Your browser is obsolete!

The page may not load correctly.

Configure it!

Настрой-ка!

Other issues in this category (44)
  • add to favourites
    Add to Bookmarks

Beware of protocol violations

Read: 23153 Comments: 1 Rating: 8

Thursday, February 21, 2019

What can we expect from attackers? The Internet provides quick access to all sorts of statistics—you just need to interpret them properly and use the information to further improve your information security.

Here are two interesting examples.

The first table lists the most common file types being abused by criminals.

PE – an executable file format in Windows. So, what do we see?

  • The most common attacks involve users being served with malicious executable files (Trojans).
  • Office suite documents rank second and fifth. Apparently, those arrive as email attachments.
  • Android came in a strong third in terms of attacks. It has a long way to go to catch up with Windows, but still…
  • Meanwhile, the number of attacks on macOS make it a close rival to Android. However, while users of the latter operating system have somewhat accepted the fact that anti-virus software is necessary, the myth about macOS’s impregnability lives on.
  • Linux (Elf files). Ranks 11th. It just missed getting into the top 10. That's hardly surprising: attacks on routers are rife.

Statistics confirm that criminals are not just interested in Windows—any system can become a target. And more often than not, threats are hiding in office suite documents—stay vigilant, and don't open attachments indiscriminately.

Another piece of statistical data is quite interesting too.

This table contains the list of protocols and ports that criminals usually abuse. We recommend that you show this table to your system administrator.

Imap, pop3, smtp, outlook-web – those all involve email. We can't do without it, and, therefore, we can't close those ports. However, ftp is the second most popular protocol. And this one facilitates file transfers. If you don't use it, close the port.

By default, Dr.Web Firewall closes all non-secure ports, but we still need a way to practice, right? Let's close the dangerous port a second time!

Click on the anti-virus icon in the system tray, and select Security Center. In the window that appears, select Files and Network. Click on the padlock in the lower-left corner so that changes can be made to the settings Go to Firewall; click on the Show additional settings link, scroll down to Operation parameters for known networks, and click Change.

#drweb

In the next window, click Rule sets.

#drweb

Since we can make mistakes, let's back up the existing rules first.

#drweb

Click Default rule, and then press Copy.

#drweb

Then select the new set, and click the Edit button.

#drweb

In the window that opens, click on the plus button to create a new rule.

#drweb

Enter the rule name, the action (Block packets), and the direction (Any).

#drweb

Click Add criterion.

#drweb

In the drop-down list, select TCP; then in the Local port list, select Equal, and in the input field to the right, enter 21 (used for ftp data transfers by default).

#drweb

Press OK.

#drweb

And confirm by pressing two more times.

Now the rule configuration is complete.

#настройка_брандмауэра #настройки_Dr.Web #майнинг #шифровальщик #троянец #Trojan.Encoder

The Anti-virus Times recommends

In the last quarter of 2018, the percentage of ransomware infections spiked from 9% to 20%, thus gaining the lead over spyware infestations. Meanwhile, rogue mining incidents are on the decline, with only 8% of incidents using miners as opposed to 15% and 23% in the second and first quarters, respectively.

https://www.ptsecurity.com/ru-ru/research/analytics/cybersecurity-threatscape-2018-q3

Were attackers so discouraged by their low mining incomes that they switched back to encryption ransomware? That's quite possible. And this is very bad news for those whose systems are not protected.

[Twitter]

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments