Three ways to avoid malware infection in software patches
The goal of a software patch is to remove a vulnerability or fix a software flaw that is identified after the software is released, add new functionality, or improve performance.
Timely installation of newly released patches is an important maintenance step. It keeps your systems up to date and stable, optimizes performance, and mitigates the threat of a new malware infection.
The timely application of software patches is critical; however, recent surveys indicate that:
- 60% of respondents reported that data breaches involved vulnerabilities for which a patch was available but not applied.
- 68% of respondents believe that data breaches occur due to poorly executed patch management.
Software and security patches help prevent malware infections
Short for malicious software, malware is an application written with the intent to cause damage to systems, steal data, gain unauthorized access to a network, or wreak havoc.
Malware (early launch anti malware) infection is one of the most common cyber threats that a business can face. It is often used to steal data for financial purposes, but it can also be applied as a weapon in state-orchestrated attacks, as a form of protest by hacktivists, or to test a system’s security posture.
Malware is a collective term and refers to variants of malicious software, such as Trojans, worms, or ransomware.
Cyber criminals are always looking for cyber security flaws and vulnerabilities in popular third-party operating systems and applications.
Once a cybercriminal finds a vulnerability, he will attack it with an exploit, a small piece of code that can be embedded in malware. If not stopped, malware can steal your confidential and personal information, take over your computer, or take it down and encrypt your data.
Once an attacker has command and control of your device, they can infect other endpoints on the same network. You can also transmit the malware to others by inadvertently sending an infected file.
That’s why it’s critical that you keep your operating system and applications up to date. If a vulnerability is found, you can bet an attacker will find it.
Patch management to prevent malicious malware
An enterprise may have hundreds, if not thousands, of devices and applications to patch, many of which are outside the perimeter.
Patching can be time consuming manually and many times applying a patch can make a device unavailable during patching. These are the reasons why companies use a patch management system.
A cloud patch management system can be a standalone product or part of a cyber security suite. Its role is to manage multiple software patches automatically and keep your infrastructure up-to-date and protected from threats.
Typically, the job of a System Administrator (SA) is to configure the system in accordance with the organization’s security policy, structure, and needs. When selecting a patch management system, you should look for these important features:
- Support for as many applications as possible, including operating systems and specific third-party applications.
- Built-in vulnerability assessments to properly identify security gaps and prioritize patching based on them.
- Ability to schedule patches and automate the process to minimize planned downtime and optimize your workflows.
- Ability to prepare patches, for example, install new patches in a special environment and automatically mark installed patches as approved after a period of a few days, if everything is working correctly.
- Ability to create custom groups of machines where only specific patches should be applied; these groups are typically organized by department, operating system used, running Java applications, and so on.
- A management console that provides the SA with patch status, visibility into all unpatched machines and the compliance status of each device (eg GDPR) and allows the SA to automatically fix the problem.
- A system that automatically retries patches that could not be applied because devices were offline, such as mobile devices and laptops; patches should be applied immediately when these devices come back online.
- A system that provides the SA with detailed reports and notifications such as missing patches, vulnerable systems, delayed updates, systems requiring a reboot, etc.
- A system that automatically backs up the device before a patch is applied to proactively improve uptime by allowing easy recovery in case a patch makes the system unstable.
Vulnerability assessment helps identify security weaknesses in your operating system and applications with a vulnerability assessment tool that assesses whether your computer is susceptible to known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends critical updates to keep you safe.
Vulnerability assessment helps prioritize patches based on vulnerability criticality to close security gaps faster and better react to exploitable vulnerabilities.
These mentioned capabilities are not exhaustive, but they do give you a solid start in your business when it comes to selecting a patch management system.
What are the steps to prevent supply chain attacks?
We’ve all heard of the SolarWinds breach where the vendor unknowingly sent malware-infected patches to their customers. This was an attack on the software supply chain. While this was an unusual event, it is a clear demonstration that there may be malware in TI’s patches. Patching can also cause other more frequent problems, including system conflicts. An incorrect system patch can render a device useless.
Here are the three steps your SA should take to mitigate the possibility of installing an infected or faulty patch. It is important to understand that even following these three steps cannot guarantee that a patch is not infected, but this approach is still recommended as a best practice.
Try. You will never, ever patch your entire infrastructure without testing because doing so can cause all your systems to go down. Instead, be sure to test patches on a limited number of devices and take the time to gather patch information.
Backup. Before applying any patch, be sure to perform a full image backup of the device. If something goes wrong, you can easily return to a working state and keep your data and systems safe.
Invest in next-generation antimalware. Be sure to use a next-generation antimalware (or early launch anti malware) program that detects and removes malicious applications. While traditional antimalware uses signatures to detect malware, next-generation antimalware uses behavior-based detection and heuristics. Behavior-based detection is a more complex technique and often relies on Artificial Intelligence (AI) and Machine Learning (ML). It requires a holistic view of all processes to determine which ones may be a threat. A program trying to get escalated privileges, for example, may indicate a threat.
Once installed, next-generation antimalware typically runs in the background, providing real-time protection against viruses, Trojans, worms, and other malware.
Most antivirus solutions support automatic and manual scanning. Automatic scans can inspect downloaded files, external storage devices, and files created by software installers.
Automatic scans of the entire hard drive are usually performed on a scheduled basis, while manual scanning capabilities allow users to scan specific files or the entire system when they deem it necessary.