Archives March 2017

Don Herriott
Rio Dell, CA

1. What would you rate your technicians performance?
Excellent, Great, Okay, Bad

2. How quick was your order completed?
Very Fast, Fast, Okay, Slow

3. How do you feel about our prices?
Excellent, Great, Okay, Bad

4. How was your overall experience?
Excellent, Great, Okay, Bad

5. Would you recommend us to a friend?
Of Course, Maybe, Unsure, No

Review – Billy Joe did everything that we requested and then spent a long time explaining how to do functions on our computer.

Alert (TA17-075A)
HTTPS Interception Weakens TLS Security
Original release date: March 16, 2017

Redirects to the Official website of the Department of Homeland Security
[US-CERT – United States Computer Emergency Readiness Team]

To read article visit: https://www.us-cert.gov/ncas/alerts/TA17-075A

Article (PSA‑0003) – Updated 2025

Even after a decade of rapid growth, malware remains the primary vector for data theft, ransomware, and large‑scale cyber‑crime. Recent industry reports illustrate the scale:

• Symantec (Broadcom) 2024 Threat Report – > 1 billion new malicious files detected in the last 12 months, a 12 % increase over 2023.
• Kaspersky 2024 Security Bulletin – ≈ 3 million + malware‑related alerts per day, with a 45 % rise in ransomware attempts.
• Microsoft 2024 Digital Threat Landscape – Cryptojacking incidents grew 87 % YoY, and “file‑less” attacks now account for ≈ 30 % of all detections on Windows platforms.

All of these numbers point to a single truth: malware is a money‑making industry. Attackers steal personal data and financial credentials, then leverage compromised machines to launch further attacks, sell access, or extort victims.

What Is Malware?

Malware = malicious software – a blanket term for any program that infiltrates a system without the user’s consent. It includes, but is not limited to, viruses, spyware, adware, ransomware, botnets, cryptominers, and file‑less payloads.

Common infection vectors (still relevant)

• Infected email attachments or malicious links in phishing messages.
• Compromised USB/thumb drives and other removable media.
• Downloads from untrusted websites or pirated software.
• Drive‑by downloads via compromised legitimate sites (malvertising).
• Supply‑chain compromises – malicious code injected into trusted software updates (e.g., SolarWinds, Accellion).

Malware Categories – 2025 Edition

• Viruses – Self‑replicating code that can corrupt files and degrade system performance.
• Spyware / Keyloggers – Record user input, screenshots, or system activity to steal credentials.
• Adware – Serve unwanted advertisements, often bundled with free software.
• Scareware – Pretend to be a legitimate security product, coercing users into paying for fake fixes.
• Ransomware – Encrypt files and demand payment; modern variants (e.g., LockBit 2.0, Hive) include “double‑extortion” – stealing data and threatening public release.
• Botnets – Networks of compromised devices used for spam, DDoS attacks, or credential‑stuffing.
• Cryptominers (Cryptojacking) – Hijack CPU/GPU cycles to mine cryptocurrency without the user’s knowledge.
• File‑less (Living‑off‑the‑Land) malware – Execute malicious code directly in memory using legitimate OS tools (PowerShell, WMI, Cobalt Strike). No files are written to disk, making traditional AV signatures less effective.

Do You Need to Worry About Malware?

Yes – both home users and businesses are prime targets. A breach can lead to:

• Loss or theft of personal photos, family videos, or critical business documents.
• Financial liability when customer data (PCI, PHI, PII) is exposed.
• Operational downtime that costs the average small business ≈ $200 k per incident (National Cybersecurity Center, 2024).
• Ransom payments (average ≈ $300 k in 2024) and the associated loss of trust.

How to Protect Yourself – Updated Best Practices (2025)

1. Keep the operating system and all software patched. Enable automatic updates wherever possible.
2. Use a reputable, actively‑maintained antivirus/antispyware solution. Choose products that combine signature‑based detection with AI/behavioral analysis (e.g., Microsoft Defender for Endpoint, Bitdefender GravityZone, SentinelOne).
3. Enable a host‑based firewall. Windows Defender Firewall or macOS Application Firewall should be on with default “block inbound unless requested” rules.
4. Employ multi‑factor authentication (MFA) on all cloud and privileged accounts.
5. Back up data using the 3‑2‑1‑0 rule. Verify backups quarterly and store at least one copy immutable.
6. Educate users. Phishing simulations, safe‑browsing habits, and a “don’t open unknown attachments” policy reduce the human attack surface.
7. Limit user privileges. Run daily work as a standard user; reserve admin rights for IT staff only.
8. Use email and web filtering solutions. They block known malicious links, attachments, and exploit kits before they reach the endpoint.
9. Deploy endpoint detection & response (EDR) for real‑time monitoring of suspicious behavior, especially to catch file‑less attacks.
10. Monitor network traffic. Intrusion detection/prevention systems (IDS/IPS) and DNS‑filtering services (e.g., Quad9, Cloudflare DNS‑SEC) add another layer of defense.

What to Do If You Suspect an Infection

1. Disconnect from the network. Disable Wi‑Fi/Ethernet to stop further spread.
2. Update your AV/EDR definitions and run a full system scan (not just a quick/real‑time scan).
3. Follow the remediation steps provided by the security tool (quarantine, delete, or repair).
4. Reboot in Safe Mode (Windows) or Recovery mode (macOS) if the malware persists.
5. Change passwords on a clean device, especially for email, banking, and any admin accounts.
6. Restore from a verified backup if files were encrypted or corrupted.
7. Contact a professional if you cannot fully remove the infection or if ransomware demands payment. Paying does not guarantee decryption and often fuels the criminal ecosystem.

Further Reading

• CISA – Stop Ransomware Guidance

Next Up

In the next article we’ll dive into “How Antivirus and Antispyware Work” and what to look for when choosing a solution.

Need Assistance?

If you suspect your computer is infected or you want a professional assessment of your security posture, call PSA Computer Services at (707) 506‑6802. We’ll help you clean the infection, harden your defenses, and get you back to work safely.