The appearance of malware that overwrites the master boot record (MBR) should not really concern security professionals – it has been known about since at least 2012.
However, the FBI advisory that coincided with the recent cyber attack on Sony Pictures Entertainment should remind us all of the steps we need to take to protect our business and its information.

First, keep up the awareness messaging. Make sure your colleagues do not click on links in emails or visit websites they either have not heard of before or get recommended via social media. With the recent Christmas holidays and ongoing sales, there will be lots of opportunities for malicious links to be propagated across organisations.
Second, make sure all backups are complete, up-to-date and tested. No matter which backup approach is used – full, differential or incremental – make sure they work and restore a system. Ensure your critical servers and information are regularly backed up and if you rely on supplier for your IT, make sure they are doing the same.

Third, have an incident management plan to contain the attack and recover. Recognise the plan may have to include replacement hardware, recovery discs, operating system discs and other software such as drivers. Practice and test recovery from an MBR infection, especially for your servers – and do the same with your suppliers.
Fourth, make sure all systems are up-to-date with their patches. While this may not defend against MBR malware, it may reduce the likelihood of infection by droppers or other routes of compromise.
Finally, keep up the awareness!
Adrian Davis is managing director EMEA for (ISC)2.

Email Alerts
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Read More

Related content from ComputerWeekly.com

RELATED CONTENT FROM THE TECHTARGET NETWORK

This was first published in January 2015

Leave a Reply