Compared to Q1 2018, malware detections in businesses has increased 235% while dropping 24% for consumers.
Anti-virus and security firm Malwarebytes reports in their latest Cybercrime Tactics and Techniques report that cybercriminals are following the money and shifting their focus from consumers to businesses that have more valuable assets and possibly the financial resources to pay ransoms.
According to the report, the dominant malware threat to businesses is the Emotet malware. First discovered in 2014, it has developed into a sophisticated polymorphic system – which means it can change itself every time it is downloaded making signature based detection difficult. Emotet, like most business targeted malware, is primarily delivered through malicious email attachments or by fooling business users to visit malicious websites controlled by cybercriminals that then install the malware by exploiting vulnerabilities in web browser software. Once installed on a single system, Emotet will try to spread itself around the network both by generating emails and by exploiting vulnerabilities in network and operating system software which enable it to install itself on other devices.
Systems Administrators can protect their networks from Emotet and other malware by:
- Ensuring all security patches are installed on every device promptly so there are fewer vulnerabilities for malware to exploit
- Require strong passwords for every account and/or adopt two factor authentication – this prevents malware from spreading by brute-forcing login credentials
- Segment your network to prevent malware in one business area from spreading to all devices
- Use regular (monthly) internal and external vulnerability scans to identify any devices with unpatched vulnerabilities or mis-configurations
- Regular penetration testing, especially after material network changes or system upgrades to ensure no new intrinsic weaknesses have been introduced
- Educate users to identify and avoid emails with malicious links or attachments
