Some malware is focused on directly extorting money from the target, such as ransonware; other malicious codes generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen; and other forms deploy social engineering to cause shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted software.
For 2018, SonicWall has revealed its ‘Cyber Threat Report’, which the total number of cyber threats standing at 9.32 billion, as CBR Online reports. To understand more about the risks, Digital Journal spoke with Francis Dinha, CEO of OpenVPN. OpenVPN Access Server is a SSL VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages that accommodate Windows, MAC, and Linux, mobile OS (Android and iOS) environments.
Digital Journal: How serious are malware attacks?
Francis Dinha: Malware attacks can be incredibly destructive, and should be treated as such. Strategically placed malware can put all of your information at risk, including banking and financial info. Even worse, malware can cause a total shut-down, or outright destruction, of your entire system — and via malware ‘worms,’ can spread that destruction even further. Malware attacks can mean financial and technical ruin for yourself and your company.
DJ: What’s the background behind the recent attack on Ukraine?
Dinha: In July, the SBU alleged in a statement that Russian intelligence services are behind an attempted cyber attack against the network equipment of Aul Chlorotransfer Station, an entity based in the Dnipropetrovsk province, which provides chlorination and filtering of clean water supplies. Intelligent services connected the attacks with a particular malware called VPNFilter. According to the SBU, VPNFilter malware was deployed in an attempt to disrupt this critical element of Ukraine’s infrastructure. This certain malware is able to exfiltrate credentials, monitor equipment, and can also render an infected device completely inoperable.
DJ: Where do most malware attacks originate from?
Dinha:Malware attacks can originate from just about anywhere — whether it’s an application you download online, a virus injected into your system via an insecure network, or an email attachment downloaded from an unknown sender (or even a known sender who has been hacked themselves). Malware can come from individual hackers, criminal organizations, known businesses, or even (as we’ve seen more recently) government organizations. If a malicious entity can access your software or hardware in any way, they can inject it with destructive malware — unless you take the appropriate protective measures.
DJ: What can businesses best do to protect themselves from such attacks?
Dinha:To protect themselves, businesses should immediately check their routers and download the recent security patch published by Cisco. A couple other things to do include changing default passwords, updating their firmware, and disabling any remote administration in their settings.
DJ: Are their cultural behaviors that business staff can follow?
Dinha:When encouraging employees to change habits for security reasons, we must first help them understand why they need to follow the most basic security practices. Educate them on why they should never click unknown links, or download random programs. The fact is that most employees simply don’t understand the associated risks to the company. Failure to follow security practices can result in malicious breaches and devastate a company financially, including extensive damage to its reputation. This is really about training and awareness, and needs to be communicated by administrators or IT staff to ensure all employees comply with security policies and procedures.
DJ: Do you think the public is sufficiently aware of attack risks?
Dinha:Absolutely not. To this day, the average consumer uses the same password across multiple accounts; they access private information — including sensitive company information — on public wifi while working remotely, and they rarely take protective measures like using VPNs. Even worse, all too often they click on links or download attachments without verifying the sender or security level! This is where education comes into play; a lot of ‘tech talk’ can put the layperson off, but it’s essential that they educate themselves on basic cyber risks and cyber security. These risks affect all of us, whether you’re aware of them or not — so make yourself aware.
DJ: How about consumers, what can they do in terms of protection?
Dinha:For consumers to truly protect their data and information, users need to look for a VPN service that only allows outbound connections and sessions to the Internet. It’s also important to stay away from VPN services that install Proxy Servers on your device, as this enables inbound connections and sessions. This is dangerous because inbound connections allow others to gain access to a device.
DJ: What services does OpenVPN provide?
Dinha:OpenVPN provides flexible VPN solutions to secure your data communications, whether it’s for Internet privacy, remote access for employees, securing IoT, or for networking Cloud data centers. Our VPN Server software solution can be deployed on-premises using standard or virtual servers, or in an IaaS Cloud. Another option is to allow us to take care of all the heavy lifting by using our VPN Cloud service Private Tunnel.
To gain an alternate perspective on the cyberattack and malware concerns facing businesses, Digital Journal posed similar questions to Douglas Crawford, from BestVPN.com. The interview can be found here: “Surveying international malware threats: Q&A.”