< Previousraining malware www.networkseuropemagazine.com 30 It’s raining malware: understanding and protecting against today’s modern threats Daniel Warelow Product Manager Giacom Kelvin Murray Senior Threat Researcher Webrootraining malware www.networkseuropemagazine.com 31 ting hreats The modern threat landscape and ongoing evolution of malware are loud factors pushing every business to understand precautions to take to protect against them. Daniel Warelow, Giacom and Kelvin Murray, Webroot explain how to be cyber resilient in the face of malware in the year ahead. Despite the advancements of anti-malware solutions, malware variants are becoming increasingly prevalent, sophisticated and evolved. In addition, there are new trends in execution such as the increased modularity of malware where a combination of attack methods and mix-and-match tactics are used to ensure maximum damage and/or financial loss. Phishing, scam sites and click habits The rise of malware has been accelerated by Covid-19 as more remote workers access unsecured and home networks, away from the physical help of IT teams or in-person peer support. As many businesses continue to face financial uncertainty as a result of the pandemic, there has been an increase in spam emails requesting legal action for late or missing payments. During the peak of Covid-19, Her Majesty’s Revenue & Customs (HMRC) took down nearly 300 Covid-19-related scam sites and domains. This signifies government cyber awareness, which is always necessary, but in order to effectively stop malware and social engineering attacks like phishing, employees must also be invested in the fight. This cannot be understated, as recent Webroot research into phishing and global click habits has shown over three-quarters of employees are still opening emails and clicking links from unknown senders.raining malware www.networkseuropemagazine.com 32 Malware education Without understanding malware – what it is, how it works, and the damage it can do to businesses – it’s unfair to expect employees to be capable of protecting against it. In order for businesses to stay ahead of the storm, educating the workforce is key. It is uncommon to now find a ‘one-size-fits-all’ form of malware, instead, each step of the process builds to get the most out of a target, such as this malware and ransomware demand. Below is an example of a brutal, but unfortunately typical, process of infection from the Emotet malware. First, attackers gain a foothold within a computer network, often through phishing techniques that get an organisation’s employees to click on emailed links or attached documents. Once clicked on, a malicious script is run, which then downloads the main executable, in this case, Emotet. Emotet then gains access to additional parts of that network through password theft and other tricks such as the use of exploits and unpatched systems. It spreads as much as it can and then drops its payload. The most common malware used for this stage is Trickbot. Trickbot steals every piece of valuable data it can find, including credit card, banking details, bitcoins, and anything else it can send back to the cybercriminals. Trickbot then drops the last payload, which is usually Conti or Ryuk, which encrypts every machine and shared drive it can access, before demanding a ransom payment to be made. By having insight into the stages used and the knowledge of how different types of malware work together, employees will be able to understand how modular malware infects computer systems and how they can take action to prevent attacks. Additionally, businesses will be able to identify areas of their network which may be vulnerable. The increased risk of remote working When organisations around the world were ordered to work from home, many were not prepared for this physical shift of technologies and network perimeters, amplifying the problem of protecting both personal and proprietary information. From Bring Your Own Device (BYOD), risks to working on open networks and employees facing the distractions of being at home, cybersecurity needs to be a priority in today’s working-from-home-world. raining malware www.networkseuropemagazine.com 33 Businesses need to take action to reduce the number of vulnerabilities and cyber challenges associated with a largely or entirely remote workforce. By using a virtual private network (VPN) for all business communications, network and Wi-Fi communications can be kept encrypted, making it much harder for hackers to gain access. Additionally, IT teams should develop and implement security policies and guidelines for BYOD requiring the correct security software to be installed on each device and ensuring updates to the latest operating systems are made consistently. Home router setups together with the general insecurities outside of the office need to be considered as part of a full review into the new norm. Creating a cyber aware culture Organisations of all sizes have to accept they are not immune to cyber-attacks, the latest technologies don’t safeguard all operations and breaches are inevitable. However, with a cyber resilience strategy, the right technology and security protocols in place and an educated workforce, businesses can considerably reduce risk and bounce back, even if data or operations are impacted. Security awareness training programmes offer regular, consistent and up-to-date education to help employees remain ahead of potential threats and learn how to spot and act upon any suspicious activity. By undertaking training campaigns covering essential topics, including phishing simulations, social engineered attacks and password hygiene, organisations can gain insight into their internal systems and employee weak points to help aid proper prevention. Businesses also need to prioritise consistent communications to employees, reminding them of the threats to watch out for and that cybersecurity is an organisational priority. Content to employees should be tailored to their level of familiarity with cybersecurity to ensure actionable takeaways and advice are easy to identify and incorporated into their daily routines. The role of MSPs Many small businesses and organisations often struggle with a lack of IT resources or personnel. By leaning on or investing in a Managed Service Provider (MSP), organisations can adopt the best cybersecurity practices custom-fit to their IT environments and those of the clients they serve. MSPs offer immense value to SMBs (Small and Medium-Sized Businesses) by helping them to implement essential tools, strategies, technical expertise and support to keep data and employees secure. MSPs must take a proactive role in understanding the current state of a customer’s ability to protect against, prevent, detect and respond to modern cyber threats when recommending the best approaches to combat modern malware and being cyber resilient. By building an offering that aligns with varying levels of cyber awareness and