Today malware attacks are so common that they rarely make front-page headlines.
Adware, spyware, zombie computers and ransomware all find new ways of sliding under our protective devices’ radars – some even worry that our fridges will soon be threatened by these attacks. There is a constant need to adopt new approaches and find new solutions to countering cyber attacks.
As cloud hosting providers, at OVH we consider it to be our mission to actively fight the proliferation of malware, including ransomware. To catch the perpetrators of this modern banditry, we must develop and adopt new approaches to out-smart these criminals, with techniques that combine computer science, reverse engineering and of course police investigation. Here are a few of the techniques we’ve used:
A taste of honey: attracting malware and spam
A very effective way for cloud hosting providers to catch cybercriminals online is to intentionally place honeypots – easily hackable and spammable machines – on our networks. By purposely releasing thousands of valid email addresses or even proper domain names on forums and other online platforms, we bait the spammers and hackers to come and try to do their worst and leave a trace of it. This allows us to do many useful things: we can analyse new ways to infect devices, identify current malware campaigns and, of course, test and develop ways to counter all of them.
Watch and learn: the power of reverse engineering
As cloud hosting providers, our priority is and will always be our clients. We will always do everything in our power to protect the data that has been entrusted to us. However, there are cases when, having identified a server distributing malware, we may not immediately take it down in order to collect precious information.
Like any police work, tracking down cyber-criminals requires collecting solid evidence, and this process can take a while. As we previously mentioned, when the authors of these attacks target their prey online, they leave digital footprints that can be followed back to the source. Once a malware campaign is identified, a real hunt is set in motion in order to find out who is the person behind it before the URLs become invalid.
This is where reverse-engineering comes in. Identifying and monitoring a malware campaign doesn’t mean that we let them do their thing and chase them afterwards. The aim of the game is to understand what sort of malware it is, how it is being used, and put a stop to it before it can even be set free.
Cutting out the human error: educating users to be vigilant
Technology and engineers may be brilliant for stopping cyber-criminals, but educating people about the risks they face on the Internet could limit most of the attacks’ effect. Perhaps surprisingly, in today’s digital age, good old email is still the main source of infection, even though devices can also be infected via ads and or by making the most of a software coding vulnerability making its defences weaker. A lot of damage could be avoided if admins would encourage people to strengthen their passwords, update software and don’t click on random links in emails. Hackers are still people like you and me: they’ll always aim towards the obvious vulnerabilities – we need to cut the human error out of the equation and add in vigilance.
These are just a few examples of how OVH identifies and fights cyber-criminals in order to protect our, and above all, our customers’ data. However, as technology advances and changes, so will the ways hackers have to direct attacks on an ever-increasing number of devices. Cloud hosting providers have to adopt a pro-active approach to make sure that no cracks in our armour are left unattended and let the fish escape with the worm.