Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

A ransomware flop, thanks to security awareness

Mathias Thurman | Aug. 1, 2014
Only one person clicks on a bad link, and she had all her files properly backed up. Maybe employees aren't a security manager's nightmare after all.

Another pleasant surprise a short time later was that Dropbox removed the troublesome link.

But we were still confronted with a troubling question: How had this email made it through our spam-filtering protections? Apparently the email team had disabled the Sender Policy Framework setting, which validates that incoming email originates from authorized domains. For example, if an email is purported to originate from computerworld.com but the email header contains an originating domain that is not authorized by computerworld.com as a valid domain, the email would be blocked. The email team had disabled this feature in order to troubleshoot a serious mail delivery problem. Needless to say, that feature was quickly reactivated.

We've also sent an inquiry to our antivirus vendor asking why this ransomware wasn't detected. I'm sure they're going to say it was due to it being a zero-day exploit, but we have to ask. I've also contacted the vendor of our advanced malware-detection tool to ask why it didn't detect and block this, since all downloaded files are supposed to be run in a sandbox, evaluated and then blocked if determined to be malware. They're all good questions to ask, I think, and I'll be interested in what the vendors have to say.

But we got lucky with this one.

No, that's wrong. Security awareness seems to have been our saving grace. It worked just the way it's supposed to.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.