The increasing sophistication of virtual security threats being used to infiltrate company networks has resulted in businesses across the globe having to tighten their security strategies, but even the most rigid systems are rendered useless without understanding from all employees. 

Companies that adopt bring-your-own-device policies, or allow staff to access personal email accounts from company systems, run the risk of falling victim to malware and phishing attacks if they don’t have proper precautions in place. 

Here, we give you the rundown of some of the most common issues business and personal computer users are facing as threats continue. 

What is the difference between a virus and malware? 

Before we begin, it’s important to understand some key terms relating to IT security. 
 
We often get asked what the difference is between a virus and malware, and the truth is that in actual fact, there is no true difference.
 
The term ‘malware’ is short for ‘malicious software’, and includes spyware, trojans and viruses. Each one of these acts in a different way, so protecting your system from all of them is important to all businesses.
 
Antivirus or anti-virus software (AV), sometimes known as anti-malware software, is software that prevents, detects and removes this type of malicious software from your computer.
 
Training your staff on what to look for is the most important way of preventing these attacks on your system. If, however, someone does click something suspicious, having a program to catch this is a secondary line of defence; it’s a further step in the right direction to preventing disruptions.
 

Choosing anti-virus software

There are plenty of different AV programs available, but how do you know which one is right for you and your business?
 
Malware is spread through malicious links and attachments in emails. Unfortunately, no one piece of AV software can catch everything. So, a lot of businesses go for a layered approach; they have an AV program to catch the standard threats that people face on a day-to-day basis, and then an anti-malware program for the more advanced threats that arise.
 

About botnets 

A botnet is a collection of infected computers that are remotely controlled by a hacker.
Once a computer is infected with a bot, the hacker can control the computer remotely via the internet. From then on, the computer is a “zombie,” doing the bidding of that hacker, although the user is completely unaware. Collectively, such computers are called a botnet.

The hacker can share or sell access to control the botnet, allowing others to use it for malicious purposes.

For example, a spammer can use a botnet to send out spam email. Up to 99% of all spam is now distributed in this way. This enables the spammers to avoid detection and get around any blacklisting applied to their own servers. It can also reduce their costs because the computer’s owner is paying for internet access.

Hackers can also use zombies to launch a ‘distributed denial-of-service’ attack, also known as DDoS. They arrange for thousands of computers to attempt to access the same websites simultaneously, so that the web server is unable to handle all the requests reaching it. The website thus becomes inaccessible.
 

What about email malware? 

Email malware refers to malware that is distributed via email.

Historically, some of the most prolific virus families (eg: Netsky or SoBig) distributed themselves as file attachments in email. These families relied on users double clicking an attachment, which would run the malicious code, infect their machines and send itself to more addresses from that computer.

Nowadays, hackers have changed their focus and predominantly use the web for malware distribution. Email messages are still used, but mostly as a way of distributing links to malicious sites, not for carrying malicious file attachments.

A lot of the spam sent from a botnet is for the purpose of increasing the size of that botnet.
Effective anti-spam security, in conjunction with endpoint security software, should be used to defend against email malware. In addition, user education can raise awareness of email scams and seemingly innocent attachments from strangers.

Phishing scams

Phishing scams are attempts by scammers to trick users into giving them personal information such as passwords, bank details, and card numbers. In some cases, they encourage the user to make payments to false accounts.
 
What should you look out for when identifying phishing scams?
 

• The email address – does it look authentic for the person sending the email? The email may have been sent from a completely different address, or a free web address
• Email greeting – the email does not use your proper name, but uses a non-specific greeting such as ‘Dear customer’
• Spelling and grammatical mistakes – broken English can be an indication of something suspicious
• Beware of any links – if you see a link in an email, make sure the web address is the correct one, if you are unsure, DO NOT click on it!
• Threats – scammers tend to use the threat of your account being closed if you do not respond or that your account has been compromised to encourage you to take the action they want you to take
• Spoofing popular websites – scammers will use graphics in emails that appear to be connected to legitimate websites. They also use web addresses that resemble the names of well-known companies, but are slightly altered
• Genuine websites will have a padlock in the address bar for the webpage. If you are not sure whether a site is genuine, click on the padlock and check the security certificate.

Scammers also use phone calling techniques to gain access to your computer and network. They may ask you for your username and password, or to go to a website and install software to gain access to your machine. Once they have access, your personal information is vulnerable. 
 
These types of scams can never be completely stopped (as much as we may want to!). User education is key to preventing businesses from being duped by these scammers. Knowing what to look out for and being vigilant will help thwart these intrusions into everyday life.
 
The most important point to remember is if the email is asking for payment, phone the person in question - a quick call will confirm if the request is genuine or not!

Monitoring spam emails 

Spam is unsolicited commercial email, the electronic equivalent of the junk mail that comes to your mailbox.

Spammers often disguise their email in an attempt to evade anti-spam software.
More than 99% of all spam comes from compromised computers - infected machines that are part of a botnet. Spam is often profitable: spammers can send millions of emails in a single campaign at a negligible cost. If even one recipient out of 10,000 makes a purchase, the spammer can turn a profit.

So, why does spam matter?

• Spam wastes staff time - users without anti-spam protection have to check which email is spam and then delete it.
• Users can easily overlook or delete important email, confusing it with spam.
• Spam, like hoaxes or email viruses, uses bandwidth and fills up databases.
• Some spam offends users. Employers may be held responsible, as they are expected to provide a safe working environment.
• Spammers often use other people’s computers to send spam.
• Spam is frequently used to distribute malware.

Spammers are now also exploiting the popularity of instant messaging and social networking sites such as Facebook and Twitter to avoid spam filters and to trick users into revealing sensitive and financial information.

Get in touch 

Do you need help with IT security? If so, t experts at Evaris are on hand to ensure your business has a good knowledge of the increasing threat of cyber attacks, and how to avoid them. Get in touch with us today by calling 0330 124 1245, or email [email protected].