As malware threats loom, end users are the weak link

The ACCC has alerted small businesses to be aware of suspicious emails in the wake of an influx of ransomware affecting Australians.

The consumer body said the organisation received over 2500 complaints about malware and ransomware last year alone, with over $970,000 lost by small businesses and consumers.

A recent ransomware scourge involves cybercriminals spoofing a pop-up alert from the AFP claiming that the user’s computer has been locked due to illegal activity or because they breached various laws.

The new wave of ransomware threats are typically variants of the successful Cryptolocker threat campaign of 2014. Ransomware operators typically demand payment using cryptocurrency such as Bitcoin to decrypt a user’s files.

“Scams like this often succeed because they look like messages from a government agency or reliable large corporation,” ACCC Deputy Chair Dr Michael Shaper said.

“It’s important that small businesses are aware that government agencies will not send these demands and they’re dealing with a scammer.”

Last year Australians lost a combined $81.8 million to fraud, statistics provided by the commission show.

Research from NTT Group and Dimension Data meanwhile shows that business users are most at risk of malware when they are outside of the protection of corporate networks.

The NTT 2015 Global Threat Intelligence report shows that there is a “massive increase” in malware detections on Monday, when users reconnect their devices to the corporate network after a weekend away.

This indicates that enterprise security systems are serving to protect devices from malware, but users are most at risk outside the security perimeter. In the era of BYOD this wall appears to be crumbling, suggesting that IT can no longer rely on security perimeters to protect the organisation.

According to NTT Group company Dimension Data, controls that seek to address the dissolution of the security perimeter must focus on the end user and the devices they use, regardless of location.

Many end-user devices have unpatched vulnerabilities, making them the weak links in the security chain. End users are also being targeted more frequently than ever.

The report also shows that 76% of identified vulnerabilities on enterprise systems were more than two years old, and seven of the top 10 vulnerabilities were found in user systems, not enterprise servers.

Finance remains the most targeted sector for malware attacks, the research shows, accounting for 18% of all detections.

The key to stronger password database protection

Another way users are the weak link in enterprise security revolves around the re-use of passwords.

There have been regular reports of cybercriminals exploiting and compromising password databases, and due to many users re-using passwords for multiple sites, hackers can speed up the process of brute force decrypting databases by comparing passwords to already cracked entries.

Fortunately a new prototype system has been developed that would make it much harder for hackers to harvest passwords from leaked databases.

The system, which was developed by researchers from Purdue University, is aimed at disrupting the methods that cybercriminals use to crack password files.

Called ErsatzPasswords, the system introduces a hardware-dependent function to the encryption process for creating password hashes. This would make it impossible for hackers to restore the encrypted information into plain text without obtaining the module used.

By manipulating the random value added before the password is encrypted, the system promises to ensure that hackers only get back fake passwords when running brute-force decryption algorithms. But on the server side, a password can be verified without needing an additional file.

Image courtesy of Dennis Skley under CC