How to Defend Against Malicious IP Addresses on The Cloud

Introduction

Just imagine that at this moment, someone from a corner of this world, a stranger, comfortably sitting on his sofa with a cup of tea in his hand, is peeping into your private cyber world through an electronic gadget!

You may feel it is “Impossible”, but it is not so. Scary, yeah?

Malware

How do they spy on you? Through malware or malicious software in the form of worms, viruses, trojans, Spyware, and so on. These are computer programs which hack the computer to extract sensitive information like credit card number or password. It can also damage and destroy computer systems. It can access your computer monitor or take control of your webcam remotely. 

How does their malware work?

The hacker creates a command and control (C&C) server, which is hosted in a public cloud-like AWS or Google Cloud. He uses the IP address of the server, which is of the cloud provider. The registration in the cloud services can be done under a false identity, making it impossible to track the real hacker. The same IP address may be hosting legitimate services as well as malware. So, blocking the IP address becomes impossible at times. If a malware campaign is delivered through an email l, it is called phishing. 

The computer viruses work by modifying the host file. So, when a file stored in the computer is executed, the virus, which is the malware, is also executed. The latest category of the virus is ransomware. This malware is designed to extort money from the victim. They block the victim from accessing their data through an encryptor or screen locker. 

 The worms are mostly e-mail message attachments. I LOVE YOU was a computer worm that started spreading as an e-mail message with the subject line I LOVE YOU and the attachment “LOVE LETTER FOR YOU”. It infected 10 million Windows Personal Computers after 4th May 2000.

Trojans are fake antivirus programs, which pop up and claim that the computer is infected. It then instructs the user to run a program that is camouflaged as an antivirus program but actually is malware.

RATs are remote access trojans. They allow the attacker to take remote control over the victim’s computer. They can open documents, download software, and even move the cursor around the computer screen in real-time. This type of Trojans is designed to avoid detection. Hundreds of off-the-shelf RATs are available in underground marketplaces.

Adware and Spyware are the least threatening malware, pushing through malicious advertisements, and helping to spy on the activity of loved ones.

Most of the malware used today are combinations of malicious programs, often including parts of Trojans and worms and occasionally a virus. Usually, the malware program appears to the end-user as a Trojan, but once executed, it attacks other victims over the network like a worm.

How to handle a malware attack?

If attacked by malware, there are but a few options available to handle it. 

Reporting the malicious IP address to the cloud provider is the first step. The cloud provider may take a long time to shut it off or maybe ineffective in doing so. If the cloud provider is unable to remove the threat, the matter should be reported to threat intelligence providers like BM X-Force Exchange, Palo Alto Networks, Auto Focus, LogRhythm, FireEye iSIGHT, Looking Glass Cyber Solutions, AlienVault USM, and so on. The IP address of the malware will be included in the threat intelligence feed and will come to the notice of other organizations and thus will guide them to block it. This malware can also be reported to the national cybersecurity authorities for follow up. 

Posting on social media and tagging the company hosting the malicious IP address is a quick and effective way of handling this issue. It brings the concerned officials to immediate action. This also creates public awareness about the malware to all those present on that social media platform. No one can help us like them, as we spend a lot of time on these platforms.

How to prevent a malware attack?

The quote, “Prevention is better than cure” holds good in this matter too. 

 Backing up the data regularly can be beneficial. Creating a unique ID can go a long way in helping in preventing hacking of the system. The Id created by you should never contain your name or date of birth, as it is easy for the hacker to guess it. When you are dealing with the most confidential details, you ought to use ‘incognito mode.’ Installing a firewall also gives protection against malware. Using a VPN network is another safe option. This Virtual Private Network gives you an encrypted tunnel for all your activities, making it impossible for anyone else to access it. It disguises your actual identity and location through remote servers. To know more about the router login details go to this website.

Many APPs are sources of malware. So, before downloading an APP, its authenticity and its source are to be checked. Opening anonymous emails or links from unauthorized sites are to be avoided. Also, it is essential that your computer system has the updated version of antivirus software. Updating oneself about the latest threats as malware, should be one’s priority. We cannot deny the fact that, when technology advances, its usage for malicious purposes also competes with its positive applications. Both go hand in hand. Being aware and being vigilant is the key to deal with it.