When you hear the term “malware”, a negative connotation probably comes to mind. This is because malware is the most general term used for malicious activities in the cyberworld. Under the umbrella of malware resides softwares such as viruses, Trojan horses, ransomware, adware, spyware, worms, and more.
Although these terms may seem familiar, what exactly is malware?
Malware is one of the tools cybercriminals use to attack their targets quickly and harmfully. It’s the use of computer programs specifically designed to infect and damage computers, servers and networks, therefore giving it the name “malicious software” or malware.Some companies are very familiar with the term and how it manifested itself in their business, below we’ll go through 3 malware horror stories and how to prevent it from happening to your company.
Stories of Companies that Have Fallen Victim to Malware Attacks:
1. Pitney Bowes Tech Company Hit with Two Malware Attacks Within 7 Months
In late 2019, the large eCommerce and mailing service company, Pitney Bowes, was the target of a ransomware attack. Ransomware is a type of malware that infiltrates a computer or network in order to prevent user access through encrypting data. The term “ransom” comes from the hacker’s demand for ransom in order to regain access to the files and data.
The company confirmed that their shipping and mailing services had been hit the hardest, which included the disruption of client access to all services in addition to encrypted information. The cybercriminal group responsible for this first attack was called Ryuk.
Although the company did not disclose how the attack specifically happened, professionals assume that the Ryuk group breached Pitney Bowes through PBI’s supply chain or a third-party service provider and turned their systems offline. In turn, this would mean that the company may have had weak MSSPs (managed security service providers) monitoring the end points of their internal network. Managed security services is an outsourced service whose job is to deliver network, infrastructure, and application security. Additionally, an internal network endpoint is defined as a remote device that has connection with the internal network. For example, typical endpoint devices include laptops, desktops, and mobile phones. If Pitney Bowes did in fact have weak security services over their endpoints, their vulnerability may have made them an easy target. From the moment of the breach, the Ryuk group encrypted company data and demanded a ransom. The most frightening part about the Pitney Bowes ransomware attack was that it wasn’t a “one and done” situation.
In May of 2020, the company was attacked once again just 7 months later but this time by a group called Maze, the same group notorious for attacking hospitals during the COVID-19 pandemic. These hackers breached PBI systems to access corporate files containing “information used by our business teams and functional groups to conduct business-related activities” according to Pitney Bowes sources. Investigators believe the group may have targeted virtual desktop endpoints with no multi-factor authentication programming ,misconfigured web servers, or hacked company VPN systems. The Maze group later posted screenshots of employee and customer financial data.
This goes to show that, despite a company’s defense or restoration efforts, such as PBI”s operational response teams and third party security experts, malware hacking will still pose a threat. Surely the company wasn’t expecting a second large scale attack. Therefore, it’s always important to be prepared for the worst.
2. Cyber Attack Shuts Down an Entire Georgia County Resulting in $400,000 Ransom
Another alarming malware incident took place in Jackson County, GA in 2019. In this situation an attack group, called Ryuk, used a type of specific crypto-ransomware that was relatively new at the time and many anti-malware systems weren’t quite used to the virus.
The cyber attack caused the entire Jackson County to lock down their public agencies. For example, the Jackson County Law Enforcement division had all 911 dispatcher screens go dark, cell doors automatically locked in the local jail, and sheriff laptops shut off. In the meantime, the entire county had to rely on handwritten notes, manual operations, printed maps, and paper logs, which left room for errors.
The cybercriminals were asking for a ransom of $400,000, which County Manager, Kevin Poe, decided to pay in order to obtain the decryption key to undo the ransomware’s lock effect. Authorities announced that the cybercriminal group breached the county agencies large system network, which had no back-up system in place to protect confidential information, allowing full access to the group. Although officials never confirmed how the hackers infected their system, it’s more than likely that the Ryuk group hacked the network and released Trickbot or Emotet malware, considering their notorious past.
This attack not only resulted in a huge loss of money, but also impaired the entire county by hijacking basic tools that keep society functioning properly. The situation at hand also goes to show that cybercriminals aren’t just targeting big businesses. Everyone should be vigilant of cyberattacks by taking proper security measures. Also, your company should always have a back-up plan for large network breaches such as this one.
