How The State & Hackers Hack (And How to Stop Them) – Part 3: Malware Protection

Now to the big question 'How do I make sure my devices are malware free?' – the answer is twofold: personal vigilance and use of protective tools.

Hopefully the previous article helped to improve your personal malware awareness, and some real-world examples below can help cement those risks. Above all else, be extremely cautious with emails, where most malware attacks are delivered and executed.

Remember, prevention is always the best defence against malware

REAL-WORLD MALWARE EXAMPLES

Intuit Invoice - Small hard-to-read invoices that prompt you to click 'enable editing' to view it correctly. But clicking that link downloaded a sneaky malware named 'Dridex'.

Office 365 - 'Red Dawn' became very destructive in 2020. Delivery was via email attachments, like below, that infected the host computer with malware.

Google Login - .HTML attachments, as below, are very challenging for antivirus detection since they are not usually the type of email-borne attacks. Banks and other institutions often use them. Completing the form simply provided your Google account to the hacker.

FB Messenger - Several Facebook users received messages in their Messenger accounts from other users already familiar to them. The message consisted of a single .SVG (Scaleable Vector Graphic) image file which, notably, bypassed Facebook's file extensions filter. Users who clicked the file to open it were redirected to another page that downloaded malware.

LinkedIn – This site has been the focus of online scams and phishing attacks for several years now, primarily because of the wealth of data it offers on employees at corporations. Malicious actors mine that data to identify potential 'marks' for business email compromise attacks, including wire transfer and Social Engineering scams, as well as a number of other creative ruses.

In one case a user reported receiving a standard Wells Fargo credentials phish via LinkedIn

HOW TO PROTECT AGAINST MALWARE & PHISHING

Develop a team mindset – One member of any tight-knit group can expose everyone else by using sloppy computer security standards and lack of security awareness. Make sure everyone is on the same page!

Keep computers and software updated – It is VITAL that you always update computers, phones, other devices, and software on release, do not hang around. Big tech is constantly at war with hackers and new vulnerabilities are being discovered every day. These key updates often include fixes that can improve the security of your system - some operating systems also offer automatic updates, so that you can automatically get updates soon after they're available, please do this.

Use App-Based 2FA – According to Microsoft 99.9% of automated malware attacks can be prevented against just by using 2FA (Two factor authentication). SMS based 2FA is not recommended but is better than no 2FA – Try to use an app-based 2FA such as authy or hardware 2FA such as YubiKey.

Change default OS settings – While the default settings are good security precautions to take, they can be greatly improved upon. Such as reducing the maximum password age from 90 days to 30 days or enabling firewall.

Install Firewall – This prevents malicious attacks by blocking all unauthorized access to or from a private computer network – certainly helps reduce the risk of attack. Apple's firewall is superb and should be always switched on, there are paid options such as Norton and Avast that work alongside the anti-virus software.

Be careful with email attachments – If in doubt, do not open the attachment. If you do think you have received a malicious attachment, then consider investigating it and then deleting it. For the nervous and less tech-savvy, simply erase and check your whole system, change passwords for greater peace of mind.

Do not trust Pop-up windows – When surfing the web, you might come across sites that show pop-up windows, making you believe your computer has been infected and asking you to download some software to protect yourself. Don't fall for this trick. Just close the pop-up window and never click inside the pop-up window.

Limit file sharing – Some sites and applications allow you to easily share files with other users. Many of these sites and applications offer little protection against malware. If you exchange or download files using these file-sharing methods, be on the lookout for malware. Malware can often be disguised as a movie, album, game, or program.

Use Trusted Antivirus software – There are many paid, free, and open-source options for malware detection and removal. Privacy maximalists will tell you that Norton, Malwarebytes etc are sucking up data as well as conducting its base anti-virus duties, but the two are very related to facilitate software improvement. That said, there are some great free open-source options that can be set for "do not share". It's a good idea to run regular scans of your computer to catch malware early and prevent it from spreading. Do your own research from multiple sources and focused on your type of device. While it is intended to run in the background, you still need to manage it up front. It is a good idea to set up automatic scans to run every few days or weekly to make sure the software is doing its job.

