No one wants to be ill at Christmas, but every year thousands of us are left sniffling through our turkey and Brussels sprouts after being exposed to freezing temperatures and rooms full of forced festivity. But just like the kinds of virus that give you a cold, computer viruses proliferate over Christmas, with cyber criminals taking advantage of understaffed organisations to launch attacks.
Few things will make you feel as sick as having to come into the office on Christmas Eve to deal with a cyber attack, so – following on from last week’s blog – we’ve provided a guide to the infections you’re most likely to face and tips for preventing them.
Malware is a range of cyber threats, including adware, spyware, bots, ransomware, Trojan horses, viruses and worms. Each type of malware is designed for a specific purpose, but they’re usually delivered in the same way: a link or file that users click on or download.
It’s often hard to know when you’ve been infected, as some malware sits on computers drawing as little attention to itself as possible. Other malware, such as ransomware, makes its presence clear, locking users’ computers and demanding payment for the decryption key.
You can usually tell if a computer has been infected if it:
- Frequently slows down, freezes or crashes;
- Creates new files or modifies or deletes existing ones;
- Automatically runs, turns off or reconfigures programs; or
- Sends emails or messages to your contacts.
If you discover that you’ve been infected by malware, you should disconnect your computer from the Internet, restart it in safe mode and run a malware scanner. Ransomware won’t allow you to do this (unless it’s fake), in which case you’ll have to perform a system restore or reinstall your operating system. These will both wipe files from your computer (a system restore will only delete information saved before a set date), so you should have backups of important data.
To avoid the damage of a malware attack, you should address the problem across your organisation. Employees should be trained to avoid clicking on suspicious links or attachments, and cyber security personnel should implement and maintain firewalls and anti-malware technology.
2. SQL injection
SQL (structured query language) is a programming language used to communicate with databases. A successful SQL injection allows attackers to spoof people’s identify, tamper with existing data, void transactions, change balances, become administrators of the database server, or disclose or destroy data.
Cyber criminals perform SQL injections by finding an input in an organisation’s web application that uses SQL queries and inserting a payload that will be included as part of the query.
To find out whether your application has been compromised, you should run routine database audits. Multiple errors over a short period of time indicate that someone is attempting an SQL injection.
You can protect yourself from SQL injections by:
- Sanitising and filtering all user input;
- Using a web application firewall;
- Creating user accounts with the minimum levels of privilege for their usage environment;
- Suppressing error messages; and
- Monitoring SQL statements from database-connected applications.
3. Cross-site scripting
Cross-site scripting (XSS) targets scripts embedded in a page that are executed in users’ web browsers rather than on the server. Attackers use cross-site scripting to insert a script in a page that can be executed every time the page is loaded or whenever an associated event is performed.
Depending on the severity of the attack, user accounts might be compromised, Trojan horses activated and page content modified. All of these could lead to users inadvertently surrendering their personal data. Worse still, cross-site scripting could reveal session cookies, allowing attackers to impersonate valid users and abuse their private accounts.
You can protect your applications from cross-site scripting by making sure all user-supplied input is properly escaped (or is verified as safe via server-side input validation) before including it in the output. You can also encode all outputs to user browsers from the web application, giving users the option to disable client-side scripts.
Get cyber secure with penetration testing
It’s easy for infections to sit on an organisation’s systems for months or years unnoticed. To prevent this, you should conduct regular penetration tests.
Penetration testing is essentially a controlled form of hacking in which a professional tester, working on behalf of an organisation, uses the same techniques as a criminal hacker to search for vulnerabilities in the company’s networks or applications.
A level 1 penetration test provides adequate protection for organisations that want to identify exploitable weaknesses, such as those in the OWASP Top Ten. These tests replicate the kinds of low-budget attack that an opportunistic criminal hacker would attempt, and are ideal for SMEs or those with no experience of security testing.
Book a penetration test before 22 December 2017 to get a 10% discount.