You remember the Google Doc phishing scheme that spread like wildfires through the internet couple of weeks ago?
You know, the one that tells you that you have received a Google Drive link from someone you know and when clicked, well … opens the doorway to bad things and spams the hell out of the contact in your address books.
Phishing (or malware) Google Doc links that appear to come from people you may know are going around. DELETE THE EMAIL. DON'T CLICK. pic.twitter.com/fSZcS7ljhu
— Zeynep Tufekci (@zeynep) May 3, 2017
Then WannaCry / WanaCrypt0r and their brethren, a new class of malicious ransomwares with wormlike capabilities that replicates by themselves and which when they found you, encrypts and locks up your networks, holds files and data hostage until a ransom is paid.
The ransom fee is usually around $300 to $500 for a computer, and payment is often demanded in Bitcoins which made it extremely difficult to trace the transaction.
See Microsoft’s Customer Guidance for WannaCrypt attacks
While the source of these latest ferocious malware may or may not have come from the arsenal of National Security Agency created hacking tools dumped online in April by a group calling itself the The Shadow Brokers, they all have something in common and that is, they are all part of insidious attacks that includes malicious attachments in emails that once clicked, opens a Pandora box.
They also updated their defenses especially against malicious attachments and now correlates spam signals with attachment and sender heuristics to be able to predict messages containing new and unseen malware variants.
According to them, machine learning which has helped Gmail achieve more than 99% accuracy in spam detection will now be applied more in their fight against zero-day threats, ransomware and polymorphic malware will help them better protect users.
For those using G Suite – Gmail, Drive, Docs and More, Gmail now displays unintended external reply warnings to users. Now, if you try to respond to someone outside of your company domain, you’ll receive a quick warning to make sure you intended to send that email.
With Gmail’s contextual intelligence, it knows if the recipient is an existing contact or someone you interact with regularly to avoid displaying warnings unnecessarily.
Some of the measures they have added includes:
- applying machine learning which has helped Gmail achieve more than 99% accuracy in spam detection in their fight against zero-day threats, ransomware and polymorphic malware will help them better protect users.
- rejecting the message and notifying the sender if we detect a virus in an email.
- preventing you from sending a message with an infected attachment.
- preventing you from downloading attachments if a virus is detected.
- using hosted S/MIME to encrypt email while in transit.
- better data loss prevention for Gmail to protect your most sensitive information.
- and alerts when TLS encryption between mailboxes is not supported or when a message can’t be authenticated so you’re aware when you email someone whose mailbox does not support encryption.
In all though, this is not a time for complacency and below are common tips you should adhere to religiously:
- install any software updates immediately and make it a regular habit. Turn on auto-updaters where available (Microsoft offers that option). Microsoft also recommends running its free anti-virus software for Windows.
- create a backup routine and regularly save copies of all your files. That way if your machine gets infected and your photos and documents are encrypted, you don’t need to worry about losing them.
- don’t click on links that you don’t recognize, or download files from people you don’t know personally. Be extra careful with email attachments, especially with ZIP files and Office documents (Word, Excel, and PowerPoint). Also disable macro scripts from any Office files you receive via email. Most Windows ransomware in recent months has been embedded in documents distributed as email attachments.
- a lot of ransomware is distributed in Office documents that trick users into enabling macro. Even though Microsoft has released a new tool in Office 2016 that limits the functionality of macros by preventing you from enabling them on documents downloaded from the internet, use a different set of tools for your need.
- avoid browsing, opening documents or other regular work activities while logged in as administrator.
- disable commonly exploited ones such as Flash Player and Silverlight when you’re not using them. You can do this through your web browser under the plugin settings.
- if you are an organization, your users are your weakest link if you don’t train them how to avoid booby-trapped documents and malicious emails.
Stay safe tonight.