With millions of people affected by ransonware recently, I want people to be informed of how these hackers are able to bypass security measures such as antivirus and antimalware softwares. The most common attack that used a seemingly secure update to infect machines around the world. Such as, ransomware outbreak that took place a few months ago. This type of attack, called a Supply Chain attack, is on the rise.
Supply chain attack has a broad definition of attack to a company supply and demand management system. It can involve physical electronics or software tampering. Today we will be discussing the software end which affect everyday people and poises a significant threat to their security. Millions of people who recently installed and used a well known program called CCleaner has already been infected. Similar to Trojan viruses the end goal of these hackers is to retrieve data from your computer or internet usage.
They first modify the real program to connect to their own server rather then connecting to the program default server to do security update. That allows them to fly in under the radar and undetected by sending “security updates” to the program to the user. This allows them to access your computer through an open port. In a sense its like putting a wedge in the door before it closes which allows them to re-enter the house without ringing the door bell or trying to pick the lock. This is one example of the many ways they can get access to your personal computers.
Prevention:
- If you are not sure of the legitimacy or what the program does, don’t install it.
- Check with a knowledgeable IT person if you need that software and ask them to explain to you what it does. You can also get them to send you the link of the actual program or they can set it up for you.
- Don’t click on pop-ups or advert banners regardless of what it says. I have clients every day who becomes frantic when they get a popup that says their computer has been infected and to install this program now or call this number. If you do what they say then you will get what you were afraid of in the first place.
- Don’t use default Internet Explorer. I suggest using Chrome because it automatically updates without relying on windows update for security. It also allows you to install popup and ad blocker which will minimize your exposure to these fake warning. (Make sure your google update is set to boot up with windows startup or manually update your chrome browser when you get a notification to do so on the top right corner of chrome.)
- Keep your windows operation system updated with the latest security updates and patches.
- Keep your antivirus up to date if you have an installed one. If you don’t have one then make sure your windows defender (windows default antivirus) is turned on and set to scan periodically.
- Upgrade to windows 10 if you are still on windows 7 or older. Microsoft has or will be discontinuing security updates for older operating systems.
- Keep a good backup of all your data. For documents and photos, I suggest to also have a copy saved in the cloud.
Just remember that most of these hackers have monetary incentives. They are casting an interweb net that target corporate and government computer infrastructure. The everyday person is just a small fish that happens to be at the wrong url at the right time. If we keep ourselves properly informed then using the internet has been generally safer than what it use to be for the everyday person.