Does your Security Strategy Cover CryptoLocker?

Antivirus and antimalware software, as we know it, is losing its potency. In fact, some are debating whether it’s even relevant anymore (Is Antivirus Software a Waste of Money?Just how effective is antivirus software?Is antivirus software still relevant?). Although we think such software will always be a fundamental part of an overall security strategy, it can no longer be solely relied upon to protect an organization from modern security threats.

Being in the IT business, we’re often the first to know about the latest iterations of viruses or malware — not because they show up in industry reports or expert blog posts, but because our customers have experienced the misfortune of setting loose a modern piece of malware within their organization’s network. Ever heard of CryptoLocker? We’ve helped dozens of customers unscramble their networks (thank you, backup systems that actually work) due to this vile piece of computer code. But why were our customers’ networks still infected even though modern antivirus software existed on every endpoint and had the latest definitions updates?

Modern viruses and malware adapt. CryptoLocker instantly spawned dozens of “knockoffs” in a very short period of time because other criminals witnessed its effectiveness and wanted in on the action. It was a relatively simple program, and very easy to distribute (malicious email attachments disguised as innocent, business-y looking files). Antivirus and antimalware software vendors could not keep their databases up-to-date fast enough. CryptoLocker was not the first and most certainly won’t be the last of these “zero-day” attacks.

Thankfully, protection software is finally getting more intelligent. As an example, Microsoft has released an add-on product for its Office 365 subscribers called “Advanced Threat Protection.” Advanced Threat Protection does two things:

  1. It runs any incoming email attachments through a virtual detonation chamber (never thought I’d get to use that phrase in my IT career!), where the attachments are unpacked and actually executed in an isolated area in Microsoft’s cloud. The attachments’ behaviors are analyzed, and suspicious attachments are stripped from the email.
  2. It scans and actually re-writes all links in incoming emails. When a user clicks on a link that has been identified as potentially malicious, they will receive a notification and be disallowed from browsing through to that link.

We have been testing Advanced Threat Protection internally for a few months now, and are now ready to deploy this technology for customers desiring extra protection against malicious email attacks. Give us a shout if you’d like to discuss it further — it’s very simple to deploy if your email is already hosted in Office 365.

Of course, no technological solution will ever fully protect against existing and future cyber attacks. End-user security education is one of the most powerful defenses. Be vigilant, train your PC users to become vigilant, and consider how you can protect the less-vigilant amongst them.

Written by Jake Molko – 10/5/2016