While worms aren’t the first choice of many attackers, but they offer a slow-and-steady path to compromise. Once worms have made their way onto networks, they begin replicating, creating copy after copy and spreading across the entire system.
Rootkits create a persistent back door into user devices. While the rootkit causes minimal damage to systems, it provides ongoing visibility for attackers into agency networks and acts as a conduit for additional malware payloads.
Keyloggers monitor user keystrokes, record the data, and send it back to attackers. These tools are often used in account compromise efforts: If attackers can record users entering their login details and passwords, they can leverage this data to gain account access.
Bot-based attacks are all about scale. By launching a host of attacks simultaneously, attackers can target multiple systems and potentially overwhelm network defenses.
10. Mobile Malware
Mobile malware infects mobile devices such as smartphones, tablets and even wearable technologies. Once installed, this malware can compromise applications on devices and potentially make the jump to secure networks if users connect their devices from home or while traveling.
How Can State and Local Agencies Mitigate Malware Attacks?
According to ISACA Board Director Rob Clyde, “The most important thing to realize is that it starts with how you’re protecting users at the endpoint.”
While most agencies now use robust anti-virus tools and solutions capable of detecting malicious behaviors, this is where many organizations stop, Clyde says. But malicious actors aren’t simply tossing out attacks to see what sticks; they’re testing new malware strains in sophisticated labs against existing endpoint security tools.
The result is that despite best efforts, some malware attacks will make it through. “The nature of attacks has changed,” Clyde says. “Many of these attackers are well paid by nation-states or organized crime. They have labs with all the newest security tools, and they can test attacks against new technologies. This is why we keep seeing novel attacks.”
With attacks constantly evolving, how can agencies mitigate the impact?
EXPLORE: The importance of an incident response plan.
First up is employee training. By teaching staff how to spot potentially problematic emails and avoid compromised websites, organizations can reduce their overall risk.
However, this approach takes security only so far. “While it’s worthwhile to tell staff to be cautious, the reality is that these are humans, and attacks are now so sophisticated that if we put our faith in humans, it will never work,” Clyde says. People will never be 100 percent accurate at detecting attacks, and all it takes is one.”
But it’s not all bad news. Clyde points to the use of new solutions such as browser isolation — also known as “pixel pushing” — which can provide users the access they need without compromising security.
“When the user is browsing, the session happens on a separate system,” Clyde says. “A camera is recording the display, and the interactive stream of video is then sent to users. As a result, the only thing being transferred is pixels. Even if code gets into the browser system, it can’t get into secure networks.”
It’s a low-tech solution to a high-tech problem. By using cameras to stream browser data directly to a user’s device, there’s no risk to the network at large. Even if attackers manage to break through existing defenses, they only gain access to an isolated device that offers no way back to critical infrastructure.
DISCOVER: The pros and cons of cybersecurity insurance for municipalities.
Break It Till You Make It
When it comes to deploying solutions that secure state networks against evolving malware attacks, Clyde offers two pieces of advice. First is that organizations shouldn’t rely on “security by obscurity.” While this offers some protection against evolving threats, if attackers can remove the obfuscation of protected data, there’s no second line of defense.
Next is the recognition that attacks will eventually get through. As a result, agencies need solutions that offer solid security but don’t create more opportunities for compromise if they’re breached. “You don’t want things that can’t be broken,” Clyde says. “You want things that, when they inevitably break, it doesn’t matter.”