Heartbleed, GOZeuS and CryptoLocker: Will your network let you down?
Thu 31 Jul 2014
With the rise of prolific vulnerabilities like Heartbleed affecting SSL connections, what can businesses do to secure themselves against them? David Barker looks at examples of recent internet vulnerabilities and how businesses can protect against attack.
Heartbleed – what is it?
Heartbleed is a computer bug which affects SSL certificates and encryption (SSL certificates are used on many systems e.g. websites, email, instant messaging and some VPNs, to prove they are secure). Heartbleed is dangerous as it allows anyone on the internet to read the memory of the systems protected by Open SSL. The result is that anyone could gain access to names, passwords and payment details so that people can easily steal data and use it to impersonate users.
The vulnerability has had a fix released but any non-updated versions could still be open to abuse.
How to protect against Heartbleed
Most users affected by the Heartbleed bug did not know they were open to attack until the news got out about the vulnerability.
- Which services are affected? Find out which websites and services are affected. This will allow for early detection, which is crucial in protecting your business. Lastpass and 1Password have created Heartbleed checkers which help identify any affected sites which could leave you or your business vulnerable.
- Which services have been patched? Look through public announcements to see if the services and sites you use regularly for your business have applied the patch; if they have not then it is best to contact the webmaster and ask about it. LastPass has a checker for its users.
- Leave your account: If a website has not patched the Heartbleed bug you should leave your account as it is, whether it is logged in or not as doing anything to the account will potentially allow a hacker to obtain some personal data about your account.
- Change your password: Once the services and websites have been patched against the Heartbleed bug, you should consider changing your password (making sure it is as strong as you can) not only for the affected sites, but also for any online sites where passwords match the affected ones. It is advisable to adopt a password manager when doing this so you can create unique and randomly generated strong passwords, storing them so you only have to remember one to access them all.
Recently it has come to light that routers and switches are also affected by this bug. Check with your supplier whether your equipment is affected and install any patches where appropriate.
GOZeuS and Cryptolocker – what are they?
Gameover Zeus (GOZeuS) is one of the latest and most dangerous Trojan viruses on the market today. It can affect any Windows computer and is extremely sophisticated. It is designed to steal banking and other credentials, and is spread through phishing messages or spam email. It has been targeting businesses both small and large resulting in millions of pounds-worth of theft and fraud.
Cryptolocker is a ransomware program that silently encrypts the infected machine’s hard drives. Once the encryption is complete, a message box opens demanding one Bitcoin (or approximately £360). If this ransom is not paid, the PC is locked down using powerful encryption, preventing you from retrieving files or data.
- How to protect against GOZeuS and CryptoLocker
Update: You should already be making sure that you have the latest updates for your computers installed. Also run a full system scan with an up-to-date antivirus program.
- Install some tools: In addition, I’d recommend one of the free tools being distributed by the security companies to scan and remove these threats specifically. Trend Micro has its ‘Clean’ tool available at www.trendmicro.com/threatdetector; McAfee also has a ‘Stinger’ tool which can be run from http://www.mcafee.com/stinger. Both of these will remove the GOZeuS, CryptoLocker and most other malware threats on your machine.
- Don’t open suspicious emails: You should also be very careful about any emails you receive claiming to be from your ISP, or the Police, NCA or FBI, asking you to click on a link or open an attachment to run a tool which will remove GOZeuS. These emails could also come from someone you know, but will have been sent by any malware installed on their PC. If this does happen, delete the email and then get in contact with the sender asking them to run the above tools.
- Be wary of pop-ups: Be careful about any pop-up or pop-under browser windows which claim to have detected this, or any virus/malware/problem on your machine; they will typically look like an anti-virus program with a ‘Scan’ or ‘Fix’ button. Clicking this will either download a file to your PC that contains malware asking you to run it, or it will try to exploit a vulnerability in your browser to install itself. A good (genuine) anti-virus program should catch this, but always download files from an official site where possible.
Having a proactive approach to network security will help you stay informed and alert to possible attack. Being vigilant and looking out for new viruses is the best way you can help prevent your computers from getting infected. For bigger businesses without an IT security expert in-house, gaining a security strategy set out by a consultant would be a good approach for your security needs.