We’ve had the privilege over the last couple of months to attend a couple of IT and tech industry conferences. The NSA, FBI, and Homeland Security had speakers at these conferences and they are sending a message: US Businesses are the target of sophisticated international cyber-crime rings.
Cyber-crime is a booming business
The presentations included details of how these criminals operate, mug shots, methods of intrusion, possible techniques to thwart their attacks, and the ever-present message: as IT professionals and business owners, we must be more vigilant. This isn’t about the big headline-grabbing intrusions we’ve heard about on the news, there are thousands of intrusions we don’t hear about occurring every day.
Typical Anti-virus software isn’t enough
Signature-based scanners, like used with anti-virus software, are easily circumvented. While it is recommended that we use commercial software, it is becoming evident that network-level (i.e. at the firewall) based scanners must also be employed. While most firewall-based scanning techniques involve scanning inbound traffic, a particularly useful technique is to monitor outbound traffic and external DNS queries. This can help detect the presence of an internal machine “phoning home” to known bad addresses outside your network.
What we’re doing about it
As always, we are on the lookout for cost-effective solutions that will help our clients stay secure. A couple of years ago, we began selling Cyberroam firewalls (a Sophos product). These firewalls allow signature-based scanning of inbound traffic. Last year, we began recommending that our clients run malware software (e.g. Malwarebytes Pro) in addition to typical antivirus software. Now, we are taking further steps – evaluating products that allow scanning of outbound traffic and DNS queries (e.g. OpenDNS). Sophos has a product coming soon that integrates workstation Antivirus scanning, and the network firewall in a unified threat-monitoring console.
What you can do about it
Be vigilant. Don’t allow new toolbars or extensions into your browsers. Be wary of what you click on in your email, browsers, and Facebook. If your machine is running slow or CPU fan spinning up all the time, look at your tasks to see what is causing it (malware can slow down your machine). If you think something might be wrong and you don’t know how to troubleshoot it, ask for help.