How do you know that you have a malware infestation on your PLC, CCTV, IoT device, laptop, workstation or server? Here are the main symptoms:
- You look at your activity monitor and your CPU usage is pegged at more than 100%
- Trying to open an Excel workbook or application takes forever
- Web pages don’t load and your browser times out
- You cannot connect to your local WiFi network
- Freezing, crashing or random strange computer behavior
- Common files your regularly use are modified or missing
- Strange, unknown files, programs, or desktop icons appear
- Randomly programs run, turn off, or reconfigure themselves
- Your antivirus and firewall programs are reconfigured, turned off or deleted
- Emails/messages sent “automatically” and without user’s knowledge
- A friend receives a strange email from you (that you did not send)
If you have any of these symptoms, what kind of malware could you have?
- Ransomware essentially holds your computer system captive while demanding a ransom. The malware restricts user access to the computer either by encrypting files on the hard drive or locking down the system and displaying messages that are intended to force the user to pay the malware creator to remove the restrictions and regain access to their computer.
- Rootkits remotely control your computer without being detected by users or security programs. Rootkit detection relies on manual methods such as monitoring computer behavior for irregular activity, signature scanning, and storage dump analysis.
- Spyware functions by spying on your activity without your knowledge. Spying includes activity monitoring, collecting keystrokes, modifying security settings of software or browsers, interfering with network connections and data harvesting of account information, logins, financial data.
- Trojan Horse disguises itself as a normal file or program to trick users into downloading and installing even more malware. When an attacker has access to your computer, they steal data such as your logins, financial data, even electronic money, install more malware, modify files, monitor your activity, use your computer to host botnets, and anonymize hostile internet activity.
- Viruses copy themselves and spread to other computers. Viruses are used to steal information, harm your computer and network, create botnets, steal money, render advertisements, and much, much more.
- Worms spread over computer networks by exploiting operating system vulnerabilities. Worms harm your networks by consuming bandwidth and overloading web servers. Computer worms contain “payloads” that perform actions on affected computers beyond simply spreading the worm. Worms often spread by sending mass emails with infected attachments to users’ contacts.
Here are the most prevalent malware strains that are targeting you right now:
#1 – Mirai is the malicious poster child for IoT malware, responsible for huge, infected botnets and the largest DDoS attacks on record. Mirai has morphed into multiple related forms, but whether seen individually or as a family, there’s no getting away from the fact it is a virulent, highly dangerous piece of malware. And, it is targeting all those PLCs and Internet of THINGS on your assets!
#2 – Gafgyt exploits specific vulnerabilities in IoT devices. From routers, modems, and firewalls to security cameras and DVRs, Gafgyt embeds itself in a wide variety of IoT devices. The sheer number of unpatched devices you have makes this a threat that has become a criminal family.
#3 – Hajime (Japanese for “beginning”) is malware that takes over one of your IoT devices to protect it from other malware. First appeared as malware attacking the same hardware targeted by Mirai, it was categorized as “vigilante malware”. Still it takes control of your hardware, makes changes, and locks those changes in place with encryption Hajime controls.
#4 – Amnesia Bot reminds us that there are many operating systems for our IoT devices. Amnesia hits your IoT, encrypts vulnerable files, and uses your IoT devices as launchpads for infecting as many systems as possible in the corporate network. Amnesia encrypts some 7,000 different file types. This malware is still an issue for devices where employees are faced with beginning-of-shift messages asking for permission to perform maintenance updates – how’s that driller’s console doing?
#5 – Satori is a developers’ workbench, targeting new CPUs and systems with constantly evolving payloads. Developers have added spam generation and cryptocurrency mining to Satori’s repertoire.
#6 – Persirai focuses on cameras with the ability to infect more than 1,000 different camera models. Got CCTV?
#7 – VPNFilter takes aim at home and small-business routers and comes with a bonus: It can remain in place even after the devices are rebooted. VPNFilter carries a payload that harvests data from the network, works to infect other devices, disrupts the network operations, or hides the location of other botnet nodes.
What can you do about it?
- Install and run anti-malware and firewall software program that installs tools for detecting, quarantining, and removing multiple types of malware. At the minimum, anti-malware software should protect against viruses, spyware, adware, Trojans, and worms. Combining anti-malware software and a firewall ensures that all incoming and existing data gets scanned for malware and that malware can be safely removed once detected.
- Keep software and operating systems up to date with current vulnerability patches. These patches are often released to patch bugs or other security flaws that could be exploited by attackers.
- Be vigilant when downloading files, programs, attachments, and email. Downloads that seem strange or are from an unfamiliar source often contain malware.
To see the latest Athens Group Services developments, please follow us on Linkedin and Twitter.