Viruses and Trojans infect PCs again and again. Mostly unnoticed by the user, you receive an application as a Word document and are not surprised when you click on it and open the application. At this point, it is usually already too late.
The embedded malicious program loads any other malicious software or creates access to the PC for the attacker. Even if you now find out which virus or Trojan was attached to the original document in which Mail forwarded with the subject SCAN to [email protected] , you no longer have a secure PC. You will get a report back on this email forwarding, which contains reports from all major virus scanners.
Means in case of suspicion of damage PC off and call a professional. e.g. us.
If a malware attack goes unnoticed, it usually spreads to other PCs, such as customers' and employees' PCs. The infection may take your data hostage.
How does he do it?
This is versatile, many programs go dormant after downloading more malicious code and wait for late evening hours or days later before starting their work. This further disguises the source of the infection.
Malicious programs are usually designed to spread and remain hidden permanently. The spreading is done, for example, by embedding itself into documents on the PC or network drives and waiting for the next colleague. Obfuscation and persistence can be even more versatile.
The malware encrypts, for example, all your data on the network and backups that they can access, as well as all data on the PC, of course. After that, they demand a ransom for the data.
If nothing is encrypted, the malware may infect other Word documents and resend itself as an email. There are no limits to the imagination. Keyloggers log all of your inputs, so the attackers get further accesses, for example.
Malware often opens encrypted tunnels through all the company's IT security measures. This then allows attackers to act remotely, as in the case of remote maintenance.
We, as IT experts and software developers, can make systems operational again in the first steps by restoring unaffected backups or by analyzing each individual document, if no backup is available, to find the malware in documents. We can then clean them up.
Furthermore, you can observe the network behavior and thus detect infections. For example, if a certain PC always sends large amounts of data to China at night, this is a clue.
Security vulnerabilities in software:
All software has security vulnerabilities sooner or later, whether web applications or software or operating systems installed on the PC. A security vulnerability is not yet a reportable incident, only when it has been actively exploited can it be a reportable incident.
How to protect PCs and networks?
- Always keep the software up to date
- massively rely on encryption
- Use strong passwords and two-factor authentication
- Use antivirus software, but this is not a panacea, even if antivirus software is in use, this does not mean that other components have not already been downloaded or access has been created, which will not be detected.
- Use password manager to set and manage unique password for each application
- UTMS, regulate and monitor behavior on the network, alerts, etc. https://de.wikipedia.org/wiki/Unified_Threat_Management
- Control firewall, regulate network traffic
- VLANs, separate the network traffic
- Use encryption in the network
The biggest question is always from when do I have to report. The fact is that software is always affected by security vulnerabilities, regardless of whether it is large software vendors such as Microsoft, who close numerous security gaps every second Tuesday of the month with their patch days, or small software vendors who usually do not even make any improvements.
If there is damage, it must be reported as an incident. If, however, it was possible to react in time and there is no damage, then there is nothing to report.