Right now, at the close of 2018, the most common attack vector is email. That is, most of the attempted attacks will arrive at your business as an email. They fall into three main types:
Malware is a malicious application that becomes installed on your computer and, without your knowledge, performs some action to the criminals’ benefit.
The emails that carry these threats are created to look like they are from a known, trusted source. They have an attachment such as a Word document or a PDF. You are encouraged to open the attachment. One common example poses as an email from HMRC. It brings good news, you are due a tax rebate. It advises you to open the attachment to learn more. Another example is an email from a courier saying they have tried twice to deliver a parcel. Again, you are urged to read the attachment to learn how you can arrange another delivery.
And of course, if any member of your staff opens one of these attachments, they’ll infect their computer. Once it is in your network, the malware can spread itself to all of your computers and servers.
As you can see, these types of attack are generic, they are sent out scatter-gun fashion to as many businesses as possible. No one singles you out as a likely victim. Trains of thought such as ‘cybercriminal won’t target me because there are bigger prizes out there’ simply don’t apply in this scenario. You’re every bit as much fair game as any other business.
Sadly, anyone can. You can find services on the dark web that will allow you to conduct a ransomware attack with no upfront expenditure. The malware-as-a-service providers will supply both the malware and the command and control server that sends the decryption keys to the victims who have paid the ransom. You even get a nice dashboard presenting the statistics of your malware campaign, so you can quickly see how many sites have been infected, how many of those infections have been triggered, how many have paid the ransom and so forth. All you need is a willingness to commit a crime, and the belief that you can make some easy money.
Your antivirus or anti-malware software (AV) should trap these types of threat, at the point where the user tries to either open the email or open the attachment (it depends on the make of the AV product). You need to ensure you are using a market leading product, and it must be configured to automatically keep the AV engine and signatures up to date.
If the threat is a brand new one, never seen before, your AV is unlikely to trap it. If the AV product developers have not yet identified a signature for that type of new threat, they cannot identify and trap it on your network endpoints. This is known as a zero-day threat.
The simplest way to prevent infection of course, is for the recipient to identify the email as a threat, and to delete it without opening the attachment. That requires constant vigilance and an understanding of what to look out for, but these skills can be achieved by staff awareness training.