Get in Touch Close Menu

Malware Protection

Malware Protection from Sapphire

Malware Protection

With a payload at the end of the attack chain, malware is continually evolving to evade detection. With advanced malicious software no longer the nation-states’ preserve, security teams are up against a growing volume of sophisticated threats designed to steal data and inflict maximum downtime on operations. Malware Protection is the fight against this.

Malware prays on the emotional response of the end user, often using financial threats or health fears to engage the user to respond to the email, SMS or social media post. The call to action is usually to click a link or to part with information that will allow the attacker to carry out a more targeted attack or to take control of the user’s endpoint.

Comprehensive: Protect endpoints, servers, networks, databases, and cloud applications from malicious software

Sophisticated: Detect and prevent the full range of obfuscation techniques used by threat actors using the latest behavioural and automated learning techniques

Strategic: Enterprise-scale management of malicious incidents with centralised reporting and logging to allow forensic investigations and management reporting

Blog Post – Cring Ransomeware

Sapphire threat intelligence resources identified a sophisticated ransomware campaign utilising the Cring malware and leveraging vulnerability (CVE-2018-13379), identified in 2019 affecting Fortinet VPN Servers. This allows a threat actor to connect to the VPN appliance with no authentication and download session files containing usernames and passwords in clear text.

Though this vulnerability has had a patch available since it was discovered, a list of known public-facing devices that were still vulnerable began to circulate around dark web forums in late 2020. The primary target of these attacks has been industrial enterprises located throughout Europe, with at least one resulting in the temporary closure of a production site.

CRING RANSOMWARE

Sapphire’s Recommendations:

Industrial enterprises are often tempting targets for threat actors as IT infrastructure, especially security is generally given less importance than the safety, reliability and production capacities within these environments. Due to these constraints, prevention through best practice and regular patching are the most effective methods of protecting industrial sites from attackers without compromising functionality.

Sapphire recommends implementing the following to minimise risk without impacting business.

  • Software and firmware of any VPN gateways should be updated to the latest version
  • Endpoint security solutions should be updated to the latest versions, with all recommended modules enabled
  • Enforce organisation-wide RBAC policies and procedures
  • Restrict VPN access between facilities and limit open ports to only those needed
  • Store backups on a secure dedicated server
  • Regularly test backup are working as expected
  • Adopting Endpoint Detect and Response (EDR) and SIEM security solutions in both your IT and OT networks offers additional layers of protection and enables a proactive approach to cyber threats.

Service Features and Benefits

ISOLATION

Sapphire allows organisations to eliminate web and email security risks through isolation – moving potentially malicious web-based functions away from the network and into a secure cloud.

BROWSER ISOLATION

Web isolation also known as remote browser isolation is where all browsing activity is contained in an isolated cloud-based platform away from the network. All sanitised and non-executable content is rendered safely in users devices, therefore, eliminate the risk of an attack.

EMAIL ATTACHMENT AND EMAIL LINK ISOLATION

Block known malicious attachments whilst isolating all other attachments. This enables users to access rendered content, therefore, having no impact on productivity. Reduce the risk of credential theft by preventing users from credentials into website forms.

NETWORK PERIMETER SECURITY

Advanced malware protection requires a layered approach to preventing attacks including continuous network scans, advanced antivirus software, IPS and more. Sapphire’s range of Next Generation Firewalls (NGFW) provide the best malware protection with the ability to identify and block malware before it enters your network.

ENDPOINT SECURITY

There are many types of malware that can attack your networking including ransomware, viruses, spyware, trojans and adware. Sapphire works with the worlds-leading endpoint security technologies to help organisations mitigate the issue of malware by detecting and remediating threats.

PHISHING TRAINING & AWARENESS

Reduce risks associated with phishing and spear-phishing, such as ransomware and malware with Sapphire’s security awareness training. Raise general awareness of email security, the implications of opening emails and measure how susceptible users are to phishing attacks and implement an effective improvement programme with rich training content.

Frequently Asked Questions on Malware Protection

1. What is malware?

Malware is short for malicious software. It is a catch-all term for any piece of software with nefarious intent designed to act on an organisation’s endpoints and networks.

