3 Ways to avoid malware infection in software patches

The objective of a software patch is to eliminate a vulnerability or fix a software flaw that is identified after the software is released, add new functionality or improve performance. Timely installation of newly released patches is an important maintenance step. It keeps your systems current and stable, optimizes performance, and mitigates the threat of new malware infection.

Timely application of software patches is absolutely critical, yet recent surveys indicate that:

• 60% of respondents reported that data breaches involved vulnerabilities for which a patch was available but not applied.
• 68% of respondents believe that data breaches occur because of poorly executed patch management.

Shorthand for malicious software, malware is an application written with the intent to cause damage to systems, steal data, gain unauthorized access to a network, or wreak havoc. Malware infection is one of the most common cyberthreats that a business can face. It is often used to steal data for financial purposes but can also be applied as a weapon in state-orchestrated attacks, as a form of protest by hacktivists, or to test the security posture of a system. Malware is a collective term and refers to several malicious software variants, such as trojans, worms, or ransomware.

Cybercriminals are always looking for cyber security flaws and vulnerabilities in operating systems and popular third-party applications. Once a cybercriminal finds a vulnerability, they will target it with an exploit, a small piece of code that can be embedded into malware. If not stopped, the malware can steal your sensitive and personal information, control your computer, or bring it down, and encrypt your data. Once an attacker has command and control of your device, they can infect other endpoints on the same network. You can also pass the malware onto other individuals by inadvertently sending an infected file.

This is why it is absolutely critical that you keep your operating system and applications up to date. If there is a vulnerability to be found, you can bet an attacker will find it.

A business can have hundreds, if not thousands, of devices and applications to patch, many of which are outside the perimeter. It can take a lot of time to apply patches manually and many times, applying a patch can make a device unavailable during patch application. These are the reasons why businesses use a patch management system.

A cloud patch management system can be a standalone product or part of a cyber security suite. Its function is to manage multiple software patches automatically and keep your infrastructure up to date and protected from threats. It is typically the job of a system administrator (SA) to configure the system in accordance with the organization’s security policy, structure, and needs. When selecting a patch management system, you want to look for these important features:

• Support for as many apps as possible, including operating systems and specific third-party applications
• Integrated vulnerability assessments to properly identify security gaps and prioritize patching based on it.
• Ability to schedule patches and automate the process to minimize planned downtime and streamline your workflows
• Ability to stage patches, e.g., install new patches into a special environment and automatically mark the installed patches as approved after a period of a few days if everything performs correctly
• Ability to create custom groups of machines where only specific patches should be applied; these groups are typically arranged according to department, operating system used, java apps running, etc.
• A management console that provides the SA with the status of patches, visibility into all unpatched machines, and each device’s compliance status (e.g., GDPR) and allows the SA to automatically fix the problem
• A system that automatically retries applying patches that could not be applied because the devices were offline, such as mobile devices and laptops; patches should be immediately applied when these devices come back online
• A system that provides the SA with detailed reports and notifications, such as missing patches, vulnerable systems, delated updates, systems requiring reboot, etc. 
• A system that automatically backs up the device before a patch is applied to proactively improve uptime by enabling easy recovery in case a patch renders the system unstable

Vulnerability assessment helps identify the security weaknesses in your operating system and apps with a vulnerability assessment tool that evaluates if your computer is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends critical updates to keep you safe. Vulnerability assessment helps prioritize patches based on vulnerability criticality to close security gaps faster and better react to exploitable vulnerabilities.

These listed capabilities  are not exhaustive, but they provide you with a solid start on your business when it comes to selecting a patch management system. 

We have all heard of the SolarWinds breach where the vendor unknowingly sent malware-infected patches to its customers. This was a software supply chain attack. While this was an unusual event, it is a clear demonstration that there can be malware in IT patches. Applying patches can cause other, more frequent problems as well, including system conflicts. A bad system patch can render a device unusable.

Here are the three steps your SA should follow to mitigate the chance of installing an infected or bad patch. It is important to understand that even following these three steps cannot guarantee that a patch is not infected but this approach is still recommended as a best practice.

Test. You never, ever deploy a patch across your entire infrastructure without testing because doing so can bring down all your systems. Instead, be sure to test patches across a limited number of devices and take the time to gather information about the patch.

Back up. Before applying any patches, be sure to make a full-image backup of the device. If anything goes wrong, you can easily rollback to a working state and keep your data and systems safe. 

Invest in next-gen anti-malware. Be sure to use a next-gen anti-malware (or anti-virus) program that detects and removes malicious applications. While traditional anti-malware uses signatures to detect malware, next-gen anti-malware uses behavioral-based detection and heuristics. Behavioral-based detection is a more complex technique and often relies on artificial intelligence (AI) and machine learning (ML). It requires a holistic view over all processes to determine which ones may be a threat. A program that attempts to gain escalated privileges, for example, may indicate a threat.

Once installed, the next-gen anti-malware usually runs in the background, providing real-time protection against viruses, trojans, worms, and other malware. Most antivirus solutions support both automatic and manual scanning. Automatic scans may inspect downloaded files, external storage devices, and files created by software installers. Automatic scans of the entire hard drive are usually performed on a scheduled basis, while manual scan capabilities allow users to scan specific files or the whole system whenever they deem it necessary.   

Acronis Cyber Protection offers vulnerability assessment and patch management functions that meet all the requirements discussed above and provide detailed information about devices and applications running on your network. Vulnerabilities are classified according to an internal severity scale and required updates are automatically fetched and rolled out to different groups in a variety of ways according to the protection policies. With built-in vulnerability assessments, regular scans identify machines, systems, and applications that pose security gaps and require patches and updates. These can easily be rolled out on-demand or according to a schedule – depending on your IT needs. Acronis Cyber Protect’s vulnerability assessments support Windows-based and Linux-based machines.

Acronis distributes patches from its cloud servers around the world but also uses peer-to-peer patch distribution technology to prevent slowdowns during patch rollout. Acronis Cyber Protect’s patch management feature can patch endpoints, which are located inside and outside the corporate network and fail-safe patch management functionality can be used in unique safe restore scenarios from a full disk backup.

 Malware can be in your backups, especially in full system backups. This happens when there is no anti-malware product on the backed-up machine or the anti-malware solution in place did not catch it. Acronis Cyber Protect scans backed-up data in the Acronis Cloud, allowing for more aggressive heuristics – and more powerful detection – while not impacting endpoint performance. Once the malware is identified and eliminated, your SA can restore a user’s machine from a “clean” disk image, free from malware. Acronis can also patch the system to the latest available updates automatically – based on SA preference – and prevent live new worm epidemics. 

Additional Acronis Cyber Protection features include:

• Auto-approval of patches
• Deployment on a schedule
• Manual deployment
• Flexible reboot and maintenance window options
• Staged deployment
• All Windows updates including MS Office, and Win10 apps
• Support for patch management of Microsoft and ⦁    more than 200 third-party applications on Windows