The call came in. We have a serious virus outbreak. 你能帮?
Over the years we have been asked this question time and time again. Viruses have been predictable. Their infection routes could be easily discerned. Then it became a matter of discipline - Update clients, scan systems, re-image trashed machines. Repeat until you beat the virus.
However, this time it was different. It was a banking credentials theft trojan. It was looking for money. Out of the entire school district somehow this virus had identified the building and the people in the building that handled the money. The attack began. It was relentless. As fast as a machine could be cleaned, it became re-infected. It is my belief that it was using multiple attack vectors to exploit multiple possible weaknesses in the operating system and the network to re-infect the critical financial machines. All the sins of the past were on the table and in play for this virus - all at once.
This was my first time fighting what I believe was a virus/trojan that mapped the network out, identified the main targets and then mercilessly attacked and attacked.
The bad guys understood some of the basic design and structure of the network. They figured out where the money was and went for it - Machine learning.
这是可怕的. It was frustrating for the techs at ground zero because they were being overrun trying to find something to stand up to the virus.
The final solution was to update the traditional antivirus and scan and re-scan and re-re-scan. Then we added Cisco Umbrella over the machines to cut down on malware downloads. Then we overlayed Cisco AMP over the machines to directly block the executables that were causing the infection. This was also supplemented by upgrading from 窗户 7 to 窗户 10 and patching the workstations to current levels.
I had been talking about all this for over a year and I was living it.
From this outbreak I took away the following:
- Machine learning is real.
- The bad guys are in fact mapping our networks to find what they want.
- Only a multi-layer approach looking for and listening for the bad guys and then attacking the infections proved viable.
- No one product or strategy could do the job.
- You are only as strong as your weakest link.
- Follow best practices and patch, patch, patch!
如果你 want to discuss your specific situation or require assistance, please give us a call.