Information Security & Malware

Computer security, information technology security (IT security) or cyber security is the protection of computer systems and networks from information disclosure, theft or damage to the hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.

“Cyber security” focuses on protecting computer systems from unauthorised access or being otherwise damaged or made inaccessible.

“Information technology security” is a broader category which looks at protecting all information assets, whether in hard copy or digital form.

A big impact on information security in organizations can be Employee behaviour. During a research it was observed that employees often do not see themselves as part of their organization’s information security effort and take actions which impede organizational changes.

To manage information security culture effectively some steps are suggested:

Step 1: Pre-Evaluation 

Understand the level of awareness of information security amongst employees and analyse existing security policies.

Step 2: Strategic planning 

A team of skilled professionals should be used to set clear targets and to come up with a better awareness program.

Step 3: Operative planning 

Using internal communication, security awareness and a training program a good security culture can be established.

Step 4: Implementation

The information security culture is implemented in four stages:

I. Commitment by the management

II. Communication with organizational members

III. Training for all organizational members

Iv. Commitment of the employees

Step 5: Post-evaluation

Assess success of planning & implementation and identify unresolved areas of concern.

Cost of Security Breaches

Serious financial damage has been caused by security breaches, but as there is no standard model for estimating the cost of an incident, the only data available is what is made public by the companies involved. Several IT security consulting firms produce estimates of total worldwide losses attributable to virus and worm attacks and to hostile digital acts in general. The 2003 loss estimates range from $13 billion (worms and viruses only) to $226 billion (for all forms of covert attacks).

Reasonable estimates of the financial cost of security breaches can actually help organizations make rational investment decisions. It is concluded that the amount a firm spends to protect information would be a small fraction of the expected loss (expected value of the loss resulting from a cyber/information security breach)

Lack of Global Laws & Regulations

International legal issues of cyber-attacks are complicated in nature because there are no global common rules to judge and punish cybercrimes and cybercriminals. At times when security firms/ agencies are able to locate the cybercriminal behind a cyber-attack or a particular piece of malware, often the local authorities cannot take action due to lack of laws under which to prosecute.

In addition, there is another major problem for law enforcement agencies is to prove attribution. Computer viruses switch from one country to another, from one jurisdiction to another – moving around the world, using the fact that we don’t have capabilities for globally police operations in the similar manner.

Role of Governments

Currently government’s role is to make regulations so that companies and organizations protect their systems, infrastructure and information from cyber-attacks. The government’s regulatory role in cyberspace is not clear. There is an opinion that cyberspace is a virtual space which should remain free of government intervention and that can be seen in many of today’s libertarian block chain and bitcoin discussions.

However, many government officials and experts think that the government should do more as there is a crucial need for improved regulations. The emergency is due to the failure of the private sector to efficiently address cyber security problems.

On 22 May 2020, the UN Security Council held its second ever informal meeting on cyber security to focus on cyber challenges to international peace. According to the then UN Secretary-General new technologies are often used to violate rights.

Cyber security is a fast-growing field. According to a research 46% of organizations say that they have a “problematic shortage” of cyber security skills in 2016, up from 28% in 2015.Commercial, government and non-governmental organizations all employ cyber security professionals. The fastest increases in demand for cyber security workers are in industries managing increasing volumes of consumer data such as finance, health care, and retail.

Computer security can be achieved using threat prevention, detection, and response processes. These processes are based on policies related to different system components. For ex:

• User account access controls can protect systems files and data, respectively.
• Firewalls are the most common prevention systems from a network security perspective.
• They can prevent access to internal network services and block certain kinds of attacks. Firewalls can be both hardware- or software-based.
• Intrusion Detection System (IDS) products are designed to detect network attacks in progress and assist in post-attack forensics.
• “Response” is defined by the assessed security requirements of an individual system and may cover from simple upgrade of protections to notifying legal authorities, counterattacks etc.

At present computer security consists of mainly “preventive measures” such as firewalls or an exit procedure. A firewall can be defined as a way of filtering network data between a host or a network and another network, such as the Internet, and can be implemented as software running on the machine to provide real-time filtering and blocking. Another implementation is called “physical firewall” which consists of a separate machine filtering network traffic.

Some organizations are turning to big data platforms to extend data accessibility and machine learning to detect advance persistent threats.

However, relatively few organizations maintain computer systems with effective detection systems, and fewer still have organized response mechanisms in place. As a result, Companies for the first time are reporting that they are losing more through electronic theft of data than physical stealing of assets. The primary obstacle to effective eradication of cybercrime can be traced to excessive reliance on firewalls and other automated “detection” systems.

Importance of Cyber Security 

1. The costs of cyber security breaches are rising

Privacy laws mean significant fines for organisations which suffer cyber security breaches. There are also non-financial costs such as damage of reputation.

2. Cyber security is a critical issue for stakeholders

New regulations and reporting requirements have made cyber security risk oversight a challenge. The stake holders continuously seek assurances from management that its cyber risk strategies are capable of reducing the risk of attacks and limit financial & operational effects.

3. Cybercrime is a big business

The cybercrime economy was estimated to be worth $1.5 trillion in 2018, according to one study. Political, ethical and social incentives also drive attackers.

