Last week saw another spate of malware attacks via email to which many folks fell victim. Several high-profile ransomware outbreaks have hit in the past few weeks, snaring, among others, municipalities and nonprofits. Many are now asking, With all the advances in technology, why can’t such incidents be stopped?
Unfortunately, given the methods used to thwart malware, the bad guys are always ahead. The typical anti-malware solution compiles a database of all past attacks, then scans emails, hard drives and networks for evidence of such. Thus, to be caught, malware has to have been seen before. While the database is updated daily and sometimes even more frequently, it is easy to see how one can sneak through.
This approach is even more problematic when the bad guys focus on just a few of the main providers. Cloud-based email, such as Google’s gmail or Microsoft’s Exchange Online, are prime targets. The evildoers continually probe such packages for weaknesses, and when one is discovered, attacks are unleashed. The time it takes to discover, report and resolve such a weakness can be only hours if not minutes. In that short period, however, literally millions of PC’s can be attacked.
Will a secondary anti- malware solution help? Maybe a little, if at all. The same reasoning applies; the bad guys also keep track of the weaknesses in Symantec, Kaspersky, McAfee and their peers. When they discover a weakness, odds are good that it is common to all the major anti-malware solutions.
Newer versions of anti-malware use artificial intelligence to detect malware. These new solutions typically monitor your computer for behavior exhibited after a malware infection. Mass sending of emails, for example, is often a byproduct of a malware infection. Such solutions are still in their nascent stages.
As a result, the best defense remains, as we like to say in information technology, between the keyboard and the chair, namely, the person operating the computer. The vast majority of attacks are made via attachments in email. Folks should be immediately suspicious of all such emails.
If an email comes from someone you don’t know and has an attachment, be extra careful before opening the attachment. Even if it comes from someone you know, and you are not expecting an attachment, be careful.
If an email address doesn’t match to the display name, it is almost always malware. For example, user@domain.com is the address but it displays as Incoming Fax. Most every email package will show both a display name as well as the email address. This information, however, is sometimes lacking on smartphone apps. If in doubt, don’t open the message on your phone, and wait until you can get to a computer to check it out.
If an email comes from a service you use, such as Dropbox or SharePoint, be very wary. If in doubt, log in to the service directly rather than open the email.
Following these simple rules will go a long way toward avoiding a malware attack.
John Agsalud is an IT expert with more than 25 years of information technology experience in Hawaii and around the world. He can be reached at jagsalud@live.com.
