Our SOC (Service Operations Centre) team offers Real-life threat protection. They are continuously fighting and preventing malicious viruses and malware on merchants’ devices. This month alone 2,678 automatic security actions took place while we had 445 SOC team interventions.
Note: An automatic security action is when our security tools directly deal with the malicious file by detecting, blocking, or quarantining the file. SOC team interventions are when our team manually quarantines the file on call, if the quarantine action has been ignored or the merchant has removed the file from quarantine.
Often the terms “Cybersecurity” and “Data Security” are used but what does this really mean to the average, everyday retailer? Why should small businesses care about protecting their devices and what threats are out there and why should they care? To help illustrate this we’re focusing on some real-life examples of small businesses who were victims of malware and what would have happened had we not intervened. To highlight the work and effectiveness of the SOC team we would like to show a real-life example of a call that took place.
On this call our SOC agent, Garon calls a merchant who runs a chain of art supply stores. Merchants who are subscribed to our PDS service will get full support from our SOC agents. This means when a potential vulnerability is spotted, a quick phone call from our SOC agents will take place. This merchant currently runs our software, which provides real-time threat protection. Unfortunately, the merchant has picked up three pieces of potential malware, Ultra VNC, Primo PDF and Free Make Video Converter 7. Generally, programmes like these make their way onto a device through innocent activity. In this case, the merchant was probably just looking for free, alternate versions of paid software.
Firstly, Garon discusses Ultra VNC.
Ultra VNC is a piece of remote access software, enabling users to access a device from a remote location. This software is vulnerable to being used by malicious users to remotely access the merchant’s device. This can lead to all the merchant’s sensitive data being stolen.
For a merchant with a strong online presence, like this one, unauthorized remote access can be particularly dangerous. A malicious user could have gained access to the back end of their online store, forcing the site to close temporarily, losing revenue and having lasting effects on the merchant’s reputation.
Next to be discussed is Primo PDF.
A PDF file convertor that will install a PUP (potentially unwanted programme) onto a merchant’s device. In the merchant’s case the PUP in question is ‘Open Candy’, a piece of adware that can hijack a merchant’s internet browser. Adware is generally more of an annoyance; however, they can contain links to even more malicious viruses that can lead to more robust cyber-attacks.
On call the merchant says the following:
An old PDF reader, we’ve had that one flagged by your software before.
It looks like our software has already picked up on this individual file. Antivirus software will generally remove specific files that are picked up, not entire programmes. If a single file from a programme is flagged, it is important that the merchant removes the programme itself to stop this file from rearing its head again. This can also be put down to a simple error from the merchant, re-downloading software or even removing a file from quarantine.
Finally, and potentially the most dangerous of the three pieces of malware encountered, Free Make Video Converter 7.
This is a piece of software that promises the ability to download videos hosted online, e.g., YouTube videos. However, this piece of software was vulnerable to code injection. Code injection is when an attacker can place malicious code into an input field (search bar). For example, when the merchant is using this software and types something into a search bar, the attacker’s malicious code will activate. The malicious code can then do whatever the attacker intended the code to do. Outcomes can include but are not limited to a loss in confidentiality or availability, the attacker may be able to see the application completely, and depending on the attacker’s skill they could gain access to your entire device. The availability of the software could also be taken away from the merchant completely.
The worst-case scenario in most breaches is that the merchant’s device becomes completely compromised. A compromised device could have led to this merchant’s data being lost or stolen. Devices can also become unusable after a compromise. A defunct device could have led to some financial loss for the merchant through the cost of having to replace affected devices.
After advising on these pieces of Malware, Garon explains the quarantine process to the merchant. When we ask a merchant to quarantine a file what we are effectively doing is placing the file in a location on the device where it has no interaction with any other file. The file is also no longer executable, meaning it cannot be launched. While you can still examine the file, a lot of the functionalities a virus needs to operate are stripped away in quarantine.
To avoid repetitive calls for the merchant, Garon explains what more can be done to avoid these types of infections going forward. In this case, it was advised not to download software from unknown 3rd parties, instead use known and trusted providers. A scan can also be performed on individual files when they are downloaded to ensure they are safe.
Before the call took place the merchant was unfortunately infected with three separate pieces of malware. Malware in its least malicious form can cause devices to slow down and at its most malicious can lead to data and devices being completely compromised. After Garon spoke to the merchant the three pieces of malware have now been contained in quarantine, unable to harm the device they sit on. A happy and secure ending for this merchant.
These three pieces of malware are just a small percentage of the 843 unique pieces of malware our security tools and SOC team have successfully identified this month. On top of this, another 668 merchants have decided to opt into the excellent real-time virus protection service we offer.