Frequently Asked Questions
Q) What is one of the most common methods for a person's computer to become infected with malicious software?
A) One of the most prevalent ways personal computers become compromised is by unknowingly clicking on a link or opening an email attachment that will exploit vulnerabilities in the victim's computer. This is called a "spearfishing" attack and is conducted by state-sponsored intelligence organizations, international criminals, along with other cyber actors operating over the Internet.
Q) Is there a way to identify suspicious connections my computer makes to the Internet?
A) Yes, a user can monitor both "inbound" and "outbound" traffic on their computer to identify either IP addresses and/or domains that are unfamiliar to the user. While many connections are normal (such as those to security product vendors, social media accounts, etc), others may be malicious or warrant further investigation with Internet searches. Many security firms now publish technical information relating to malicious programs that may help diagnose a user's Internet connections.
Q) What can a person do to help protect their computers from a spear-phishing attack?
A) Multiple things can be done to protect a user's device from an attacker. This can include keeping all software updated with the latest patches, running a reputable security product, and being very caution when clicking on links or opening email attachments. It should be noted that an attacker can spoof the "sender's email address" when delivering a spearfishing email to a victim. Therefore, any link or attachment that seems unusual from a known sender should be validated (maybe by a phone call to the person) before opening or clicking on a link.
Q) What can be done on a large scale to help reduce malicious activities that occur over the Internet?
A) A major initiative could be undertaken by the global community to establish and share information related to malicious domain names and prohibit public DNS servers from resolving these domains. This would make a malicious program unable to communicate with its attacker's command & control infrastructure. Many DNS providers currently do this process, called a "sinkholed" domain, however; the effort is not done on a global scale to a large percentage of the public DNS servers.