Since the discovery of Stuxnet several years ago, there has been a parade of targeted malware (such as Flame, Duqu, Gauss and now Regin) that may have been created or sponsored by nation states. These complex threats have a dizzying array of functionality designed, at least in part, to spy on its intended victims. Naturally, such exceptional threats garner much media coverage. But as an average person or business, is this something you need to worry about?
Generally speaking, unless you have state secrets or provide financial or Internet services to someone who does, it is not likely that you will run across such notable threats as Regin (detected by ESET as Win32/Regin) and company.
Featured Download: Social media access at work. Do your employees know the rules?
This does not mean that there are no potential threats to the average person, as by most counts, more than 200,000 new malware are discovered every day. And most of them are significantly less complex yet far more prevalent. For those of us who are not targeted by government agencies, protection is a relatively simple thing, and there are things all of us can do to make ourselves safer against regular malware threats:
– Update
It’s always important to update your software, including operating systems, applications and browser plugins. Speaking of which: Adobe recently released an out-of-band patch for its Flash Player product. For the average person, this vulnerability poses more risk than the Regin malware, so be sure to get this update as soon as possible.
– Backup
Bad things happen, not just security problems. Having a good backup can make recovering from these problems much quicker. Cyber criminals have been very interested in creating ransomware lately; if you have a recent backup, this entire class of malware becomes a minor annoyance rather than a serious threat.
– Layered Defences
It is a good idea to use multiple layers of detection. An anti-malware suite with a firewall is a good thing to have. You can also protect data by encrypting it in storage and when you send it across the network, such as via email, IM or via the Web. It is also wise to have a healthy sense of paranoia about online interactions, as cyber criminals often try to tempt people into letting malware past defences. “Trust but verify” messages, files, and websites that seem unusual or suspicious.
– Two-Factor Authentication
Use strong passwords. Many sites and services now offer Two-Factor Authentication (2FA), which offers you another layer of protection even in case your password is stolen or cracked.
If a sufficiently funded and determined adversary such as a nation state is targeting a company or individual, the best hope may be quick detection after the fact. But for most people around the world, we are not likely to be caught in the crosshairs of these digital weapons. There are many things most of us can do to improve our security to a reasonable degree so that we can limit the number of malware that are truly a threat to us.
Stay up to date with latest threats by reading our blog or following us on Facebook or Twitter.
About ESET Ireland
ESET Ireland will keep your hardware and software performing as it should. The company has hundreds of people around the world working hard every day so customers’ computers, tablets, smartphones and servers are properly protected. All with minimal impact on their performance.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.