Tag Archives: Malware

How to remove malware from a Windows PC

We provide software security, threat modeling and threat mediation in the medical device and healthcare space working with technology developers in Israel.

How does this work?

We evaluate your healthcare software system or medical device from an attacker point of view, then from the management team point of view, and then recommend specific detailed action steps to close the gap between your product and HIPAA security and privacy requirements. We then train your product development team based on these recommendations.

Many medical devices still run on Microsoft Windows; variants of Windows XP, Windows XP embedded and Windows server systems are not uncommon.

Being a commodity operating system, primarily designed for ease of use by end-users and application development by programmers using Visual Studio, it is not uncommon to see malware attack medical devices and healthcare information systems.

If your’e a medical device or healthtech developer using Windows platforms, one of the first action steps we recommend is to setup a security ERT (emergency response team) with a clear response plan and division of responsibilities.

The security ERT will be your first responders in the case of a data leak or malware infection.

The ERT should have a clear, well-thought and debugged procedure for removing malware.  See this excellent malware removal guide for an example.

 

 

Tell your friends and colleagues about us. Thanks!
Share this
mindless IT research

Counter cyber terrorism with social networks

The topic of offensive strategies against hackers comes up frequently and I am surprised and dismayed by the US strategies on combating cyber terror. The Americans are still thinking in a conventional warfare paradigm – in defending a new domain, William Lyn writes:

It must also recognize that traditional Cold War deterrence models of assured retaliation do not apply to cyberspace, where it is difficult and time consuming to identify an attack’s perpetrator.

Dismantling terrorist infrastructures and social fabrics is neither retaliation nor vigilantist and I am dismayed by the DoD strategy of combating terror with defenses instead of using anti-terror techniques

Predicting cyberattacks is also proving difficult, especially since both state and nonstate actors pose threats…..Given these circumstances, deterrence will necessarily be based more on denying any benefit to attackers than on imposing costs through retaliation.To stay ahead of its pursuers, the United States must constantly adjust and improve its defenses.

At a network level, you would and should black list the source of the malware – it might be an IP address that gets blocked at the firewall level or at a blacklist level or as a modified signature in a content filtering/IPS system.

However – this is a defensive strategy that we know is not very effective strategy in the long term, since it doesn’t address the root cause of the threat.  A more interesting approach,  used several years ago against Code Red – redirects requests back to source IP addresses – if large numbers of attacked web servers would do that – it could create a DDOS attack – punishing the attackers in a turn about is fair play strategy.

Attacking social networks of hackers

Although there are offensive alternatives such as mounting systematic DDos attacks on the attackers or developing targeted spyware such as Stuxnet,  even more intriguing is the notion of using a demand-side strategy to reduce the social value of being a hacker.  Let’s learn from the counter terror success of the Italians in the late 60s with dismantling the Brigatisti. The Italian government infiltrated the Red Brigades – bred mistrust and quickly rolled up the organization.

Attacking the social networks of people who develop and distribute malware would involve infiltrating the hacker underground, arresting hackers for criminal activity and cutting deals in return for actionable intelligence.

Since malware is a form of terrorism – I believe that this strategy could be effective since it goes directly to the source and potentially denies a key hacker benefit – the social gratification.

While an interesting idea – the key barrier to this strategy is deploying it where hackers operate and obtaining the cooperation of local law enforcement.

As Mr. Lynn writes in his article in Foreign Policy – the Americans are keen on cooperation:

Cyber Command’s third mission is to work with a variety of partners inside and outside the U.S. government. Representatives from the FBI, the Department of Homeland Security, the Justice Department, and the Defense Information Systems Agency work on-site at Cyber Command’s Fort Meade headquarters, as do liaison officers from the intelligence community and from allied governments. In partnership with the Department of Homeland Security, Cyber Command also works closely with private industry to share information about threats and to address shared vulnerabilities. Information networks connect a variety of institutions, so the effort to defend the United States will only succeed if it is coordinated across the government, with allies, and with partners in the commercial sector.

While it’s not clear that the Chinese or Estonian governments would play ball- if the Americans are really intent on combating cyber terror through international cooperation, perhaps they should trade in their defense-oriented strategy for an anti-terror and demand-side strategy.

Tell your friends and colleagues about us. Thanks!
Share this