October 26, 2022 - admin
How to Handle Destructive Malware
It’s not uncommon to deal with malware at some point in our lives. Afterall, there has been a steady increase in malware attacks.
In 2020, 61% of organizations experienced malware activity. That percentage has grown to 75% since then. This begs the question: “how do I handle malware?”.
What is Destructive Malware?
Destructive malware is a malicious code that destroys data. As you can guess, having your assets and data destroyed can be detrimental for your company’s daily operations.
Typically, malware will target a vast array of systems executing across multiple systems in a network. It uses various communications tools to spread itself which includes:
- Worms sent through email and instant messenger
- Trojan horses
- Virus infected files
Since malware has the capability to execute in a myriad of ways, it is important for organizations to assess their environment for atypical channels for malware delivery throughout their systems.
Some systems that should be assessed include Enterprise applications – specifically those that directly interface with and impact the different hosts and endpoints. Common examples include:
- Patch management systems
- Asset management systems
- Remote assistance software
- Antivirus (AV) software
- Systems assigned to system and network administrative personnel
- Centralized backup servers
- Centralized file shares
Additionally, while these are not specifically applicable to malware, threat actors could compromise additional resources to affect the availability of important data and applications such as:
- Centralized storage devices
- Network devices
How do I prevent Destructive Malware?
As mentioned earlier in the article, 75% of malware attacks come from person-to-person communication. Ultimately, this shows that there needs to be an emphasis on company policy and procedures for proper communication amongst workers.
For starters, you should make sure that your network is segmented. In addition to your network being segmented, you should make sure your access control lists are configured to permit server-to-host and host-to-host connectivity via the minimum scope of ports and protocols.
For enterprise systems that directly work with different endpoints, make multi-factor authentication a requirement for interactive logons. Furthermore, ensure that authorized users are mapped to a specific subset of enterprise personnel.
Be sure to audit and review security logs for anomalous references to enterprise-level admin and service accounts. And be sure to review network flow data for signs of abnormal activity, including:
- Connections using ports that do not correlate to the standard communications flow associated with an application,
- Activity correlating to port scanning or enumeration, and
- Repeated connections using ports that can be used for command and control purposes.
In terms of file distribution, when deploying patches and signatures in an enterprise be sure to stage the distributions to certain grouping of systems. Additionally, monitor the patches and signatures that are distributed out.
Ultimately, destructive malware can destroy valuable assets that your company needs for it’s daily operation. Understanding how malware operates is the first step in defending against it.
Please contact us today if you would like to further discuss malware and let’s talk about how Wowrack can help enhance your security.