that destinations like these are hotbeds for cybercriminal activity. Look into software that detects the safety of websites before your clients accidentally click on risky search results. Additionally, encourage your customers to never click any link without knowing its destination. Have them hover over the anchor text to see the link URL as an additional security precaution. It's simple steps like these that can easily bolster up your clients' protection from malware and reduce headaches down the road.
3. Stress that malware can be installed without user intent to download anything
It's very easy for people to downplay malware concern and dismiss these tips by saying "Fine, I just won't download anything then." But your users aren't in as much control as they'd like to think they are. Drive-by downloads can infect a user's machine if he or she merely visits a site with malicious code, but doesn't take any action. Attackers are savvy enough to recognize that their victims may not be easily fooled and that they may have to target other behavior. Take a pop-up malvertisement - yes, they can still get past browser ad block plugins - that offers a software download. Upon reading the first tip above, your user is aware of this scam and knows not to fall for it. What do you think they do? Click the X to close out of the window. No, they didn't click the link, but they still engaged with the malvertisement ad and could therefore be compromised. Instead, teach them to close out with:
- Windows Task Manager, if using a PC or
- Activity Monitor, if using a Mac
4. Take caution when sharing files or opening attachments
Whether they intend to open or share files across email, instant messaging applications or popular file-sharing programs, clients must be certain of the source's legitimacy. Through intelligent social engineering tactics, attackers often impersonate a trusted authority, such as a coworker, to manipulate and compromise a company's system. For extra guidance in detecting fraudulent files, McAfee warns not to download files with the extensions .exe, .scr, .lnk, .bat, .vbs, .dll, .bin, and .cmd.
Part 2: Malware Detection, Protection & Removal with Antivirus & Security Software
With your users adopting this safer, preventative behavior, the chances of being attacked by malware are slimmer, but not impossible. To minimize the volume of threats that reach your clients' network, strengthen your remote monitoring and management (RMM) solution with a solid firewall, anti-malware and antivirus software. Be sure to maintain regular management of both, checking that they're active and up-to-date.
Antivirus (AV) Solutions
AV software is your end-to-end malware security defense. When activated, it monitors your clients' networks for incoming threats. Common security suites often include spam filtering in email and a firewall, which blocks suspicious websites and applications from running. One common issue with threat intelligence, however, is that victims can be targeted without knowing when their system has been compromised. With AV solutions, you can configure a scan to run regularly and automatically to search files for known viruses and evidence of suspicious activity which could signify an infected system. While this latter function often reports false positives, it also helps detect new viruses or ones that may have been sneakily encrypted. Lastly, an AV solution takes care of malware removal. As explained by AntivirusWorld, once a corrupted file is flagged, the software "can then either delete the file, quarantine it so that the file is inaccessible to other programs and its virus is unable to spread, or attempt to repair the file by removing the virus itself from the file."
What should you look for in a business-grade AV solution, such as Webroot? Your antivirus software should:
- detect and protect clients from both major threats like CryptoLocker and minor vulnerabilities which could escalate later
- not consume too much network bandwidth or PC disk capacity
- not slow down processing speed
- provide a hassle-free end user experience
For more information, check out the following resources:
- How to Sell Your Clients on Antivirus Services
- Don’t Push Your Luck: Leverage a Cloud-Based Antivirus Solution
Anti-malware is usually packaged into antivirus offerings, but solutions like Malwarebytes are strong compliments to AV software. Malwarebytes claims the following in their support forum:
Malwarebytes Anti-Malware is not meant to be a replacement for antivirus software. Malwarebytes Anti-Malware is a complementary but essential program which detects and removes zero-day malware and "Malware in the Wild".
This includes malicious programs and files, such as virus droppers, worms, trojans, rootkits, dialers, spyware, and rogue applications that many antivirus programs do not detect or cannot fully remove. That being said, there are many infections that Malwarebytes Anti-Malware does not detect or remove which any antivirus software will, such as file infectors.
Either way, look for an RMM vendor that integrates conflict-free with malware protection software providers such as these.
Part 3: Malware Updates and Security Patches
Last month's malware roundup serves as just one example of how MSPs must continually offer proactive technical support to stay ahead of the malware curve and avoid malware removal altogether. To protect client data, you have to keep your finger on the pulse of the latest cyber threats and malware news. Indeed, every month there are new updates released, meant to correct existing flaws in applications and programs that hackers can exploit. Patches correct new bugs and legacy vulnerabilities, alike. What you think is safe one month may be a breach waiting to happen the next if you don't stay on-top of these security updates. One report all system administrators should follow religiously is Microsoft's Patch Tuesday.
Warning: Not every patch should be deployed. Each one must be tested to ensure it's safe to apply to clients' systems. If you're a Continuum partner, our Network Operations Center (NOC) performs this service for you.
In order to be eligible to receive the latest security defenses and patches, your clients must update their operating systems and browsers. If, for instance, they haven't migrated away from Windows XP OS, they won't be able to receive Microsoft support or future patches, which spells trouble - and potential noncompliance penalties - if they get hit with a virus.
Part 4: MDM for Mobile Malware
Mobile malware is on the rise. As reported in 12 Must-Know Cybersecurity Stats of 2015 [SLIDESHARE], Forbes predicts a huge unsized market for securing non-computer devices will come into sharp focus over the next couple of years. Over $1 billion is being spent annually on security awareness training, as a result. With increased data mobility and the Internet of Things (IoT) fostering more complex IT environments, it's time for MSPs to get on board and offer mobile device management (MDM). Personal and private data have converged in the modern office. Now, using the same device, an SMB business owner can check his Facebook, download apps and read confidential work emails. While convenient and arguably necessary, this ease of access is also extremely dangerous. One wrong move, and the company's files could be stolen, encrypted, sold, etc. MDM is the only way to protect against the threat of this bring your own device (BYOD) workplace trend. By offering the right MDM solution, IT service providers can remotely wipe an individual’s data when he or she leaves the company or when a device is compromised.
If you'd like to learn more about this lucrative opportunity for MSPs, here's everything you need to know about mobile device management (MDM).
Part 5: Backup and Disaster Recovery (BDR): the Malware Failsafe
One malware remediation strategy involves localizing the issue by disconnecting the user and device with the issue to prevent the bug from spreading and compromising more company data. But how can an MSP recover that user's lost data if there isn't a secure and reliable backup and disaster recovery (BDR) solution in place? If you're not currently offering business continuity as one of your managed IT services, you're not only missing out on a sizable revenue stream, you're gambling with the protection and security of your clients' data. Today, malware attacks like those belonging to the CryptoLocker and CryptoWall families, in which cybercriminals encrypt, or lock, files and demand payment for the decryption key, make it virtually impossible to recover data in the absence of a BDR solution. The alternative is funding the development of future attacks by paying the hacker, who may not even choose to comply. For obvious reasons, we don't recommend leaving that as your user's only solution. By offering cloud-based BDR, however, you can take frequent backups to minimize the backup window and optimize your end user's recovery time objective (RTO) and recovery point objective (RPO), all while restricting the access of and securing their stored data. That's why BDR is the ultimate malware failsafe.