Executive

CEO, Pierre Roberge
October 26, 2016

Simple Guide To Improve Security Posture To Minimize Malware Attacks

We live in the business world where more and more employees work remotely. From a business perspective, hiring around the globe allows to tap into more resources. However, remote workers introduce IT security risks.

There a few basic tactics that can be considered and implemented with minimal or no additional cost.

  • Be different and avoid software used by the masses
  • Be disciplined and aware

What does this mean in practice? It depends on your situation, but there are many generic choices applicable to most of us.

Start with avoiding the top 4 cyberattack vectors:

  • Flash
  • PDF
  • Microsoft Office Documents
  • Javascript

By avoiding or limiting these 4 cyberattack vectors, you will most likely prevent 99.9% of attacks against startup, small and even medium size businesses or personally.

Example:

Amazon asked to remove any Antivirus software installed from every employee’s computer!  Why? Recently, Antivirus engines have been easier to hack then the systems themselves, putting Antivirus users arguably at more risk than without it.

Let’s evaluate the most critical software, the web browser.

I cannot stress enough to avoid using Internet Explorer, Edge and Safari, only use it where it is necessary due to legacy reasons.

I recommend using Chrome browser instead. Why? Chrome is built by a team of experts who greatly care about security and minimizing its attack surface. It is not to say that it is perfect, but, in my opinion, it is more secure than the browsers mentioned above.

Chrome has been offering click to play on Flash for much longer than any other browsers, a feature you must make sure is enabled. Click to play on Flash feature prevents hidden Flash module code from running and leaving only the Flash you see to run. Flash is really cycling out of the internet, less and less websites require Flash now to run properly.

To make sure this feature is on, go to Chrome settings –> Show Advanced Settings –> Content Settings –> in Plug-ins, select “Let me choose when to run plug-in content”

https://support.google.com/chrome/answer/142064?hl=en

In addition, Chrome sandboxes your PDF opening it in a process of its own with limited access to your system. This is a great default feature and no action is required to benefit from it.

You can also enable Javascript whitelisting.

What does this mean? Almost every website runs Javascript code in your browser by today’s standard. Almost every non-document attack requires Javascript execution to work. No Javascript, no successful exploitation.

Now, the big problem is that we require Javascript to enjoy the browsing experience, making online payments, listening to music and videos, etc. One possible solution is to use a feature similar to Click to Play on Plugins such as Flash. We can enable Whitelisting on Javascript. However, this will break many websites dynamic and rendering. It takes a little bit of time to manage Javascript whitelisting which can be frustrating. On the up side, you will break a lot of attacks by making them impossible to work against you. Being a user of Javascript whitelisting myself, I’ve come up with a few tricks up my sleeve to avoid some annoyances.

First, here’s how to enable this feature in Chrome.

Go to Settings –> Show Advanced Settings –> Content Settings –> In Javascript section, select “Do not allow any site to run Javascript”

simple_guide_1

Don’t worry, you can still let Javascript run easily wherever you would like to. Here’s how

  1. Go to www.youtube.com or www.gmail.com or any site you use daily.
  2. The first time you will load the chosen website, you will see this icon “<>” with an x at the end of the URL bar (where you typed in the website). To enable Javascript for this website, click on this icon, from the menu that appears, select “Always allow Javascript on <website>”.

simple_guide_2

simple_guide_3

simple_guide_4

3. Then re-enter the website by either re-typing the website or simply selecting it again and pressing ‘enter’. This time, the website will load with Javascript and the “<>” icon will not appear.

Voilà! You are now blocking all external and indirect Javascript, saving yourself from many bad Javascript out there.

The most annoying problem that you will encounter is when shopping online. Sometimes you need to whitelist 4 different websites to allow one single transaction to go through. Most of the time, by the time you allow all the websites to work, your purchase will fail and you have to do it all over again. Thankfully, there is a simple way to work it. In such cases, I simply use another browser, such as Firefox, that runs Javascript by default.

Now that we’ve limited our exposure through the browser, we can get back to discuss how to safely use documents.

Documents are the attack vector of choice of commodity malware because exploitation leveraging documentts is cheaper and easier to develop. They are also used in targeted attacks.

How can anyone prevent or avoid document attacks? The logic is not to open the document, or in certain cases, not to “look” at it. However, this is not a very practical solution.

Before opening the document, it is important to assess if the document is actually something for you from someone you know. It’s far from a perfect solution, but you will block certain incoming attacks.

Example

You received an invoice via email, is it really an invoice you were expecting? If not, it’s likely a document with an exploit in it. Simply delete the email, don’t open it. You can even tag it as SPAM or phishing in Gmail.

Simple and easy solution to avoid document exploits is to Let Google Doc open it for you.

  1. Login to Google Drive (Free) and
  2. Upload the Word document, PDF, Excel, pretty much anything to it.
  3. Then, you can open the document as a preview or even convert it to Google’s native online Docs.

This doc opening technique is a strong protection mechanism because in the process of conversion, Google will filter out any suspicious part of it by scanning document for potential malware. If it cannot convert it, it could be because of exploitation attempt.

In theory, we can use Microsoft One Drive with the same results.

We lose some privacy in the process to open docs via Google or Microsoft, but most of the day to day files are not that sensitive and keeping your computer and phone clean is more important.

Another recommendation is to avoid using Adobe Flash on your computer. Simply don’t install it or uninstall it. Chrome will run Flash more securely as it is running in a sandbox.

Adobe Reader and Preview on the Mac are also frequent vector of attacks. Choose another software to read your PDFs, arguably less secure but not targeted and remember, you can safely read PDFs on your Google drive.

Anti-Virus or not, Sandboxing or not, these techniques will keep you safe from many attacks. It has worked for me for several years keeping the number of successful attack to minimal levels. In a following blog, we will discuss what we can do to detect attacks that will make it through.

Similar articles

CEO, Pierre Roberge / November 18, 2018

A tale about the NSS Labs 2018 Endpoint Detection and…

CTO, Benoit Hamelin / March 10, 2017

When actively monitoring endpoints to detect signs of cyber attacks,…

CTO, Benoit Hamelin / December 28, 2016

Following a webinar hosted by my colleague Justin Seitz two…

CEO, Pierre Roberge / November 01, 2016

As ISO, CIO, CSO, CTO, we need to secure our…

CTO, Benoit Hamelin / September 23, 2016

In addition to its main use of extending Java programs…

CSO, Timothy Paul Coderre / September 13, 2016

As a former military commander, I will be the first…

CATEGORIES

Tags

Years

  • 2018
  • 2017
  • 2016

    • Copyright Arcadia Labs, All rights reserved | Privacy policy | Terms and conditions | Blog | Contact Us | Sitemap