How to protect yourself against the ‘two week’ cyber attack

The UK has a “two-week period” to protect itself from a major computer virus that could give hackers access to sensitive information - costing the country millions of pounds, the National Crime Agency has said.

Tuesday, 3rd June 2014, 2:39 pm
CYBER ATTACK: The NCA has advised Windows user to protect themself from this latest attack within the next two weeks

In a statement on the agency website yesterday, internet users have been encouraged to “protect themselves against powerful malicious software” by checking that their anti-virus software is up-to-date, and running scans to ensure that all applications are running correctly.

The move comes after the FBI in the US was successful in disrupting a hacking network, making security updates by users particularly effective in the short term.

The viruses in question are known as GOZeuS and CryptoLocker, with the first hiding within attachments in emails that when open give computer access to hackers, who use the software to scan devices for valuable information.

CryptoLocker is a secondary threat that activates if no valuable data is found, and this malware locks the computer, demanding a ransom to grant access again.

Lamar Bailey, director of security research and development at software company Tripwire, said: “The design of these malware packages make it nearly impossible to completely wipe out, but a coordinated attack can cause damage.

“While these organisations are attacking the command and control severs, countries are rolling out a massive consumer education programme to help clean up infected systems and reduce the number of vulnerable systems available for infection.

“The plan is to attack the parasite hard for two weeks while removing as many viable hosts as possible at the same time so that propagation targets will be limited after the attacks subside.

“This will not eliminate the malware but could in theory make it much harder for the operators to use and could cause massive financial loss for them.”

UK-based internet awareness group Get Safe Online also posted on its own website, asking users to pay attention to the advice and take advantage of this event to improve their security. The group has posted advice on monitoring potentially malicious email, as well as links to free anti-virus software.

“This warning is not intended to cause you panic but we cannot over-stress the importance of taking these steps immediately,” said Get Safe Online in a statement.

“This is because the UK’s National Crime Agency has taken temporary control of the communications used to connect with infected computers, but expects only a very limited window of opportunity to ensure you are protected.”

The web has been the victim of several serious security breaches in recent months, with the effects of the Heartbleed bug still being felt.

The bug took advantage of a flaw in the OpenSSL software that is designed to encrypt and protect data as it is exchanged online. Several websites, including parental advice site Mumsnet, were hacked as a result of the flaw.

Andy Archibald, Deputy Director of the NCA’s National Cyber Crime Unit, said: “Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals. By making use of this two-week window, huge numbers of people in the UK can stop that from happening to them.

“Whether you find online security complicated or confusing, or simply haven’t thought about keeping your personal or office computers safe for a while, now is the time to take action.

“Our message is simple: update your operating system and make this a regular occurrence, update your security software and use it and, think twice before clicking on links or attachments in unsolicited emails.”

“Those committing cyber crime impacting the UK are often highly-skilled and operating from abroad. To respond to this threat, the NCA is working closely with law enforcement colleagues all over the world, and developing important relationships with the private sector.”

What you need to know -

• If your computer does not run the Windows operating system, then this latest attack does not affect you.

• The attack is sent to computers through “Phishing” emails, which look as if they are from legitimate sources, which direct you to download this malicious software.

• Make sure anti-virus software, firewalls and any other protection software on your computer are up-to-date.

• Ensure that your passwords are complex and different for each regular website you use.