Computer technology firm Symantec is warning consumers that an infamous trojan virus still targets healthcare data across the United States and around the world. This infamous piece of malware hides among image files downloaded with pirated software. Read on to learn more about the Stegoloader infection, how it might target your business, and what you can do to keep it at bay.
What is Stegoloader?
The trojan known as Stegoloader infects machines through product key generators packaged with downloads of pirated software. Small companies have been targeted by the malware, particularly those in the healthcare industry — and to a lesser extent, the insurance and technology sector.
Steganography is a cyber-attacker term for hiding malware inside an image file. Once the image is opened on a vulnerable machine, the program gathers information and crawls through the network looking for weaknesses. Although Stegoloader doesn’t appear to be a particularly sophisticated program, it can devastate your business by stealing electronic medical records as well as installing a secondary piece of malware to pilfer banking information.
Anthem and Premera Blue Cross are two big-name victims of the widespread malware. Symantec believes that Stegoloader’s creators plan to sell healthcare data because they’re more lucrative than other information types. Symantec also believes the cyber attackers are opportunistic, taking advantage of companies that download pirated versions of popular software.
How to Avoid becoming infected by Stegloader
Because the Stegoloader trojan often lurks in illegal product key generators and illegitimate software, the best way to avoid infection is to stay away from sites that offer pirated software. Other than that, we recommend educating your employees on safe practices, avoiding unknown image files and quarantined backups, and updating operating system and antivirus software as often as possible.
When business owners download pirated software, they’re trying to cut corners to save money on business applications and technology consultants. But not only are they getting themselves in trouble with cyber attackers, they’re also breaking the law. If you’re looking for a better way to protect your company and keep your information safe, contact us today.
Let’s face it, keeping yourself free from online threats can be a pain: using different passwords for every site, changing them every three months, using advanced encryption, the list goes on and on. You either end up paranoid of being online or giving up altogether. We’ve organized 5 simple cybersecurity measures that we promise anyone can implement.
1. Two-Factor Authentication
Did an attacker get your password? With two-factor authentication they’ll still need your mobile device to do any damage. Here’s how it works: every time you log into a service that requires a password, the service will send a code to your mobile device for another layer of authentication. Nowadays, most internet services have this option: Google, Facebook, Twitter, Instagram, Skype, Slack, etc. Check a full list here to see if you could be using two-factor authentication on any of your online accounts.
2. Password Manager
Say goodbye to the bygone era of memorizing a long list of different passwords for the various websites and services you use. Password manager software may have been around for a long time, but it’s still a viable solution for improving your login integrity. After installing it, all you need to do is create one secure master password and let the software do the rest. It will store and encrypt all of your passwords in one place for future reference and help generate random, more secure passwords for any new logins.
3. Keep All Software Up to Date
Update all of your software and your operating system as often as possible — it’s that simple. New versions come with better protection and fix any newly discovered loopholes. If you are too busy or can’t find the time to do it, check for an automatic update option. Any excuse for postponing updates will feel a lot less valid when it means a security breach or system crash.
4. Disable Flash Player
Adobe Flash Player may be what allows you to play Candy Crush during your work breaks, but it has boasted such a poor security record that most experts recommend that users block the plugin entirely. Most internet browsers have the option to block Flash by default, while allowing you to enable blocked content you deem acceptable by simply right-clicking and selecting Run this Plugin.
5. HTTPS Everywhere
When dealing with technology, long acronyms tend to scare off novice users before they even make it to step two. But don’t panic, there’s only one step to this trick. ‘HTTPS Everywhere’ is a browser extension that forces your browser to automatically navigate to sites using a secured encryption, if the site allows it. The thing is, a significant percentage of websites offer HTTPS connections but don’t present them as the default. When that’s the case, ‘HTTPS Everywhere’ gives your browser a gentle nudge in the right direction.
While in-depth security measures need to be implemented and managed by experts, little steps like the ones listed here can be just as important. Check back often for more helpful cybersecurity tips, but if you have more urgent security needs for yourself and your business, our experts are ready and waiting to offer a helping hand.