Malware ‘Crysis’: New Strain Combines Multiple Threats, Platforms

NEWS ANALYSIS: The latest release of Crysis malware combines ransomware with a data breach, and then spreads on its own

The ability to attack VMs is especially worrisome because it opens a new layer of attack and data breach for companies, Sjouwerman said. In the past, malware avoided VMs because they might be sandboxes designed to trap malware so it could be studied, he said. Now, it appears that getting access to the data on those VMs is worth the risk.

Still, there are some actions you can take that will help keep Crysis or other malware like it at bay. Here are some suggestions from Sjouwerman:

You need what he calls “weapons-grade backups.” You must be making real-time copies of your critical files, and you’re able to revert over the last few minutes. You have to have a very recent version on which you can fall back. Once a day isn’t good enough.

Religiously

You have to patch religiously, Sjouwerman said. This means the OS and all third-party applications must be kept up-to-date constantly to eliminate any vulnerabilities. And you need to get rid of Flash, which no longer needs to exist, and which is a mass of vulnerabilities.

Additionally, you have to start doing what Sjouwerman calls “new-school” security-management training. Getting everyone in a conference room once a year, plying them with coffee and donuts, and resorting to Death by PowerPoint doesn’t work anymore, he said. You have to make employees aware of the risks, and keeping the training fresh is critical, Sjouwerman said. “Send them frequent simulated phishing attacks.”

appleIt’s critical to know that Crysis works so well because it neatly avoids most technological methods of detecting malware and, instead, depends on social engineering. This also means that your employees are subject to a growing, ever more sophisticated level of attacks through their email and social media contacts. It is possible to manage this threat by limiting access to social media from the company network and by setting policies limiting personal email use. However, neither of those strategies is foolproof.

It’s also critical to start making your network hard to infect through segmentation and other means, if only because malware can’t infect what it can’t see.

The new malware threats are the most serious ever, but you can assume that the worst is yet to come. The competition and rapid development will ensure that attacks will rain down on your company without letup. The only thing you can do is train your staff, and take precautions that will never stop. Well, there is one other thing—you can decide to go out of business instead.

Originally published on eWeek.