The first thing that happens is we know that the IT personnel are working overtime and are still not keeping up with problems.
How you say can this possibly be happening?
How about this for a headline:
"Developers have To Fix a Vulnerability(Badlock) for the April 12th patch Tuesday" (says Microsoft) Security Affairs¹ has the story.
Badlock is a vulnerability in Samba and Windows File Services technologies.
This means that a hacker can create some code (also called malware - MALicious SoftWARE) that if run on the affected machines will be taken over by the hacker.
So from(3/23) now until 4/12 at least there is no fix for this problem. And if a hacker somehow gets into your windows systems the only way to know is if you can track the hacker movements.
Samba² software has been updated already to 4.1.7 this vulnerability has been known in the hacker world since February 23rd (from the CVE-2015-0240, so this is a well known exploitable vulnerability in the hacker world.
How do we know? Because there are markets where the hackers can sell their malware to other criminals which use them to attack us. Darknet³ is a marketplace of hackers and criminals selling and buying various sections of the attack and exploit into our environments.
The reason things have gotten worse is that the attackers have gotten better and better while we have improved marginally, and the reality is it is easier to attack and succeed only once instead of defending 365x days per year 24x hours per day.
So what can be done?
It is important to get started like in this page we have created: https://fixvirus.com/patching-your-computers-consistent-policy-defends-against-attackers/ on our page.
Getting started on proper Cybersecurity has to be started sometime. So don't be overwhelmed and start writing a security policy so that your employees know what their role is. good communication is a must.
Contact Us to help you with writing a Security policy, notice we do not have previous client names on this site since the confidentiality of our clients is important. (we can give you specific referrals but that takes time). Let's start with an initial visit which is free.
Once you have a program in place - and people looking at logs and more, then you can create a methodology to find the hackers when they are in the environment -
Find them when they try to execute code that does not belong. when the code tries to communicate to their command and control servers.
Once the plan is in place then create new scripted methods to find unknown malware.
Why wait until security policy is in place? Because one has to know what is on the systems and what is good before you can stop the malware. And it is always better when documentation is available.