resilience, MSPs can help SMB IT and cybersecurity modernisation efforts at every step of the way. With malware constantly evolving as a pivotal attack vector, it’s time for cybersecurity to become embedded in the DNA of every business to protect assets and reputation. Companies must take a more comprehensive approach towards security to address the threats posed by malware, including monthly security education, enhanced collaboration between teams, and teaming with the right MSP to help create a secure business approach to malware. Having a multi-layered security strategy allows businesses to be cyber resilient, even in the face of continued COVID-19-related disruption and evolving malware threats. n independent management plane www.networkseuropemagazine.com 34 Keeping networks secure with an management plane Engineers are increasingly using a separate, secure management plane to gain remote access to the main production network so they can go in and remediate it even during an outage, whether caused by a misconfiguration, cyber-attack, or even a network cable accidentally being cut. Crucially, this allows administrators to lock down features in the production network to improve security so, for example, anyone accessing the network is no longer able to push configurations. All configuration, provisioning and day to day network management are conducted on the independent plane in the form of an out-of-band management network, to which access is restricted to the core network team. Furthermore, when a network incident occurs, the production network may be unreachable or congested, making it unsuitable for emergency access. An independent management plane allows network engineers to remotely access and remediate any issue quickly and securely. This focus on setting the network management plane aside purely for the use of network engineers is key to a business achieving enhanced network security when using it. Current network architecture assumes that an organisation relies on its production network to manage that same network, which is where the risk lies. Consequently, when an issue occurs, an engineer may not have access to that production network. Additionally, the production network is also accessed by a wide group of users making it vulnerable to hacking. However, the key difference with an independent management plane such as an Out-of-Band Network, is that businesses can restrict log-in credentials to a small select group. Nobody outside of this group will therefore have access to the management plane, production network or devices, and a higher level of security can be established as a result. Organisations using this approach can lock down certain elements on the production network, effectively stipulating, for example, that nobody has permission to configure network devices through it. Instead, network engineers will have to access the independent network management plane to do this and other daily tasks. Steve Cummins VP Opengearindependent management plane www.networkseuropemagazine.com 35 works safe and independent neNETWORKS EUROPE The magazine for network and data centre professionals Make the most of your presence NETWORKS EUROPE magazine is the longest established and industry leading technical journal for the network infrastructure and data centre marketplace. • NETWORKS EUROPE features editorial contributions from worldwide industry figureheads, ensuring that it’s the world’s best publication for information on all aspects of this constantly evolving industry. • Published every other month (x6 per annum), the magazine is produced in digital format, with a magazine viewing link (readable on all major electronic devices) e-mailed directly to subscribers on publication. • The readership consists of 26,000 industry professionals across Europe; with its core circulation covering the UK, Germany, France, Belgium, The Netherlands, Italy and Spain. • The magazines’ highly focused editorial content caters exclusively for an informed audience consisting of network infrastructure professionals, including; data centre managers, facilities managers, CIO’s, CTO’s, ICT directors, consultants and project managers. • Key editorial content areas include; news, legislation and technical information from industry-leading companies and commentators, with detailed case studies, as well as the latest thinking in technology and practices. Advertising Advertising can be in the form of company or product promotion. You can contact our advertising team for details on costs. We accept adverts that are submitted to us in the form of image files saved as high resolution (>300dpi) *.pdf, *.png, *.jpg or *.eps format files.mpany notice, Sponsored content We publish sponsored or branded content in the form of advertorials, case studies, white papers and product/company features. Our advertising team can help with advice and costs. www.networkseuropemagazine.com 36independent management plane www.networkseuropemagazine.com 37 Overcoming network issues Often, the internet is technically still available when network issues occur, however it is heavily congested. When this happens, businesses may make the mistake of pushing the configuration point to a network device, slowing down the network further. The sheer volume of traffic flowing through it can make it very difficult for a network engineer to access the relevant device and go in via the production network to fix it. This problem can be solved by accessing the network via a separate management plane. All network configuration and management are carried out on the independent management plane, of which access is restricted to the core network team. For this reason, it has become known as the network for network engineers. This focus on setting the network aside purely for the use of network engineers is critically important. Typically, today there a lot of individuals in an IT organisation that have access to the main production network. Anyone who has IT credentials probably has a reason to access it for whatever they might need to be doing. However, network engineers do have some specific tasks to do that nobody else from the IT team would be qualified for, such as provisioning new equipment or re-configuring devices. This is often a task that organisations would not want anyone else from the general IT team or third-party contractors to do. Rather than everybody using the same production network, the business can set up an independent management plane for the sole use of their network engineers. Increasing pressure on the network team These days network teams can have many locations to look after, in addition to more equipment to manage at each site. Added to that is an increase of data flowing through devices than there would have been not long ago. The pressure on the network engineer has grown exponentially. Skilled network engineers are in short supply. Looking back 20 years or so, most companies had a single computer room in their