Today’s enterprises must ensure that all hardware being utilized for business purposes – from individual workstations and mobile devices to the overall network – are adequately protected against cyberattacks. Current malware infections have the ability to spread from one system to another, depending on the sample, making it increasingly important to have an overarching security plan, including safeguards for servers such as a restore software like Deep Freeze Server.
Recently, security researchers discovered a large-scale malware attack, being called “Operation Windigo,” that infected a considerable number of servers and sent out millions of spam emails. This resulted in the widespread infection not only of the servers, but of the user devices utilized to open the malicious messages as well.
Windigo: Growing attack campaign
Although this strain resurfaced in March 2014, it has been on security experts’ radar since it was first uncovered in 2011. Researchers recently published a report on the Windigo attack campaign, noting that it mainly targets servers connected with kernel.org, belonging to the Linux Foundation, as well as systems associated with cPanel Web hosting control panel developers.
The server malware sample has been primarily active for 36 months, during which it infiltrated and jeopardized more than 25,000 servers. Once infected, the malware forced the hardware to disperse over 35 million spam emails on a daily basis, putting Windows Web users at risk of drive-by malware attacks. Furthermore, it can also display malicious banner advertisements for pornography on any type of computer.
In the report, experts noted that this infection may seem small scale in comparison to other attacks where millions of workstations may have been compromised, but it in this case, each infected system is a server, not an individual computer.
“These [servers] usually offer services to numerous users and are equipped with far more resources in terms of bandwidth, storage and computation power than normal personal computers,” researchers stated. “A denial of service attack or a spam-sending operation using one thousand servers is going to be far more effective than the same operation performed with the same number of desktop computers.”
Protecting servers from malware attacks
For this reason, it is vital to ensure that servers and other network systems are safeguarded against these kinds of attacks.
One step organizations can take with these efforts is to implement a monitoring solution that will oversee network activity and alert individuals of any suspicious actions that could point to a malware infection. Administrators should also seek to deploy a reboot to restore solution like Deep Freeze, which can bring the system back to pre-infection settings upon being reset.