Versions Compared

Version Old Version 2 New Version Current
Changes made by

Jan Tenenberg

Jan Tenenberg

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This threat can come from several sources including:

  • Organised gangs attempting to steal money or commit blackmail

  • Competitor organisations trying to obtain confidential information

  • Politically motivated groups

  • Rogue employees within the organization

  • Nation state sponsored “cyber-warfare” units

  • Individuals exercising curiosity or testing their skills

  • Whatever the source, the result of a successful security breach is that the organization and its stakeholders are affected, sometimes seriously, and harm is caused.

One of the primary tools used by such attackers is malware and it is essential that effective precautions are taken by Vertic Pty Ltd to protect itself against this threat.

...

The following policies and procedures are relevant to this document:

  • Mobile Device Policy

  • Acceptable Use Policy

  • Internet Acceptable Use Policy

  • Software Policy

The malware threat

Definition

...

Malware comes in many forms and is constantly changing as previous attack routes are closed and new ones are found. The most common types of malware found today are:

  • Virus: a program that performs an unwanted function on the infected computer. This could involve destructive actions or the collection of information that can be used by the attacker

  • Trojan: a program that pretends to be legitimate code but conceals other unwanted functions. Often disguised as a game or useful utility program

  • Worm: a program that is capable of copying itself onto other computers or devices without user interaction

  • Logic bomb: malicious code that has been set to run at a specified date and time or when certain conditions are met

  • Rootkit: a program used to disguise malicious activities on a computer by hiding the processes and files from the user

  • Keylogger: code that records keystrokes entered by the user

  • Backdoor: a program that allows unauthorised access at will to an attacker

  • Adware: a type of malware that automatically delivers advertisements. Common examples of adware include pop-up ads on websites and those which are displayed by software.

  • Bot: an autonomous program which can interact with systems and users for malicious intent.

  • Spyware: a program that enables malicious sources to obtain information about another computer’s activity.

  • Ransomware: a form of malware that essentially holds a computer system captive while demanding a ransom. Ransomware restricts user access to the computer either by encrypting files on the hard drive or locking down the system. It also displays messages intended to force the user to pay the ransomware creator to remove the restrictions and regain access to their computer.

Often these types of malware will be used in combination with each other. For example, an attacker will encourage an unwitting user to infect a computer with a virus which will allow unauthorised access. This initial access will then be used to install a rootkit to disguise further activities, a keylogger to capture keystrokes and a backdoor to allow future access without detection.

...

A commercial, supported anti-virus platform will be installed within the organization at key locations:

  • Firewall

  • Email servers

  • Proxy servers

  • All other servers

  • All user computers

  • Mobile devices, including laptops (phones and tablets where possible)

All anti-virus clients will be set to obtain signature updates on a regular basis, either directly from the vendor website or from a central server within the organization.

...

Quarterly reviews of all anti-virus software must be completed to verify that they:

  • Detect all known and new types of malicious software

  • Remove all known and new types of malicious software

  • Protect against all known and new types of malicious software

Systems not requiring anti-virus

...