Understand the limitations of ant-virus – Anti-virus software, no matter the cost of service provided, is imperfect and new and innovative malware can bypass the checks. Anti-virus software works on being constantly updated with the latest detected malware and blocking it. But 2 million new types of malware emerge every day - There is still a risk of malware infecting the device, especially with humans have a hand in the process.

Only Download Trusted Apps – Big brands will not be distributing malware, but lesser-known apps need to be researched before downloading. Authenticity can be checked by the company's list of published apps, contact details and just some basic research.

Employ Browser Common Sense - Avoid websites that feature pirated material, particularly torrent sites. These kinds of places are loaded with malware. Always make sure that you visit a website with an SSL certificate. You can verify this by looking for the secured icon to the left of the URL (the web address). When a browser notifies you that a website in not secure, take action to prevent the entire page from being loaded. Startpage allows you to open a webpage on their server https://www.startpage.com

Use Virus Total – Free, open-source browser-based tool that can really put your mind at ease. It is well worth saving in your bookmarks. You can scan files and Website URLs for malware. They check against 50 + collated libraries. https://www.virustotal.com/gui/home/upload

Be aware of Social Engineering techniques – A type of confidence trick to gather secret information often defined as 'any act that influences a person to take an action that may or may not be in their best interests'. There are some great resources that teach you some of the techniques – this video is very good https://www.youtube.com/watch?v=FvhkKwHjUVg

IoT Security – Change default router settings, Disconnect the devices when not needed, use a strong and secure password, and keep software firmware always updated. Try to depend as little as possible on the Internet of Things as hacking methods and vulnerabilities are improving all the time.

Backup On an Encrypted Hard Drive – Useful information cannot be stolen if it does not exist at rest on your app, device, or elsewhere. A good habit is to purchase a quality encrypted hard drive and to use it – regularly. Secure you information.

Use a Browser that protects – We recommend Firefox browser on all devices. It is a free and open-source browser used by more than 500 million. It is fast with a very strong focus on privacy and security https://www.mozilla.org/en-US/firefox/new/

WHAT TO DO IF INFECTED

Act Quickly and inform those in your circle so they too can check their devices. Seek professional advice.

Step 1: Disconnect from the internet.

The first step once malware has been detected is to disconnect from the internet. This prevents data from the devices on your network being sent outside your network. It can also help stop the spread of malware from one device to multiple others. If your anti-virus program does not come with a malware removal tool and you must download one, then disconnect from the internet after that tool has been downloaded.

Step 2: Restart in safe mode.

Next, enter safe mode. By booting in Safe Mode, you'll prevent any non-core components from running, allowing you to isolate problems easier.

Step 3: Stay logged out of other accounts.

After restarting your computer in safe mode, do not log in to other accounts until the malware or virus has been completely removed.

Step 4: Close suspicious activity.

You also need to keep in mind which applications are running while you are using your computer. This can give you an idea as to what software or application may contain or be responsible for the malware. If you locate a suspicious application, then close it.

Step 5: Scan for malware and remove

From here, you can use a malware scanner, or your device's anti-virus program, to perform a scan for malware. Once the scanner you have selected has located the malware, you will be able to remove it from your system.

Step 6: Run more scans

You aren't done there, though. You should still run another scan until you are given the all-clear by the program. Even after that, some experts recommend that you run additional scans with a different program, to see if it picks up something that was missed.

Step 7: Clear Temporary files and browser cache

Once you have removed the nasty infections, it's time to clean up any remaining files. You can use cc cleaner or clean the computer manually. When you are done, be sure to double-check your browser's homepage and search engine and restore these to your preferred or default settings.

Step 8: Remove system restore points

System restore points have the potential to contain malware. We recommended that you delete all system restore points. If you know for sure when you contracted the malware, you can remove the restore points up to that time.

Step 9: Change your passwords

Lastly, you should change your passwords to ensure that no information which was potentially obtained while your computer was infected can be continued to be used against you and cause even more harm. We recommend using a password manager.