The appearance of malware that overwrites the master boot record (MBR) should not really concern security professionals – it has been known about since at least 2012.
However, the FBI advisory that coincided with the recent cyber attack on Sony Pictures Entertainment should remind us all of the steps we need to take to protect our business and its information.
First, keep up the awareness messaging. Make sure your colleagues do not click on links in emails or visit websites they either have not heard of before or get recommended via social media. With the recent Christmas holidays and ongoing sales, there will be lots of opportunities for malicious links to be propagated across organisations.
Second, make sure all backups are complete, up-to-date and tested. No matter which backup approach is used – full, differential or incremental – make sure they work and restore a system. Ensure your critical servers and information are regularly backed up and if you rely on supplier for your IT, make sure they are doing the same.
Third, have an incident management plan to contain the attack and recover. Recognise the plan may have to include replacement hardware, recovery discs, operating system discs and other software such as drivers. Practice and test recovery from an MBR infection, especially for your servers – and do the same with your suppliers.
Fourth, make sure all systems are up-to-date with their patches. While this may not defend against MBR malware, it may reduce the likelihood of infection by droppers or other routes of compromise.
Finally, keep up the awareness!
Adrian Davis is managing director EMEA for (ISC)2.