head office used for networking. Over time, the need for computing resource has grown significantly. At first, companies migrated their networking to external data centres, managed by a dedicated team. But as the number of IoT and networking devices has grown at edge sites, together with the volume of data, it has become impossible for many organisations to staff each of those remote sites with a dedicated network engineer. Ensuring business continuity The network engineer’s evolving role is all part of an ongoing process, and network management is becoming increasingly automated. Linked to that is the rise of the independent management plane, which helps network engineers provide organisations with secure remote access to their network today. This approach also delivers network set-up and configuration, ongoing day to day management and network remediation when something goes wrong. Most importantly, it helps keep the network constantly up and running and reduces costly network downtime to a minimum. Outages cause businesses to lose money and can damage reputations. The independent network management plane helps reduce this threat and ensures IT business continuity – crucial during a period when most businesses are focused on doing more with less. n Network engineers have some tasks to do that nobody else would be qualified for, such as provisioning new equipment or re-configuring devices. Oliver Goodman Head of Engineering Telehouse Security, sustainability and efficiency: AI’s impact in data centres Oliver Goodman, Head of Engineering at Telehouse breaks down the three main areas where AI can be most impactful within data centres The world is becoming increasingly reliant on data centres (DCs) and the Covid-19 pandemic has rapidly accelerated uptake in DC services. As a result, DC operators have had to quickly adapt to these unprecedented levels of demand. Operators are having to deal with additional strain on their services and are experiencing capacity shortages that require measures to deal with demand before extra capacity can be provided. The growing importance of the DC sector has not gone unnoticed by those outside of the sector. The UK government included DC staff on its key worker list and designated a government team to provide the sector with a channel through which it can weigh in on matters surrounding the pandemic. The increased demand on DCs means more energy consumption and more scrutiny from a security perspective. Artificial Intelligence (AI) presents growing opportunities to manage energy consumption and distribute workloads more efficiently while enhancing cybersecurity measures. Improving energy efficiency It’s no secret that DC facilities are power-hungry, so it would be easy to assume the sector has a negative environmental impact. However, this simply isn’t the case. A recent survey of UK commercial operators revealed that 76.5% of the electricity they purchased is 100% renewable, 6.5% is between 0 and 50% renewable, 7% is between 50% and 99% renewable and 10% is purchased according to customer demand. But that doesn’t mean DC operators aren’t going further to improve energy efficiency, and this is one area where AI can help. The load (the amount of energy consumed by servers and network equipment in server halls), although generally considered to be stable, can vary at any given time depending on the network demand and accommodating this efficiently is challenging without the intervention of Artificial Intelligence (AI). For example, if the load unexpectedly goes up in one data hall, additional cooling is required to keep the servers running efficiently. Energy efficiency gains can be made by knowing exactly when and how to switch that additional cooling on or off. By collecting, aggregating and analysing operational data, AI can respond to certain trigger points and execute actions – such as switching chillers on or off – at exactly the right moment. Machine Learning can also be deployed to understand load patterns and predict when fluctuations in load will occur, allowing DC operations to react autonomously and efficiently. With an uninterruptable power supply (UPS), AI led control systems can switch between efficiency modes automatically in response to changing load levels, ensuring the system runs as close to the optimum efficiency at any given time. This can also be applied to reducing electricity overheads. Balancing energy efficiency with the cost of electricity is a constant struggle for DC operators. With loads increasing every year, operators and their customers are faced with growing electricity bills. Growing loads mean that energy bills are increasing but it is important that the energy cost of cooling the IT equipment is done as efficiently as possible by optimising all the plant. This keeps the increase in energy costs as low as possible. AI can be used very effectively in control systems to help operators balance cost and efficiency. This is improving over time but there is an onus on the manufacturers to make these developments faster so that operators can build greater levels of automation on top of those systems to help strike the right balance. Enhancing cyber resilience Increasing cybersecurity in DCs largely comes down to understanding behavioural patterns in the IT infrastructure and then reacting promptly when a typical pattern is disrupted by an atypical behavioural event. This is very similar to the way cybersecurity works in a conventional office-based business. Each company device (e.g. a server or a laptop) will have its typical usage pattern and AI can understand how individual devices typically interact with the network. A device logging on to the network outside of regular working hours and extracting data from the system might be an unusual behavioural event and AI can recognise this then disable the device’s network access and notify the business of a possible attempted security breach. In the context of a DC, AI will monitor the behavioural pattern of every server and will react accordingly to any event that diverges from the typical pattern. These AI capabilities can be leveraged at an extremely granular level to further enhance security, for example, if a server’s behaviour suddenly changes after somebody has been present in its server hall. This kind of granularity offers huge potential for DCs from a cybersecurity perspective and will continue to improve security as demand for their services grows. Where humans would typically struggle to make data-informed split- second decisions that could improve energy cost and efficiency or stop a data breach, AI is helping the DC sector to evolve. It’s an exciting time for the sector and we can expect to see decision-making becoming more intelligent and autonomous as AI-driven solutions continue to evolve. n security, sustainability and efficiency www.networkseuropemagazine.com 38ainability : ntres security, sustainability and efficiency www.networkseuropemagazine.com 39Next >