A term in common usage is “spyware” which is a term that clings to the past. You are more likely to be the victim of more accurately termed malicious software or “malware” for short. The difference is that spyware is a subset of malware exclusively focused by design on capturing user behavior and packaging activity data. It sends information to the person running it such as keystrokes, usernames and passwords, browser activity, filenames, and a host of other data, and delivers that info to the person seeking that information.
History of Spyware
It became popular in the early 2000s as a way to uncover actions that people would like to hide from someone on a device owned by that someone. The common theme in 2008 was to catch your partner cheating by putting spyware on the computer you own. It has since been a grey area legally as the expectation of privacy has not really been addressed. Most employers have (or they should have) an “Acceptable Use” or “Computer Access Agreement” that employees sign which generally should address the company’s ability to monitor user activity on computer and information systems to monitor activity and investigate any actions that may have occurred in violation to policy or law. It was also very much in use by bad actors or criminals trying to glean information about potential victims.
Today the commonly seen sinister side of spyware is found in the latter common use described. It is very difficult to load the most common spyware onto a device as users will generally be alerted to the presence of most tools like Windows onboard security for example. Spyware today is now relegated to a few specific functions that enable the larger capabilities of malicious software likely to be leveraged during an attack or intrusion and is very unlikely to be the full extent of the attack.
The reason for this change is arguable but it is likely closely tied to the expedient nature of those conducting attacks and what they are ultimately after. They aren’t necessarily interested in your browsing history, other than knowing what bank you use or cloud apps. While the names of files are interesting, the attacker may want to export the filenames so they can see what may be more valuable to extort you as a potential victim. This information can also be used to update the automatic or scripted functions inside the malware that would encrypt those valuable files to hold them for ransom.
What can I do about Spyware?
The answer can be formed in quite a number of ways but understanding begins with realizing that spyware is merely a single instrument in the symphony of modern risks. The risks confronting users and companies that leverage technology can be addressed in the following ways:
- Ensure your devices are being patched regularly. Many compromises happen months after a patch for the vulnerability was available for installation. Dark Rhiino Security offers a patch management solution that can help automate the management and delivery of most endpoint patch management.
- Know what devices you have, and what tools they are subscribed to. This is better known as asset intelligence and it can help you detect systems that are not enrolled in various protections and address the gap created by undersubscribed or unmanaged/unauthorized devices. DRS does this using a tool that monitors services like active directory or Azure, networking, and various security tools to identify gaps in coverage.
- Deploy and maintain appropriate endpoint and server security tools, Endpoint detection and response, group policy limitations, account restrictions, security information and event management (SIEM), and data protection solutions like encryption, Identity Access Management, and adaptive Multi-factor authentication (MFA).
- Monitoring and correlation of events to uncover hidden activity that may be malicious.
- Establish effective policies, standards, and procedures, and monitor and address non-compliance.
- Because over 90% of attacks have an element of phishing attacks. Address all kinds of phishing attacks via tools and training of staff to report suspicious emails.
What does that look like?
- Where is/are my valuable information and device that manages information assets?
- Who has access to that information and the devices that I use to access it?
- How is it protected?
- How is it at risk?
The answers to the questions above are going to be instrumental in formulating your approach to addressing your risks. Here is how to apply them to get actionable insights.
Where is your valuable information?
If you are an individual your valuable information may be banking-related, or sensitive, or irreplaceable documents. If you are a company it may be information assets like employee information, customer lists, contracts, intellectual property, trade secrets, etc. In either case, knowing where they are will help you know how to keep them secure from threats based on likelihood and severity.
For example, let’s look at a person’s checkbook or tax returns and a company’s employee and customer data. When we look at the risks, likelihood, and severity of risk we can make assumptions about what might happen based on what we know can happen.
Theft, fire, loss, hacking unauthorized use by authorized personnel, and data corruption are just a few examples of risks that may befall the information assets in question. Actions we can take are fireproof safe, better access control for systems, physical access control, cyber/information security measures, cameras, smoke alarms, etc.
You can see as we work backwards from risks, solutions become apparent even if the full execution of those solutions is not initially understood it provides a starting point from which we may progress toward a workable solution. The other questions can be approached in the same manner to identify and work toward addressing risks regardless of severity.
While a comprehensive understanding of risk should be meaningfully tied to the solution that addresses it, numerous organizations have compiled solutions that address common avenues by which companies and people become victims. Dark Rhiino Security is no different. In the creation of our service offerings, we address risk via a thoughtful collection of managed security solutions. Our solutions combine to offer layered protection with the ability to retain an insured guarantee in the form of a real cybersecurity insurance policy. There, we can provide monetary deductible coverage at a lower rate commensurate with risks that are properly addressed with DRS controls. For businesses that have had no prior incidents, this means cheaper cyber insurance. For those who have been told they are not able to get insurance, it may reduce risk enough to allow for a policy to be issued.