2. What are the most common types of malware?

Common types of malware include:

  • Worm – A worm is a piece of malware that self replicates, spreading to other users and devices in a way designed to achieve specific ends. This can either be high volume and fast to propagate rapidly, or quiet and stealthy.
  • Trojan – A catch-all term for a piece of malicious software that works in the background to achieve malicious ends.
  • Ransomware – A piece of software that encrypts the victim’s data to block access until a ransom has been paid.
  • Spyware – Spyware is often otherwise known as a key-logger, capturing screenshots, keyboard strokes and other sensitive data.
  • Adware – Once downloaded, adware will unexpectedly show advertisements on the user’s computer.
  • Botnet – a group of devices that has been infected by malware.

3. How do enterprises protect against malware?

  • Focus on employee awareness programmes to increase vigilance
  • Install next-generation anti-malware solutions and EDR
  • Carry out regular simulated attacks to test the response and follow up with training and awareness
  • Back up regularly
  • Ensure patching and software upgrades are carried out as soon as they have been verified and tested, in line with guidelines and what is practical for your business. Deploying services such as Vulnerability Scanning, and incident and event monitoring will help with this.

4. WHAT IS THE DIFFERENCE BETWEEN AN ANTIVIRUS SOFTWARE AND A MALWARE REMOVER?

Antivirus software is designed to prevent infection but can also include how to remove malware from an infected computer. On the other hand, stand-alone malware remover offers a convenient way to find and remove malware from a user’s computer in case the product that was already installed fails to do so.

Although running an antivirus scan plays a significant role in keeping your computer safe, malware removal software is necessary for maximum computer protection and security against different types of threats and viruses.

So, the best protection against malware threats and other types can be achieved by combining antivirus software, with the best malware removal tools and EDR.

5. WHAT ARE THE TELL-TALE SIGNS OF MALWARE?

You will see common symptoms on your phone, computer, and tablet. Your device could be infected with malware if:

  • It won’t restart or shut down
  • It won’t allow you to remove the software
  • It uses a new default search engine or displays new tabs or the websites you didn’t open
  • It shows the ads typically you won’t see, such as on government websites
  • It sends the emails you don’t write
  • It suddenly crashes, slows down and puts repeated error messages
  • It provides a lot of pop-ups, inappropriate advertisements, or advertisements that interfere with the content of pages
  • It runs the battery life quicker than it should
  • It keeps altering your computer’s internet home page
  • It shows new and unexpected icons or toolbars on your desktop or browser

6. HOW TO CHOOSE MALWARE REMOVAL SOFTWARE?

There are several ways you can use you to choose the best malware removal software tool, and they include:

a). Great Malware Removal and Protection

An excellent malware removal tool should quickly and effectively catch and remove online threats. Although you can get a free malware removal tool, ensure the security software has all the necessary features.

b). Customer Support

If the malware removal tool isn’t working correctly, you should be able to get quick and efficient support. You can test customer support by email, phone and live chat and rank according to the information they help to provide.

c). Additional Features

On top of malware protection and removal, the best malware removal tool should offer many extra features. You should ensure that all the anti-malware tools advertised are working as advertised. Some additional features include a virtual private network (VPN), Wi-Fi scanning and dark web monitoring.

d). Ease of Use

Cybersecurity products must be simple to use, no matter how tech-savvy you are. Ensure the anti-malware software you choose is user-friendly for all user types.

e). Value

Even when you choose free anti-malware software, you should ensure that the antivirus protection software offers a good number of cybersecurity features and has the price. Not only should your malware scanner be able to make it worth the money you will spend.

Opt for malware removal software with various cybersecurity features like helpful add-ons such as money-back guarantees, free trials, and first-time discounts.

7. HOW CAN YOU AVOID MALWARE?

Scammers often bundle harmful software with free downloads to deceive customers into clicking on links that will download malware, spyware, and other threats.

Here are some tips for keeping viruses at bay:

  • Utilise a firewall and install and update security software
  • Set a security software, an internet browser, and an operating system to update your operating systems automatically
  • Avoid weakening your browser’s security settings and check your browser’s security warnings
  • Minimise drive-by or bundled downloads to maintain your browser’s default security settings
  • Scan USB drives and external devices before you use them
  • do not give accounts admin privileges for day to day work (only use admin accounts for admin tasks)
  • control ability to download and execute files

Start your fight against malware

Sapphire offers some of the most progressive anti-malware technologies on the market.

Deployed in layers, alongside other countermeasures, Sapphire’s Malware Protection service significantly increases threat detection chances across networks, endpoints, and the cloud.

Contact a member of our team today and learn more about our Malware Protection service.

I agree to the terms & conditions