3. Ransomware Attack Results in $95 Million Dollar Loss for Danish Company Demant
One of the most frightening malware stories revolves around a Danish Hearing Aid company called Demant. Due to the tremendous depletion of revenue, this 2019 ransomware incident is described as one of the most significant cyber-related losses of all time.
The attackers breached the entirety of Demant’s internal IT infrastructure and damaged both the company’s production and distribution departments in numerous countries. The company’s Asia-Pacific network and ERP system were also under full control of the hackers, which in turn shut down the entire company for weeks on end. Without confirmed details regarding the logistics of the attack, it can be assumed that it began with a small attack vector, such as a phishing email opened on an endpoint device, drive-by malware download, or unpatched vulnerabilities on the company network.
The final result of the situation was a costly $80 million to $95 million in recovery and mitigation expenses, throwing Demant into a deep hole. This attack devastated the company on different levels; time, money, customer relations, productivity, communication, and more. Therefore it’s important to remember that the small fixes and measures your company could take to avoid a breach of this scale is worth the effort.
Even if you think the layers of security your company has will be enough to avoid attacks, you should always re-evaluate and stay cautious and, as discouraging as it sounds, always assume your company is the target of an attack. This mentality will keep you on your toes. In regards to cyber security, it’s always better to be safe than sorry!
So, What Are Ways to Prevent Malware?
The most crucial part of protecting your company against malware attacks is to be fully aware of potential threats. This awareness includes; knowledge of threat types, the prevalence of certain threats, and the impact of said threats. There are many online sources, training programs and companies that provide valuable information on the topic as well as ways to prevent cyberthreats. For now, here are a few general ways to protect your business against potential malware attacks.
1. Secure Your Company Network
Strong and reliable network security is the epitome of safety when it comes to cyberattacks. Your company’s network gives direct access to confidential data, accounts, and more. It’s important to use a firewall to monitor network traffic and block out malicious activity.
With minimal protection, hackers can breach your company’s network system and distribute malware that cause major setbacks, from loss of revenue to important information. Some other ways to keep your company network secure are by using a VPN, considering a WPA, or installing an IPS (Intrusive Prevention System).
2. Install Anti-Malware Software
One layer of security will never suffice when dealing with malware attacks. The best idea is for your company to have multiple forms of anti-malware software on top of basic cyber-security measures. Several different security applications working together can form a strong front line of defense. Some types of softwares you may consider installing are a general “anti-malware” software, an antivirus software, and an anti-ransomware software.
For quality removal and protection, a few good examples of the anti-malware softwares include Norton,TotalAV, and Malwarebytes. Another way to ensure proper anti-malware security is by hiring an experienced and professional outsourced IT team to handle your company’s needs.
3. Regularly Update Your Systems
Weak spots in your operating systems are a huge target for hackers. They find vulnerable “unpatched holes” and use them to breach your system and release malware. This is why it’s so important that all systems are kept up-to-date regularly and any “holes” are patched up as quickly as possible. Certain infrastructure that needs constant updating includes security programs, softwares, and computer operating systems. This consistent updating is like barricading any weak spots to avoid malware attacks. System updates have other benefits as well like bug revisions and the installation of new features and removal or outdated ones. Keeping your systems healthy is the most basic way to protect against malware viruses.
4. Have a Backup Plan: Encrypted Data
If something goes awry and your layers of security have been breached, a good backup plan is necessary. A good backup plan is encrypted data, which means coding your confidential data so a hacker is unable to understand what it means. This is because encryption works as a type of code that can’t be translated. In addition to data encryption, it’s a good idea to have your confidential information backed up so you don’t lose any important data. Backup copies can always be stored on hard drives or disks. Your company can actually use encryption software that will encrypt your company data automatically. This can be a vital step when emergency situations put internal information at risk. In the stories, Pitney Bowes was attacked twice, their security layers were breached and confidential information was accessed. This gave Pitney Bowes no choice but to pay ransom. Be prepared for similar situations by utilizing encryption software!