A four year operation
Last month, a global law enforcement cooperative closed an investigation that had run more than four years by disrupting a platform known as “Avalanche”. Investigators from over 30 countries, including the FBI and the Department of Justice, arrested five individuals and seized nearly 40 servers as evidence, while taking over 220 more offline.
“Avalanche” was a platform for malware attacks across the globe, with malware infections traced to it found in over 180 countries; damages were estimated to be in the hundreds of millions of Euros.
Active since 2009, with over 1 million harmful emails sent per week to over 500,000 infected computers, the exact amount of damage was hard to estimate, with Europol noting in their statement that “exact calculations are difficult due to the high number of malware families managed through the platform”.
An alarming trend
Such worldwide expansion of malware has become a growing trend; in 2015, IBM identified several such sophisticated incursions by criminal elements.
Featuring such names as Dyre and Dridex, Shifu and Tinba, and Gozi and Zeus, the toll that such malware takes is calculated in costs beyond the purely economic: lost time, productivity, and confidence in the systems designed to protect such critical areas of information that have moved online, such as banking and healthcare, all come with a price.
It seems clear, then, that in addition to such cooperative multi-national law enforcement efforts, such as the one that brought down “Avalanche”, we must be prudent in preparing for the eventuality of malware to attack our businesses.
Insurance and risk
IBM’s Christian Bieck, writing in Forbes, cites the results on businesses’ preparation for and exposure to cyber risks that they found from their most recent survey of 800 insurers and 1,000 companies in their study on the insurance industry, “Cyber and Beyond – Insurance and Risk in a Digitally Interconnected World.”
According to their research, nearly half of those surveyed had already fallen prey to a cyber-attack, with a third of those reporting that they had suffered economic consequences.
Despite feeling the effects of malware, however, the majority of companies did not have programs in place to prevent the problems from happening in the first place, as well as to mitigate the scope of problems when they arose. Having best practices in place in advance—seemingly mundane tasks as ensuring that all software is up to date and that no unauthorized software or hardware is installed on the system by limiting user’s administrator rights—can go a long way in prevention.
However, despite best steps at prevention, it’s not unlikely that you may find yourself the victim of malware.
The time to conduct tabletop planning of mitigation efforts is before the crisis strikes; work with your chief information or chief technology officers within your organization to ensure that you have a strategy to encrypt and protect your information from attack, and make critical systems redundant.
If you’re not quite to the point of having those roles in your company, that’s all right—just know that the burden of protection doesn’t go away just because you’re a small company/ Seek out experts in security and scalability in technology solutions, so that you’re protected both now and in the future.