4. Cyber-attacks are increasingly sophisticated

Cyber-attacks continue to grow in sophistication and attackers use an ever-expanding variety of tactics. These include social engineering, malware and ransomware.

Social engineering is the use of deception to manipulate individuals to breach security.

A key logger is spyware which silently captures and stores each keystroke that a user types on the computer’s keyboard.

Ransomware

Ransomware is a type of malicious software (malware) which threatens to publish or blocks access to data or a computer system, usually by encrypting it, until the victim pays a ransom fee to the attacker. In many cases, the ransom demand comes with a deadline. If the victim doesn’t pay in time, the data is gone forever.

Ransomware attacks are common these days. Major companies in North America and Europe have fallen victim to it. Cybercriminals attack any consumer or any business and victims come from all industries.

Once the ransomware has been released into the device there is not much one can do unless there is a backup or security software in place. Sometimes it’s possible to help infected users to regain access to their encrypted files or locked systems, without having to pay. A “No More Ransom” Project has created a repository of keys and applications that can decrypt data locked by different types of ransomware.

History

Ransomware can be traced back to 1989 when the “AIDS virus” was used to extort funds from recipients of the ransomware. Payments for that attack were made by mail to Panama, at which point a decryption key was also mailed back to the user.

In 1996, ransomware was known as “crypto viral extortion,” introduced by Moti Yung and Adam Young from Columbia University. This idea, born in academia, illustrated the progression, strength, and creation of modern cryptographic tools. Young and Yung presented the first crypto virology attack at the 1996 Security and Privacy conference. Their virus contained the attacker’s public key and encrypted the victim’s files. The malware then prompted the victim to send asymmetric cipher text to the attacker to decipher and return the decryption key for a fee.

Ransomware attacks began to soar in popularity with the growth of crypto currencies, such as Bitcoin. Crypto currency is a digital currency that uses encryption techniques to verify and secure transactions and control the creation of new units. Beyond Bitcoin, there are other popular crypto currencies that attacker’s prompt victims to use, such as Ethereum, Litecoin and Ripple.

Social engineering attackers have also become more innovative over time. A situation was reported where new ransomware victims were asked to have two other users install the link and pay a ransom in order to have their files decrypted.

How Ransomware Works

Ransomware is a type of malware designed to extort money from it victims, who are blocked or prevented from accessing data on their systems. The two most prevalent types of ransomware are encryptors and screen lockers. Encryptors, as the name implies, encrypt data on a system, making the content useless without the decryption key. Screen lockers, on the other hand, simply block access to the system with a “lock” screen, asserting that the system is encrypted.

Victims are often notified on a lock screen (common to both encryptors and screen lockers) to purchase a cryptocurrency, like Bitcoin, to pay the ransom fee. Once the ransom is paid, customers receive the decryption key and may attempt to decrypt files. Decryption is not guaranteed, as multiple sources report varying degrees of success with decryption after paying ransoms. Sometimes victims never receive the keys. Some attacks install malware on the computer system even after the ransom is paid and the data is released.

While originally focused largely on personal computers, encrypting ransomware is increasingly targeting business users.

Enterprise ransomware infections or viruses usually start with a malicious email. An unsuspecting user opens an attachment or clicks on a URL that is malicious or has been compromised.

At that point, a ransomware agent is installed and begins encrypting key files on the victim’s PC and any attached file shares. After encrypting the data, the ransomware displays a message on the infected device. The message explains what has occurred and how to pay the attackers. If the victims pay, the ransomware promises they’ll get a code to unlock their data.

Ransomware is an online form of the bully’s game of keep-away. Here, the bully gets on your computer and takes your personal files: documents, photos, financial information, all the things you care about. Those files are still on your computer, dangling in front of you, but they are encrypted now, useless to you. In order to get them unencrypted, you’ll need to pay the bully 300500 dollars.

Prevention

Some of the ways to prevent ransomware attacks are:  

• Keep operating system and other software updated: Software updates frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers. So always keep security software up to date.
• Email is one of the main infection methods: Be wary of unexpected emails, especially if they contain links and/or attachments.
• Be especially wary of any Microsoft Office email attachment that advises you to enable macros to view its content: Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
• Backing up important data is the single most effective way of combating ransomware infection: Attackers have leverage over their victims by encrypting valuable files and leaving them inaccessible. If the victim has backup copies, they can restore their files once the infection has been cleaned up. However, organizations should ensure that backups are appropriately protected or stored offline so that attackers can’t delete them.
• Using cloud services could help mitigate ransomware infection: since many cloud services providers retain previous versions of files, allowing one to “roll back” to the unencrypted form.

*****

About the Author

Author is Shailja Bhatnagar, CA in India, CPA from USA, CA in Canada and CIA from USA and partner in PK Chopra & Co., Chartered Accountants providing Auditing Accounting, Taxation and Advisory services and having head office at New Delhi Connaught Place and branches at Mumbai, Ahmedabad, Kochi, Lucknow, Bangalore, Coimbatore and Gurgaon. She holds an extensive experience of 27 years of Accounting, Tax and Audit experience in various countries such as Canada, Dubai-U.A.E. and India. Firm is focused on helping Foreign Companies in setting up Business in India and complying with various tax laws applicable, Building Business, Strategy Planning, NGO NPO CSR sector.