Kevin James - The IT Control Specialists

    What is a virus attack vector? (…and why should I care?)

    Please note: All of our networks and devices are protected by the best anti-virus in the world. While these programs limit exposure to a variety of risks, they cannot halt cyber attacks which exploit human error.

    Many new viruses are created with the specific aim of being extremely hard to detect and remove once they enter a network. The best strategy for dealing with them is simply to make sure that doesn’t happen. Below is some key information to help protect your business.

    What is a virus attack vector?

    A virus attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a ‘payload’ or activate malicious code. Attack vectors exploit system vulnerabilities, including the human element.

    Please take into account that viruses can be contracted and spread by non-vigilant employees. In order to protect the business, the seriousness of this trend must now be understood.


    5 Virus attack vectors you need to beware of

    1. Online ads

    Nowadays simply surfing the Web can be very dangerous. Most malware comes from legitimate websites because of poor passwords or software flaws. For example, malvertisements — online ads with malicious code hidden inside them — are popular methods to spread malware. Without even knowing it, your computer is infected upon visiting the website, following the advertisement display.

    2. Social Media

    More than three-quarters of all malware and computer viruses are entering computers via social media. People inherently trust social media because the messages are received from friends and recognizable brands, which makes it the perfect avenue to exploit an unsuspecting individual. Social is now the world’s largest attack surface and medium combined.

    What is Spearphishing?

    Spearphishing is a form of fraud that spoofs messages (comments, private messages, emails), making them seem as though they come from trustworthy senders. These messages may contain links or attachments that deliver malware. This often follows the hacking of user login credentials.

    1. Email Links

    virus attack vector - emailViruses, malware and spyware are ultimately about human faults, not software faults. The vast majority of people have heard they should not click on strange attachments or links in email.

    The biggest secret to why computers keep getting infected is that people don’t follow basic best practices. As an employee, it is your responsibility to find out what those best practices are and to follow them.

    1. USB and Mobile Storage

    USB memory sticks and mobile storage are still among the most common infection vectors. Following any security breach, USB drives which were connected to devices need to be scanned for malware and latent forms of the virus. Not doing so could put the entire network at risk. Similarly USB drives which have not been checked and cleared should NEVER be inserted into machines.

    1. Mobile malware

    Cybercriminals have developed an app for Android phones, which they posted on Google Play labeled as a utility app. What it really did, however, was load up the phone’s memory with malware. The next time that phone was connected to a computer, the malware would activate and infect the computer. Beware of any unknown applications.

     

    What to do if you think you have picked up a virus.

    • Immediately turn off the infected device.
    • Call your IT support Team.
    • Follow their Instructions.

    More about Phishing Attacks (via Emails)
    • The attachment may look safe and the email may contain official looking logos. It may say enticing things.
    • Ask yourself if it makes sense for you to be emailed to your work address with the information in the email. There are no second chances with viruses, upon opening, the attachment will infect the computer.
    • While anti-virus can protect against many things, many of the most dangerous viruses are built to exploit humans, not machines.
    • When online, do not download any programs without approval, even when downloading from trustworthy or seemingly trustworthy websites.
    • Malware can be hosted on popular websites by hackers, using vulnerabilities in browsers to automatically download and execute malware without knowledge of the user. This can be done in the guise of free software such as games, security tools, etc.
    • Antivirus can be instrumental in halting attacks and preventing further damage, but it should never be relied on completely. Today, there are millions of variations on viruses, many of which are known, but many of which remain extremely dangerous.
    • These problems are only growing. The increasing stealth and sophistication of malware attacks makes it more important than ever to understand how malware gains entry into your system.

    Additional things you should know

    What is a Zero Day Virus?

    A zero-day virus (also known as zero-day malware or next-generation malware) is a previously unknown computer virus or other malware for which specific antivirus software signatures are not yet available. Traditionally, antivirus software relies upon signatures to identify malware.

    About Dynamic Threat detection.

    Dynamic Threat Protection, the core of Unified Threat Management (UTM), is a tool which restricts user behaviour on networks in order to reduce the exposure to malicious software and vulnerability to attacks. It limits the specific websites a user can visit to ensure data connections with only trusted sources and can be used to halt all downloads and uploads from non-network devices (BYOD).

    You can learn more about our Dynamic Threat Protection here.

    Sticking to the rules

    Following the guidelines set out by the business – not to visit suspicious websites, not to download free software or software from unknown sources, never to open strange emails, not to trust strange messages from social media sources and never to use infected machines or storage – will ensure you remain safe and able to use the business network.

    Not following these guidelines in the workplace can result in a PC ban, disciplinary or in some cases dismissal.


    1 comment on “What is a virus attack vector? (…and why should I care?)”

    Leave a Comment

    Your email address will not be published. Required fields are marked *