You have probably read or seen it on the news. There will be a big cyber attack in two weeks. Not quite.
In brief, it is not that the attack will come in two weeks, the issue is that Russian and Ukranian criminals’ botnet that was due to distribute this particular attack has been interrupted by the FBI. They estimate that it will be up and running again in the next two weeks, so we have some time to prepare ourselves. Nobody has been arrested, so the attack has just been delayed.
What is this attack, and how can I protect myself and my computer?
Below we will look at what the attack consist of, and what you can do to protect yourself:
The attack is email borne and using various techniques to achieve its goal: Your financial data. It is operating as a virus that spreads itself through email contact lists, so the email appears to come from a friend. It contains an attachment which could look innocent enough (like a voicemail, an invoice, etc), but has two pieces of malicious code, namely GameOver Zeus (“GOZ” or “GOZeus”) and CryptoLocker. (Note that this attack affects Windows users, so if your computer is running on a different platform, it wont affect you, this time.)
2 pieces of malicious software:
Game over Zeus
What is GameOver Zeus? GameOver Zeus is sophisticated edition of the familiar Zeus Trojan horse, and used peer-to-peer (P2P) technology to hide its own infrastructure. This makes it harder for harder for law enforcement and security vendors to stop it. They typically infect a computer via attachments or links in emails. If a user clicks on the link or attachment, GOZeus will install itself and sits there silently in the background monitoring activity and looking for financial data. GOZeus then tries to capture information such as bank details, which will be fed back to the criminals. It also sends itself to every contact in your email contact list. (So by not clicking on links and attachments, you not only prevent your own computer for being infected, you dont spread it any further either2. CryptoLocker
CryptoLocker
CryptoLocker is a ransomware. It locks all the files on your computer, and wont open them until you pay a ransom of around 200-300 pounds. Unless you pay up within 72 hours, your files will be destroyed. CryptoBlocker is set to kick off if GOZeus is not proving profitable enough.
What can you do to ensure you stay safe?
The NCA estimates that more than 15,500 computers in the UK are infected and “many more” are at risk. See the NCA website here for more information.
How to protect yourself:
- Update your Windows – It is a good habit to ensure your operating system is up to date and with the latest Microsoft updates applied
- Install a good antivirus protection and keep it updated – If you don’t have antivirus, it is a good idea to install some now, and to keep it updated
- Run anti-malware – many antivirus products also contains malware protection, but if you are in doubt you can do an online malware scan free from many providers
Some general tips on staying safe:
- If you don’t trust the source of an email, don’t open it, and don’t open any attachments and dont click on any links
- If the email is from a friend, but looks a bit unusual, don’t open any attachments or click any links. Maybe send you friend a text or email asking if they sent an attachment for you to look at.
- Dont reply, just delete any suspicious emails.
Remember, even if your email is protected in your place of work you still need to be as vigilant at home on your personal computer which may not have the same level of protection.
What Omniquad says about protecting their Mailwall customers:
“We detect these threats with various means on an ongoing basis – from multiple third party antivirus products to our own internal pattern matching algorithms. We also licence data feeds from other antispam sources. we also have special rules in place to prevent any kind of executable from slipping through even if it is not detected by virus scans. Of course we update our signatures continuously to target new variants.”
As anybody working within information security knows, there are always attacks like this, and information security experts and vendors are working to protect their users on an ongoing basis. We also know that no solution can guarantee a 100% protection over time – as there are always new threats emerging, and not everybody are updating their protection as regularly as they should.
It is therefore important to be alert when checking your email, and vigilance should be a given just like looking to both sides when crossing the street is second nature.
Some links with more information:
Cert UK
Pc Pro best Free Antivirus Software
National Crime Agency
– The Omniquad Security Team
Omniquad Security Blog 