One of the first obstacles to overcoming cyber threats is understanding the lingo. For example, Microsoft recently released details on a 17-year-old vulnerability known as SigRed that is “wormable” and potentially exploitable remotely. If you are like most people, the first thing you will ask yourself is, “what in the world does ‘wormable’ mean?” And you would not be alone; the cybersecurity lexicon is already filled with niche terms such as worms, trojans, and ransomware (oh my!), and seems to grow every day. But have courage, dear reader, because we have built this quick primer to help you easily understand and protect yourself from these threats.
Virus / Malware / Trojan:
Virus, malware, and Trojan (or Trojan horse) are all terms used to describe various forms of software that allow a malicious third party to exploit vulnerabilities in an operating system or software for a purpose that was not intended by the end-user of the computer. But let us dive a little deeper into the differences between each of these cyber threats:
- Malware is the broadest term of the group and is most often a simple software intended to perform some malicious action on a computer, software, or operating system. Viruses and Trojans are types of malware, but this category includes other types of dangerous software as well.
- A virus is a type of malicious software which generally “infects” other software by modifying the software or operating system and can be notoriously difficult to remove. This makes it more complex and potentially harmful than many other types of malware.
- A Trojan is a type of software designed to allow an attacker access to a device or network, and it can sometimes be disguised as legitimate software. In modern times, these are generally “RAT” or “Remote Access Trojans” that allow the attacker to view the screen, capture data, and otherwise interact with the device as if they were sitting in front of the keyboard.
Worm / Network Worm / Wormable
A Worm (or network worm, or “wormable exploit”) is a horse of a different color – a unique type of malware that can infect (and re-infect) other devices on the network without the need for human intervention. Once one device is infected, the worm is often able to infect other connected devices and “tunnel” deeper into the network to resist attempts at removal. Worms are generally difficult and time-consuming to fully eradicate and require that all devices be disconnected from the network, cleaned, and only reconnected after the worm is eliminated from each device.
Even if fully eradicated, the effects of advanced worms may not be completely mitigated, as some exploits can tunnel without needing to replicate across the network. This is the case in the example of SigRed, which can move from one server to another but does not replicate.
Ransomware is yet another type of malware designed to prevent access to files or computer systems and hold this access for ransom, usually demanded in the form of bitcoin or another cryptocurrency. Ransomware often reaches its target through malicious attachments or phishing campaigns and can also include data exfiltration attacks which copy from your network. Once compromised, this data is sometimes sold or used in other malicious activities.
Due to the relative ease of success and growing value of cryptocurrencies, malware has become one of the most common forms of cyber-attack over the last decade. In fact, recent news is full of high profile ransomware incidents, including attacks on Baltimore City, Multiple Towns in Florida, and an Alabama Hospital System. These attacks are often successful because the ransom requested is often trivial compared to the lost productivity and data they could cause.
Each form of cyber threat outlined in this article is some form of software designed to “exploit” a “vulnerability” on a computer or network. A vulnerability is simply a way of using software or services in ways that either the manufacturer (e.g., Microsoft) or the person implementing it (e.g., your organization) did not intend. This could include a design flaw or bug in the software, improper configuration, or failure to adhere to best practices. These problems can often be solved by applying patches and updates promptly, but changes to the configuration or even server/network architecture may be required.
Defense in Depth / Protection from “Computer Nasties”
Much like the flying monkeys in The Wizard of Oz, these cyber-attacks can appear unexpectedly and without warning, threatening to overwhelm organizations which are unprepared. The best defense is a multi-layered approach known as “Defense in Depth”. Following these basic guidelines provided below will set your organization on the right path to your ultimate destination – a reliable and secure IT environment.
- Only use operating systems and software which is under active vendor support – including your network devices
- Update your operating systems and software at least once per month
- Install anti-virus and anti-malware software and perform regular updates
- Use a web filter and spam filter to protect your network against malicious websites and emails
- Restrict administrator access (including local administrator access) to only IT staff
- Maintain reliable backups that are not accessible from the network.
- Proactively scan your network for vulnerabilities and monitor network traffic for signs of malicious activity
- Develop an Incident Response Plan
- Train your employees on the most relevant threats to your organization
Now that you know how to define worms, Trojans, ransomware, malware, and other cyber threats, you can ensure your organization remains protected. If your business needs information security assistance, reach out to CUCIT for assistance to maintain a top-notch security posture.