Other issues in this category (40)
Beware of protocol violations
Thursday, February 21, 2019
What can we expect from attackers? The Internet provides quick access to all sorts of statistics—you just need to interpret them properly and use the information to further improve your information security.
Here are two interesting examples.
The first table lists the most common file types being abused by criminals.
PE – an executable file format in Windows. So, what do we see?
- The most common attacks involve users being served with malicious executable files (Trojans).
- Office suite documents rank second and fifth. Apparently, those arrive as email attachments.
- Android came in a strong third in terms of attacks. It has a long way to go to catch up with Windows, but still…
- Meanwhile, the number of attacks on macOS make it a close rival to Android. However, while users of the latter operating system have somewhat accepted the fact that anti-virus software is necessary, the myth about macOS’s impregnability lives on.
- Linux (Elf files). Ranks 11th. It just missed getting into the top 10. That's hardly surprising: attacks on routers are rife.
Statistics confirm that criminals are not just interested in Windows—any system can become a target. And more often than not, threats are hiding in office suite documents—stay vigilant, and don't open attachments indiscriminately.
Another piece of statistical data is quite interesting too.
This table contains the list of protocols and ports that criminals usually abuse. We recommend that you show this table to your system administrator.
Imap, pop3, smtp, outlook-web – those all involve email. We can't do without it, and, therefore, we can't close those ports. However, ftp is the second most popular protocol. And this one facilitates file transfers. If you don't use it, close the port.
By default, Dr.Web Firewall closes all non-secure ports, but we still need a way to practice, right? Let's close the dangerous port a second time!
Click on the anti-virus icon in the system tray, and select Security Center. In the window that appears, select Files and Network. Click on the padlock in the lower-left corner so that changes can be made to the settings Go to Firewall; click on the Show additional settings link, scroll down to Operation parameters for known networks, and click Change.
In the next window, click Rule sets.
Since we can make mistakes, let's back up the existing rules first.
Click Default rule, and then press Copy.
Then select the new set, and click the Edit button.
In the window that opens, click on the plus button to create a new rule.
Enter the rule name, the action (Block packets), and the direction (Any).
Click Add criterion.
In the drop-down list, select TCP; then in the Local port list, select Equal, and in the input field to the right, enter 21 (used for ftp data transfers by default).
And confirm by pressing two more times.
Now the rule configuration is complete.
The Anti-virus Times recommends
In the last quarter of 2018, the percentage of ransomware infections spiked from 9% to 20%, thus gaining the lead over spyware infestations. Meanwhile, rogue mining incidents are on the decline, with only 8% of incidents using miners as opposed to 15% and 23% in the second and first quarters, respectively.
Were attackers so discouraged by their low mining incomes that they switched back to encryption ransomware? That's quite possible. And this is very bad news for those whose systems are not protected.