Welcome to another Nastiest Malware Q&A with our security analyst, Tyler Moffitt.
We had so many questions come in that we needed to host another Q&A. Thanks as always for your questions!
Today, he’ll be available to answer your questions on the latest malware featured in our latest Nastiest Malware list. For a quick refresher, you can check out our infographic too.
To get answers to your questions, just ask away in the comments below.
Hello everyone and welcome back to yet another Q&A with
@TylerM on all things Nastiest Malware.
We thought we’d host another Q&A so that we can try and answer all of those questions we haven’t had time to get to yet.
If you have a question for Tyler, don’t be shy and ask away below.
With that, we’ll get started:
this is one that is definitely challenging as there is no one central best place. Beyond looking at our own data, I follow a lot of people on twitter for samples and hashes of new campaigns and breaking zero days, but if anything is really important or trending you can usually get wind of most of them by signing up for news feeds (like ABIS News Team or others).
If that’s still too much you can always check out the regular threat reports or blogs that vendors typically have - we do :)
They are getting better and better. With most of these attachments as a word document many people believe nothing of it. They are harmless until they click that “enable content” button, but its pretty easy to convince people to click. Look at this one for Canadian university. You really need training to avoid these obvious scam tactics. Also disabling things you don’t use is very useful here as 95% of employees likely never need macros and they can be disabled through group policy in the registry
Depends what you mean by “worst”
Probably when we first encountered ransomware combined with worm-like capabilities in wannacry, but I think there were fringe cases before that (but very isolated comparatively), but nothing like the EternalBlue exploit combined with ransomware that became worldwide famous in 2017.
As far as like most damage a piece of malware could do it could literally blow up powerplant by simply opening the wrong valves. Stuxnet is famous as a US gov operation that took down nuclear centrifuges causing them to operating incorrectly and break down.
As a general rule, you never rule out malware on any device, but iOS does a pretty good job. Of course there are frige cases and plenty of fake apps that make it onto the appstore, but it’s not as much of an issue as android.
Android has a MUCH larger marketshare of smartphones on the planet. Like Windows, android it is the favorite target for criminals on the mobile platform because there is the biggest pool of devices it will work on. Also there is much larger OS fragmentation with many people in 3rd world countries with smartphones that are running very out of date android OS and susceptible to exploits
Remember that all phishing for financial credentials from SMS or mobile browser is an issue for all mobile devices.
There is no one thing, so here are 6 things
Use a reputable, proven, layered cybersecurity strategy
Embrace user education
Lock down remote connections (think RDP)
Disable what you don’t use (think Macros, powershell)
Inventory and patch management
Strong password policies (passphrases - length is strength)
As far as a starting an attack that eventually leads to something nasty like ransomware I woud look at the lures I would say this one that I referenced in an above post but also here below. I can see MANY employees/Students falling for something like this
Source: Bleeping computer
I can never recommend paying a ransom, but there are absolutely scenarios where it is the only option. Sometimes the data is that important and I can understand.
But as a general rule, try to make due and roll back and lean on backups.
That just about wraps it up today.
@TylerM and everyone who joined us today and sent us a question.