Ask The Experts: Malware Infection Mitigation

This time, we have a question from a reader:

Dear Experts, I’ve been fighting with my help desk team about the proper response to a malware infection. Once we know a workstation or server has been infected, what should we do to make sure that machine is clean before we put it back in service? We have heard a variety of stories about cleanup versus rebuild. What is the MSI security expert’s take on the proper response to malware infection?

John Davis replied:

It would be nice to be able to eliminate Malware without having to totally rebuild your computer. I wish I had some good news for folks on that score. But unfortunately, the only way to be sure that a malware infection has been totally eliminated is to do just that: rebuild your computer completely from reliable backups. This illustrates the importance of making frequent backups and storing those backups securely!

Adam Hostetler also added:

The only proper response is complete wipe and reinstall. It’s impossible to say it’s clean after it has a known infection, one part might be gone but the malware may have installed or downloaded other components that weren’t detected. I recommend having a good image to use on workstations, and store as little data on them as possible, so a quick turn around is likely. It’s also a good idea to implement strong egress controls on your firewalls and monitor them. This helps in preventing malware from doing damage, and aids in finding infections. 

Got a question for the Experts? Get in touch on Twitter (@lbhuston or @microsolved) or via the comments. Thanks for reading!

PS – Chris Jager (@ChrisJager) points out on Twitter: Also to consider: Closing vuln that allowed the malware onto the host & refreshing backups & build docs w/said updates.

Thanks Chris! We just ASSUMED (yeah, we know…) that was already in scope, but good to mention that it should be pointed out. Clearly, making sure the bad guys lose their foothold from being re-exploited is CRITICAL.

Audio Blog Post – IT History: An Interview with Brent’s Mom

Today, I got to do something pretty cool! I got to record a quick interview about the history of IT and what some of today’s technologies look like through the eyes of someone who has done IT for the last 40 years. Even cooler than that, I got to interview MY MOM! 

Check this out; as she discusses mainframes, punch cards and tape vaults, insights about mainframe authentication and even quality control in the mainframe environment. She even gives advice to IT folks approaching retirement age and her thoughts on the cloud. 

She closes with a humorous insight into what she thinks of my career and when she knew I might be a hacker. 🙂

It’s good stuff, and you can download the audio file (m4a format) by clicking here

Thanks for listening and let me know if you have other IT folks, past or present, you think we should be talking to. I’m on Twitter (@lbhuston) , or you can respond in the comments.

Audio Blog Post: Defensive Fuzzing and MSI’s Patent

What goes into getting a patent? The answer would be: a lot of work! Brent Huston, CEO and Founder of MicroSolved, Inc., talks with Chris Lay, Account Executive, about MSI’s first patent for HoneyPoint’s defensive fuzzing capability. In this audio blog post, you’ll learn:

  • What is the patent about?
  • What is defensive fuzzing?
  • What went into the patent process?

Grab a drink and take a listen. As always, let us know what you think!

Click here to listen.

And don’t forget, you can follow Brent Huston on Twitter at @lbhuston and Chris Lay at @getinfosechere!

Audio Blog Post: MicroSolved Inc. Labs

Brent Huston, CEO and Founder of MicroSolved, Inc., talks with Chris Lay, Account Executive, about MicroSolved’s lab. In this audio blog post, you’ll learn:

  • Some of the things we’re testing now
  • The types of operating systems we’re testing
  • Brent’s favorite “testing” story

Grab a drink and take a listen. As always, let us know what you think!

Click here to listen.

And don’t forget, you can follow Brent Huston on Twitter at @lbhuston and Chris Lay at @getinfosechere!

Audio Blog Post: Malware Trends

Brent Huston, CEO and Founder of MicroSolved, Inc., discusses with Chris Lay, Account Executive, the new malware trends and a new perspective needed in dealing with attacks. In this audio blog post, you’ll learn:

  • How language is making a difference
  • How the attackers are getting more clever
  • What infected USB keys are now doing
  • What is ‘Flame’?
  • What to do when you identify malware in your organization

Grab a drink and take a listen. As always, let us know what you think!

Click here to listen.

And don’t forget, you can follow Brent Huston on Twitter at @lbhuston and Chris Lay at @getinfosechere!

Audio Blog Post: Spear Phishing

Brent Huston, CEO and Founder of MicroSolved, Inc., discusses with Chris Lay, Account Executive, the new trends with spear phishing. In this audio blog post, you’ll learn:

  • How traditional spear phishing has changed
  • The new approach attackers are now using
  • The LinkedIn password breach and how it could be used in phishing attacks
  • Some non-traditional spear phishing campaigns

Grab a drink and take a listen. As always, let us know what you think!

Click here to listen.

Audio Blog Post: Twitter Favorites

We’re kicking off the week by talking about some of our favorite feeds on Twitter!

Brent Huston, CEO and Security Evangelist for Microsolved, Inc., interviews Chris Lay, Account Executive and Mary Rose Maguire, Marketing Communication Specialist, about their favorite kinds of tweets. 

We like Twitter to keep up with other security professionals to discover what’s trending. It’s a great way to exchange quick information and alert others when a security issue arises. Plus, our #HITME stream through our MSI HoneyPoint Feed Twitter account has already helped other organizations by alerting them to suspicious activity caught on various ports.

If you’d like to follow the MSI crew, here we are:

Here are a few of our favorites we mentioned:

Click Here To Listen To The Audio Blog Post!

 

 

Audio Blog Post: Moving Toward Detection in Depth

Brent Huston, CEO and Security Evangelist for MicroSolved, Inc., explains how organizations need to move from a focus on prevention to detection.

Joined by MSI’s Account Executive Chris Lay and Marketing Communication Specialist Mary Rose Maguire, Brent maps out how an organization can get detective controls closer to the data and shows that IT departments can have a “payoff” if they pursue nuanced detection.

Click here to listen to the audio post!

Audio Blog Post: How to Safeguard Your Data From Credit Card Theft

Cybercriminals continue to seek new opportunities to steal credit card data, highlighted recently in the largest credit card theft seen in two years — a 1.5 million loss from Global Payments, a third-party processor of transactions for Visa and Mastercard.

What can companies do? Also, what can you do to protect your credit card data?

I sat down with Brent Huston, CEO and Security Evangelist with MicroSolved, Inc. to discuss such questions. In this audio blog post, you’ll hear:

  1. The current state of identity theft
  2. Two primary ways credit cards get stolen
  3. Skimming as a preferred model for theft and how to prevent it
  4. Why being PCI-compliant is not a silver bullet

And more!

Click here to listen.

Take a listen to this informative 15-minute interview and learn how you can protect your organization from data theft!

Resources:

 

Audio Interview with a CIO: Dual Control of Computers for Security

Recently, Brent Huston, CEO and Security Evangelist for MicroSolved, had the opportunity to sit down with Dave, a CIO who has been working with dual control for network security. 

Brent and Dave talk about intrusion detection, dual control, and a few other information security topics, including these questions:

  • What is collusion and how can it pay off?
  • How does it work with dual control?
  • What are some dual control failures?

Click here to listen in and let us know what you think. Are you using dual control?