Skip to main content

Welcome to another Nastiest Malware Q&A with our security analyst, Tyler Moffitt.

We had so many questions come in that we needed to host another Q&A. Thanks as always for your questions! 

Today, he’ll be available to answer your questions on the latest malware featured in our latest Nastiest Malware list. For a quick refresher, you can check out our infographic too.

To get answers to your questions, just ask away in the comments below.

Go back to the Nastiest Malware Hub

Hello everyone and welcome back to yet another Q&A with @TylerM on all things Nastiest Malware. 

We thought we’d host another Q&A so that we can try and answer all of those questions we haven’t had time to get to yet. 

If you have a question for Tyler, don’t be shy and ask away below. 


With that, we’ll get started: 

 

What are the best sources to follow to stay informed about malware in 2020? - Andrea R.

Why are people so naïve and prone to click a link or open an attachment? - Louis M

Describe the worst malware you have come across. - Tom C

I see the list of mobile adware is only highlighting Android devices. Are iOS devices becoming prone to malware of is the closed-ecosystem make them immune to such threats? - Rob D

What is the most effective deterrent to avoiding malware? - Ari V.

What's the most convincing attack you've seen? - Ryan G.

Would you recommend paying a ransom or rolling back? - Danil C.


What are the best sources to follow to stay informed about malware in 2020?

 

this is one that is definitely challenging as there is no one central best place. Beyond looking at our own data, I follow a lot of people on twitter for samples and hashes of new campaigns and breaking zero days, but if anything is really important or trending you can usually get wind of most of them by signing up for news feeds (like ABIS News Team or others). 

If that’s still too much you can always check out the regular threat reports or blogs that vendors typically have - we do :)


Why are people so naïve and prone to click a link or open an attachment? 

 

They are getting better and better. With most of these attachments as a word document many people believe nothing of it. They are harmless until they click that “enable content” button, but its pretty easy to convince people to click. Look at this one for Canadian university. You really need training to avoid these obvious scam tactics. Also disabling things you don’t use is very useful here as 95% of employees likely never need macros and they can be disabled through group policy in the registry

 

Source: bleepingcomputer


Describe the worst malware you have come across. - Tom C

 

Depends what you mean by “worst”

Probably when we first encountered ransomware combined with worm-like capabilities in wannacry, but I think there were fringe cases before that (but very isolated comparatively), but nothing like the EternalBlue exploit combined with ransomware that became worldwide famous in 2017.

 

As far as like most damage a piece of malware could do it could literally blow up powerplant by simply opening the wrong valves. Stuxnet is famous as a US gov operation that took down nuclear centrifuges causing them to operating incorrectly and break down.

 


I see the list of mobile adware is only highlighting Android devices. Are iOS devices becoming prone to malware of is the closed-ecosystem make them immune to such threats? - Rob D

 

As a general rule, you never rule out malware on any device, but iOS does a pretty good job. Of course there are frige cases and plenty of fake apps that make it onto the appstore, but it’s not as much of an issue as android. 

Android has a MUCH larger marketshare of smartphones on the planet. Like Windows, android it is the favorite target for criminals on the mobile platform because there is the biggest pool of devices it will work on. Also there is much larger OS fragmentation with many people in 3rd world countries with smartphones that are running very out of date android OS and susceptible to exploits 

 

Remember that all phishing for financial credentials from SMS or mobile browser is an issue for all mobile devices.


What is the most effective deterrent to avoiding malware? - Ari V.

 

There is no one thing, so here are 6 things

 Use a reputable, proven, layered cybersecurity strategy

Embrace user education

Lock down remote connections (think RDP)

Disable what you don’t use (think Macros, powershell)

Inventory and patch management

Strong password policies (passphrases - length is strength)

 


What's the most convincing attack you've seen? - Ryan G.

 

As far as a starting an attack that eventually leads to something nasty like ransomware I woud look at the lures I would say this one that I referenced in an above post but also here below. I can see MANY employees/Students falling for something like this

 Source: Bleeping computer


Would you recommend paying a ransom or rolling back? - Danil C.

 

I can never recommend paying a ransom, but there are absolutely scenarios where it is the only option. Sometimes the data is that important and I can understand. 
 

But as a general rule, try to make due and roll back and lean on backups. 


That just about wraps it up today. 

Thanks to @TylerM and everyone who joined us today and sent us a question. 

Thanks again!