Comparing the Differences in Rapid Incident Response – a virus you can see vs a virus you can’t

Share via:

This is a blog post to help first-line Rapid Incident Responders understand the trials and tribulations related to Ransomware versus a Pandemic.

It was March 22, 2018, when the City of Atlanta publicly realized they were facing one of the largest breaches in modern history (reference). This affected the large metro area as well as the airlines: airport-bound folks couldn’t use Wi-Fi, and citizens couldn’t complete online transactions. There were many other breaches that hit at the same time, this is what we call a ‘cyber wildfire’ spreading across a nation and the world. Healthcare systems in other locations were completely crippled, many towns and cities smaller than a metro were also seeing this widespread attack. Port authorities were hit and shipments were delayed, State and Local government agencies were also being affected.

What was this nasty malware attack you may ask, this was Ransomware. A nasty malware than finds its way into a network landscape and manages to infect any victim it touches. When the malware gains a stronghold, it finds all of the files on the filesystem and forcibly encrypts them and displays a message demanding a payment (aka Ransom). In the case of most state and local government agencies, ransomware asks for payment via Bitcoin; however, the suggestion is not to pay the bad actors. Just to note, the specific ransomware that affected these cities and towns in the City of Atlanta was called SamSam. This type of malware was created in order to extort hospitals, municipalities, and public institutions which cost over $30 million in projected losses.

The good news:

These bad actors were caught and brought to justice (reference). The list of infected was large in the indictment and included many places you have been to or heard of.

You might be asking yourself “What Is the Difference Between Malware and a Virus”, they can be often used interchangeably, but are technically different, and so the technicalities are important to note.

  • Malware is a catch-all term for any type of malicious software, regardless of how it works, its intent, or how it’s distributed.
  • A virus is a specific type of malware that self-replicates by inserting its code into other programs.

Fast forward to today:

We are in Rapid Incident Response phase for a virus you can see causing the worldwide pandemic with COVID-19. This has crippled business to the point of shutdown and for those business to survive, working remotely is critical. We are all so dependent on internet during this pandemic that we cannot afford a Cyber wildfire like we saw a few years ago. How do we secure our workers from home and ensure stability of Critical Infrastructure services such as military, state and local governments, first responders, healthcare systems and workers, as well as financial markets?

The largest targets today are VPN devices or routers given for home offices using the ISP of choice. We are also seeing a reconnaissance of networks related to financial markets where the Zeus Trojan has been found. As all these finances from governments are dispersed to the population, we need to ensure our own cybersecurity protection as well as Personal Protective Equipment (PPE) to hide ourselves from the virus you can see.

Here are some technologies that help secure your remote workforce that is working from home to ensure they stay away from viruses affecting humans as well as malware. Now is the time to be more vigilant than ever, especially when working from home or the business.

  • Windows Virtual Desktop (WVD)
  • Azure Sentinel
  • Enable or strengthen Multi-factor Authentication using Location-based restrictions
  • Use dedicated admin accounts
  • Raise the level of protection against malware in mail
  • Protect against ransomware
  • Stop auto-forwarding for email
  • Use Office Message Encryption
  • Protect your email from phishing attacks
  • Protect against malicious attachments and files with ATP Safe Attachments
  • Protect against phishing attacks with ATP Safe Links
  • Protect against threats in Office 365
  • Configure Office 365 Advanced Threat Protection
  • Configure Azure Advanced Threat Protection
  • Turn on Microsoft Advanced Threat Protection
  • Configure Intune mobile app protection for phones and tablets
  • Configure MFA and conditional access for guests, including Intune mobile app protection
  • Enroll PCs into device management and require compliant PCs
  • Optimize your network for cloud connectivity
  • Microsoft Cloud App Security
  • Monitor for threats and take action

About the Author:

Jonathan Cowan (also known as JC) is a Senior Security Engineer for FyrSoft LLC. JC is passionate about many technologies, however, his primary focus is within Hybrid Cloud Solutions. He is an Industry Proven Technologist with a demonstrated history of experience in the Information Technology and Services industry. JC is a specialized professional in Cybersecurity Threat Response, Modern Workplace, Intelligent Cloud Hybridization, and Digital Transformation.

With over 20 years of computing experience, JC is frequently selected to share his knowledge of various technologies as well as the underlying platforms through blogging and speaking at various industry events, webinars and conferences.

You can connect with him on LinkedIn.

Posted by People Tech Administrator

People Tech is a leader in Enterprise Solutions, Digital Transformation, Data Intelligence and Modern Operations.

Leave a Reply