[BreachExchange] Halting Hackers From Sabotaging Computer Systems

Audrey McNeil audrey at riskbasedsecurity.com
Thu Mar 10 19:20:44 EST 2016


http://news.fullerton.edu/2016wi/ransomware.aspx


Cal State Fullerton's Mikhail Gofman, assistant professor of computer
science and director of the ECS (Engineering and Computer Science) Center
for Cyber Security, discusses the issue of computer security and the
vulnerability of hackers using malware to take control of computer systems
— crippling businesses and accessing sensitive data.

These threats target companies, such as the recent attack on a Los Angeles
hospital, and government institutions around the world, and steal sensitive
and private data and sabotage critical infrastructure, such as power
plants, said Gofman, an expert in Web security, virtualization and cloud
security, and biometric authentication.

Why is ransomware a growing problem?


Ransomware, like many varieties of malware today, is distributed by the
pay-per-install networks (PPIs), which are black markets specializing in
malware distribution for profit. Back in the old days, hacker enthusiasts
spread malware to get a feeling of accomplishment for having successfully
infected the system. Today, the majority of malware spreading is done for
profit.

How are systems breached?


The attackers develop malware, such as ransomware, trojans, fake
antiviruses and worms that are designed to help them achieve monetary gain.
Attackers then hand their creations to PPI networks, which for a fee, plant
the attackers' malware in many systems. Everybody wins, except the victims,
and the attacker's malware extracts money from the infected systems and
users, and PPIs make money from the attackers who pay them for their
distribution services.

Many of the vulnerabilities that allow attackers to successfully plant
malware, such as ransomware, are not new. They are a result of insecure
system implementations and configurations, most of which are avoidable. For
example, a company not forcing all email attachments to be scanned for
infections prior to opening them.

What can be done to prevent ransomware?


First and foremost, company employees must be trained to make
security-conscious decisions. One employee opening an infected attachment
can result in the ransomware spreading throughout the company network.

Employees should not: open attachments in unsolicited/suspicious emails,
insert personal USB drives to their work computers, connect personal
computers or phones to their work computer through Bluetooth, or visit
shady sites from work computers. Companies should also ensure that their
network is firewalled, in order to prevent infections from entering the
network, force email attachments and USB sticks to be scanned for
infections, and when it comes specifically to ransomware, maintain
redundant backups of all important data. On the broader scale, law
enforcement needs to crack down on the people who develop ransomware. It's
important that we pursue not just the creation, but also the creators.

What is the center doing in the fight against cyberthreats?


Our strongest weapons in the fight against malware are education and
research. We must prepare a generation of security experts and
security-conscious users, as well as research solutions to the new problems
that arise. Through the center, we've revised courses in computer security
and cryptography, and created courses in network security and cloud
computing. We're working to develop more courses, including a course in
malware analysis.

Through faculty-student collaboration, the center also has produced a
number of publications, including three publications presented at
conferences in Italy and Spain last year. An article in the Communications
of the Association of Computing Machinery is due out in in April. Through
faculty-student research, we are working with industry to help research
solutions for their security problems and to address pressing issues in
cyber security.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160310/41676126/attachment.html>


More information about the BreachExchange mailing list