Preventing Cyber-Threats

As Chief Information Officer, I’m constantly looking for digital threats to my organization. These threats include but are not limited to Phishing, Malware, Ransomware, Trusted Insider Threats, and Data Exfiltration. According to the Computer Security Resource Center, NIST, Phishing is “A technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a website, in which the perpetrator masquerades as a legitimate business or reputable person.” Often, these phishing attacks go hand & hand with malware. Malware is a subtle technique that infects a given device using embedded emails or websites to spam and steal said device’s data. One of the most common forms of malware is Ransomware. An article by BDO Digital states, “Once the malware is in your system, it locks it up and denies you access to critical data until you pay a ransom to retrieve your sensitive information and regain control of your systems.” One possible source of these threats is a trusted insider. Trusted insider threats are digital threats from (typically disgruntled) former or current employees/associates with access to sensitive information. Lastly, Data Exfiltration is unauthorized data removal from personal and or business devices.

Admittedly, there are many ways in our company’s current digital processes can be exploited or manipulated. For instance, our corporate employees are given business devices with no protection software that typically go unmonitored. Currently, there is also no encryption in place for the business emails of any of our employees. Similarly, frequent business emails are sent to our employee’s unprotected emails. Our in-person stores only have community wifi with no password-protected private wifi for our staff. Lastly, as of now, our staff has no training on how to recognize and prevent cyber attacks.

To solve this, I intend to install a VPN on all devices used for business purposes. All company emails will be encrypted with a firewall and consistently monitored. Our systems should always be up to date and backed up. Starting now, Employees are to be educated on malware and how it enters computer systems to limit the margin of user error.

Computer Worms

As I briefly discussed in my previous post, malware can come in various forms. One of the most common types of malware is known as computer worms. As Ivan Belcic from Avast Academy loosely states, “Computer worms are self-contained malware that latch onto devices and immediately spread through the network without any external aid.”

One of the most infamous computer worms is MyDoom. First Appearing in mid-January of 2004, MyDoom is known as one of the worst malware outbreaks in history. The worm targeted Windows-based devices and infected them using corrupted email attachments. In an article by OKTA, the site states, “In January and February of 2004, people all around the globe started getting mysterious email messages that said, ‘I’m just doing my job, nothing personal, sorry.’ Each email came with an attachment, and every time people checked their inboxes, they got another copy.” Since the emails were so poorly written, they had been widely confused for harmless spam. However, the second it arrived, the worm had infected the device, spreading from computer to computer using the email addresses on said computer to copy itself to those other addresses.

As a result, the computer worm spread like wildfire; it reached 500 thousand computers in only a little over a month. Nearly 20 years later, MyDoom is still unbeaten as the fastest-spreading email worm in the world. According to an article from Get Support, and I quote, “Back in late January 2004, once the virus had spread to millions of computers all over the world, it essentially waited until 1st February, when it planned to begin a coordinated attack on the website of the SCO Group.” Fortunately, after a few weeks, the worm ended up dying down on its own. The incident officially ended on March 1st. Though the malware did resolve itself, the infected devices never recovered. It destroyed countless Windows-based computers, resulting in 38 billion dollars in damages. The cost in today’s economy would equal roughly 52 billion dollars because of inflation. Despite MyDoom’s global impact, The creator of the infectious malware is still unknown. Many suspected it to be a Russian programmer due to similarities between MyDoom and other worms in Russian labs when the incident occurred. Regardless, this theory was never confirmed or expanded apon after the event’s initial coverage. Unfortunately, due to the creator’s anonymity, no one was held accountable for this attack.

The MyDoom worm is still active today, albeit diminished and contained. As explained by NORD VPN, and I quote, “The worm is still active and running. However, it is contained in just over 1% of malicious emails worldwide, mostly those sent by spammers originating from China and the US.” The original strain of the malware resolved itself two decades ago, but there have been multiple sightings of new MyDoom versions or variants since the initial event. Looking at this computer worm and the damage it caused, it’s crucial to learn more about what to look out for and how to protect yourself from an attack. If your device is infected, the first step is to minimize the damage. If it’s your personal computer, disconnect it from the internet, or contact your IT department if you are on a work computer. Then, install/update antivirus software on your computer to locate and remove the infection. Lastly, to prevent the risk of another infection, change your passwords, update your software, install/enable a firewall, and maintain anti-virus software.

Jesse's Blog

Just another Central Ohio Technical College Sites site

Preventing Cyber-Threats

Computer Worms

Sources

Sources