A malware prevention strategy to complement StopRansomware.gov
- By Lloyd Mitchell, Aviv Grafi
- Oct 29, 2021
According to a study from Cybersecurity Ventures, ransomware attacks happen every 11 seconds.
In response to this ever-increasing threat, the Department of Homeland Security and the Department of Justice launched StopRansomware.gov this past July. Billed as a “one-stop hub for ransomware resources for individuals, businesses, and other organizations,” the site consolidates ransomware information from federal agencies on how to report attacks and the latest ransomware-related alerts and threats. What it does not provide, however, is a strategy for creating an attack prevention plan.
While ransomware is currently headline-making, keep in mind that it is only one type of malware, such as viruses, Trojan horses, worms, spyware and more. Having a malware prevention plan in place is an absolutely essential arrow in the quiver of cybersecurity defenders. It enables agencies to be proactive and reduces the risks and expense from productivity loss in the event of an attack.
Prevention can be difficult, because threat actors know how antivirus tools work and how to evade them, but the essence of a malware prevention plan is having solutions at hand for a range of threats.
Agencies can reduce the risk of malware getting a foothold in their networks by implementing some of the following best practices.
Install secure file gateways. Threat experts agree that most ransomware attacks are rooted in email, and phishing is the most popular attack vector. Therefore, agencies must have solutions to prevent malware embedded in malicious code from getting into inboxes.
One approach to reducing risk is installing a secure file gateway, which uses advanced content disarm and reconstruction technology that singles out only the safe elements of each file, placing these known-good elements on a new, clean file template before delivering them to end users or devices.
An agency’s IT security team must make certain that this technology can understand and protect all file types. That means not only .ppt and .doc files, but pdfs, image files and even complex formats like Autodesk files. With such a gateway, any files coming into an agency can be considered safe, no matter what channels they use to enter.
More than simply blocking discovered threats, a secure file gateway will prevent both known and unknown threats from getting a toehold in a system to begin with – even zero-day threats.
A malicious file can easily slip into an inbox. Implementing a secure file gateway will help ensure that any file received within an agency is completely safe to open. That’s absolutely essential to limit the spread of ransomware.
Conduct phishing awareness training. Because malware delivery models rely on social engineering, it’s essential agencies train their employees to recognize phishing attacks. Phishing awareness training gives employees practical experience recognizing attack patterns and helps organizations strengthen their security posture. Keep in mind, however, that training on its own is not a foolproof way to avoid attacks.
Install security updates. Many malware variants use known vulnerabilities in software, hardware and firmware. Installing recommended security updates as soon as possible reduces risks not only from malware but from other attack methodologies as well.
Enforce strong password policy. To reduce the risk of keylogger malware, it’s essential to have employees use unique, strong passwords for every application and login. That way, even if a keylogger captures one password, it cannot be used to access multiple resources or various different accounts.
Limit application privileges. To limit bad actors’ movements within systems and networks, it’s important to apply fine-grained access controls to critical data and applications. Granular access controls should define which users can access files and folders and what operations they can perform (encrypt/decrypt, read, write, etc.) Many applications, such as PowerShell, have risky privileges. By limiting what users can do, agencies also limit how bad actors can use them in ransomware attacks.
“3-2-1” data backup and recovery. Using best practices for data backup and recovery can reduce the harm done by ransomware, which often damages data integrity. Agencies should follow the “3-2-1” data backup model: Three copies of data, in two formats, with one copy offsite.
Endpoint security. Antivirus software mitigates the risks from malware; it doesn’t eliminate those risks. While known malware can be prevented by AV software, unknown or zero-day malware is still likely to make it through. Endpoint security will help, provided the other prevention tactics detailed here are part of a comprehensive malware prevention plan.
By educating employees in phishing awareness training, following best practices and implementing a malware prevention solution such as a gateway, agencies can greatly reduce the chances of being exposed to damaging ransomware attacks.
Lloyd Mitchell is president of Thales Trusted Cyber Technologies.
Aviv Grafi is CTO and founder of Votiro.