Monday, July 8, 2024

How Did I Get Infected!?!


For those of you who think, "Well, if I don't install random new programs from the internet or download random EXE files, I won't get infected" that's not really the case today. Most people are not infected because they browse the internet and accidentally click on an EXE file. That was more common several years ago.

Nowadays, most people get infected because the malware comes to them. 

You don't have to go out on the internet and have to "find" viruses or malware to get infected.

The malware arrives in your inbox, in your private messages, from a trusted source, a hacked website, or inside a program you use, whose company got hacked, like in the case of 3CX.
  • The 3CX hack, which came to light in late March 2023, was a sophisticated supply chain attack. The incident involved the compromise of 3CX’s Windows and macOS build environments, allowing hackers to push trojanized software to 3CX customers.
  • The breach began when an employee at 3CX downloaded a trojanized installer for the X_Trader trading software, which had been compromised by North Korean threat actors. This malicious installer gave the attackers access to the employee's device and corporate credentials, enabling them to infiltrate 3CX’s network and insert malware into the 3CXDesktopApp. The attack was likely carried out by a North Korean hacking group tracked as UNC4736, linked to the financially motivated operation dubbed AppleJeus​ (Security Week)​​ (Security Week)​​ (CISA)​.
This doesn't mean there aren't still things like malware advertising (malvertising), where you see ads on Google to entice you to click on or download something malicious. Another major source of malware now is also social media platforms! YouTube videos as well!! 

For instance, if you look for any kind of cheat, crack, or mod for a popular video game, you will often find videos with external links. Many of these links, especially if they're password protected, contain malware.

Sometimes, it's literally the first search result when looking up something as harmless as "sewing patterns and templates"!!

Here are further examples of common ways people can get infected:

  • Phishing Emails:
    One of the most prevalent methods. Attackers send emails that appear to be from trusted sources, tricking recipients into clicking malicious links or downloading infected attachments. These emails often mimic legitimate communications from banks, social media platforms, or even colleagues.
  • Compromised Websites:
    Legitimate websites can be hacked to serve malware to visitors. This method doesn't require any action from the user other than visiting the site. Drive-by downloads exploit vulnerabilities in browsers or plugins to install malware without the user’s knowledge.
  • Software Supply Chain Attacks:
    These involve compromising a trusted software vendor to distribute malware to end users. The 3CX hack is a prime example, where attackers infiltrated the development pipeline of 3CX, a business communication software, and inserted malware into the software updates, affecting thousands of users.
  • Malvertising:
    Malicious advertisements, or malvertising, are another common method. These ads can appear on legitimate websites and redirect users to malicious sites or directly download malware. Even major advertising networks have been exploited to serve malvertising.
  • Social Media Platforms:
    Attackers exploit the popularity of social media to spread malware. They create posts or messages with enticing links that lead to malicious sites. YouTube videos offering cheats, cracks, or mods often include external links that direct users to malware. These links can appear highly ranked in search results, making them seem legitimate.
  • Messaging Apps:
    Private messages on platforms like WhatsApp, Facebook Messenger, and others can carry malicious links or attachments. Since these messages often come from known contacts, users are more likely to trust and click on them.
  • Trusted Sources:
    Sometimes, malware is spread through channels that users inherently trust. This could be through an email from a known contact whose account has been compromised or through a popular website that has been hacked.

We always recommend installing and using good, trusted, and reliable antivirus and antimalware software for your system. While they are not a silver bullet, these tools provide essential layers of defense against various cyber threats. Antivirus software is designed to detect and remove viruses, while antimalware software targets a broader range of threats, including spyware, adware, and ransomware. 


In addition to antivirus and antimalware software, browser add-ons can enhance your online security by providing additional protection against malicious websites and phishing attacks. One such recommended add-on is Malwarebytes's Browser Guard


Benefits of Using a Browser Guard: 
  • Blocking Malicious Websites:
    Browser Guard blocks websites that are known to host malware, preventing you from inadvertently visiting harmful sites.
  • Protection Against Phishing:
    It helps identify and block phishing attempts, protecting your personal information from being stolen.
  • Ad Blocking:
    The add-on can block unwanted ads, which can be a source of malware through malvertising.
  • Improved Browser Performance:
    By blocking malicious content and unwanted ads, Browser Guard can enhance your browsing experience and speed.

Pacific Northwest Computers Practices Combined Protection; What is That?!

No single solution can offer complete protection against all cyber threats. Using a combination of antivirus, antimalware software, and browser add-ons provides multiple layers of defense, significantly reducing the risk of infection and data breaches. 
Here’s why combined protection is essential:
  • Layered Defense: Different tools specialize in different areas of protection. Antivirus software focuses on traditional viruses, while antimalware software targets newer, more sophisticated threats. Browser add-ons provide real-time protection while you browse the web.
  • Reduced Risk of Zero-Day Attacks:
    Zero-day attacks exploit unknown vulnerabilities. Having multiple layers of protection increases the chances of detecting and stopping these attacks.
  • Comprehensive Coverage:
    Combined tools cover a wider range of potential threats, from viruses and worms to phishing attempts and malicious websites. 
  • We recommend using an Antivirus, 1-2 "stand-alone" scanning tools for general malware and adware scanning, as well as a maintenance/clean-up utility for removing junk/temp/cache/cookie data. 


In today's cybersecurity landscape, simply avoiding the download of random programs or EXE files is not enough to protect against infections. Malware delivery methods have become more sophisticated, targeting users through phishing emails, compromised websites, and even trusted sources like popular software vendors, as seen in the 3CX hack.


Malicious advertisements and social media platforms have also become significant vectors for malware distribution. Given this complexity, it's essential to use a multi-layered defense strategy. This includes installing and regularly updating trusted antivirus and antimalware software to provide essential protection against various threats.


Additionally, browser add-ons such as Malwarebytes Browser Guard offer critical extra layers of security by blocking malicious websites, protecting against phishing attempts, and enhancing overall browsing performance by removing unwanted ads.


Combining these tools creates a robust defense system, significantly reducing the risk of infection and providing comprehensive coverage against a wide range of cyber threats. By staying informed and proactive, users can better safeguard their systems and personal information from evolving cyber threats.

No comments:

Post a Comment