How can just 5 seconds save your business?

Information Security Consulting image

Malware - image of 3 monkeys

30-07-2015 – We get a lot of IT support calls from clients affected by some malware that has interrupted their workflow and stolen or corrupted data. Most often, the attack vector was a link in an email.

It happens so often that I thought I would post about it.  But it’s not just a professional rant, at the bottom of the article I have posted an email that you can send to all your employees and contractors using your network to educate them on the dangers of clicking unknown links and how to tell what an illegitimate email looks like.

“If it looks like a duck”

The problem is, we’ve become a society that is used to making very quick decisions and devoting very little time to mundane tasks, like processing 90% of our email.  Many of us don’t read anything but headlines, subject lines, or the first line of text in an email before taking action.

So if the headline information passes the “looks like a duck” test then we assume it must be a duck and click the attachment or link before we hear it quack.

Boom.  Data gone.  Contacts stolen.  Day interrupted and it’s time to talk to us.  An extra three to five seconds could have prevented all of it.

So my recommendation is to spend a little bit more time evaluating links before clicking.  It’s a minimal investment that saves hours or days of disruption.  If a new, unseen crypto-variant lies in the attachment, it could even save your entire business.

Ryan Thomas

Useful Resources

Here’s an article that backs up what I’ve said here and gives some extra tips: http://www.welivesecurity.com/2015/05/12/5-practical-tips-avoid-ransomware-email/

And here’s the excellent guide from the Australian Signals Directorate pointing out how 85% of intrusions can be prevented. http://www.asd.gov.au/infosec/top-mitigations/mitigations-2014-table.htm

Here’s a Useful Email Template

If you’ve been hit by Ransomware before, and you want to issue a reminder, feel free to use this email to educate your users on the ease with which it can be avoided.  You’ll need to replace the bits in CAPITALS.

Dear All,

In the recent past, our IT systems have been attacked by various forms of malicious software (Ransomware) which has impacted the availability of IT Services.

These outbreaks are caused by sustained email campaigns, often with targeted messages which resonate with the recipient.   The emails contain links to websites that, once clicked-on allow the Ransomware to execute and damage files or obtain your personal information.

Recently this has resulted in the rapid encryption of thousands of documents, which can only be recovered from backup.  While our system systems does pick up the abnormal behaviour, damage occurs very quickly.

How can you help?

Like any form of security – personal, physical, or an IT system, you play a part in the security chain.  We have in place a range of tools to identify threats to the system, but we also need your help to protect the business.

The most common form of Ransomware emails circulating in Australia at present purport to come from:

  • Australia Post
  • Australian Federal Police
  • Woolworths
  • Banks
  • Couriers

While the quality of the messages is improving, poor English, incorrect logos and spelling errors are common.

If you hover your mouse over the links in the email, you will also notice that you are being directed to a domain name that has no relevance to the company the message purports to represent.

Common sense helps too – for example the Federal Police don’t issue speeding fines, and Woolworths probably doesn’t just want to give you $750, do they?

What should I do?

If you are unsure of the validity of a message, forward the message to me for analysis at YOUREMAIL@YOURCOMPANY.COM

If you think you have clicked on something you shouldn’t have, call me immediately.  Don’t hide or pretend it didn’t happen – the breach will always lead back to your computer or mobile in the end so let’s get ahead of it early.

Why doesn’t the Antivirus work?

It does, but by its nature antivirus software works using patterns of code that have been identified and wrapped-up in an update and deployed retrospectively.  That is to say it’s a reactive approach to an existing threat.

We also use systems that identify patterns of behaviour that are suspicious, which is what has protected us recently, but not before some damage has occurred.  Our approach to IT Security is constantly evolving to address the threats to our operations.

Example of a fraudulent email

Australia-Post-Fraud-Email

At first glance, it looks like a genuine email thanks to the colour scheme.  But if you spend just 5 seconds reading it you would realise that it is a fake.

Please don’t click links like this.

KIND REGARDS,

SIGNATURE