November 02, 2017 by The GLS Team
Following on the heels of ransomware attacks Petya and WannaCry earlier this year, a new malware has thrown its hat in the ring: Bad Rabbit. Disguised as an Adobe Flash installer, Bad Rabbit tricks users into clicking and then goes to work, downloading itself onto servers and taking users’ information hostage.
But unlike most ransomware schemes, Bad Rabbit does not automatically download itself as soon as it is encountered on a site—it’s completely dependent on the user actually clicking. Yet the malware is still spreading with ease. As a general rule, internet users are click-happy—rarely do we actually stop and think critically about what we’re clicking before we do it.
To be fair, the situation is not as simple as it may seem: Adobe installers are fairly common fare on media sites like the ones Bad Rabbit targets. The virus is so effective partly because it appears to be legitimate. But in this day and age, any link or popup on any website ought to make us stop and think twice. Is this an overly defensive posture to take? The numbers would seem to say no: Ransomware threats in particular have seen a dramatic rise this year. According to Barkly Endpoint Protection, there were 4.3x as many new ransomware variants in the first quarter of 2017 than there were in the first quarter of 2016. What this means is that Ransomware threats are essentially lurking around every corner of the web, which should make us even more wary of clicking any link, no matter how legitimate it might appear. Any positive outcome that could come from clicking a link anywhere online is far outweighed by the potential risks.
Bad Rabbit uniquely serves to illustrate the necessity of cyber education. According to Infosecurity Magazine, “It’s crucial that organizations understand the bigger role employees play in securing company’s [sic] systems and data and start training them to recognize when something online looks suspicious.” Scams like Bad Rabbit are preventable, but only if users have received the security education necessary to spot them. What InfoSecurity is getting at is the maintenance of a strong Human Firewall™ made up of individuals who understand the risks of ransomware and other phishing scams and have been armed against them. What’s more, this cyber education must understand and teach that phishing doesn’t just look like easy-to-spot scam emails with phony addresses and bad grammar. Phishing can also take the form of seemingly legitimate embedded links that trick users into clicking them. All of us—from low-level employees to CEOs to ordinary users on home PCs—need to be able to spot each and every scam.
GLS can help. We offer focused courses that zone in on specific threats to prepare users for every possible scam. Our goal is to create a Human FirewallTM of users who know the dangers, who know to Think Before You Click, and who are therefore properly prepared to stand up to the threats currently facing the cyber world. And when that happens, Bad Rabbit won’t stand a chance.