Regardless of how familiar you are with Information Security, youāve probably come across the term āmalwareā countless times. From accessing your business-critical resources and sensitive information to halting business operations and services, a malware infection can quickly become an organizationās worst nightmare come true.
As a business owner, you must be aware of the implications ofĀ different types of malwareĀ on your companyās bottom line, and what steps you can take to protect your company from future attacks.
This article will walk you through the variousĀ types of malware, how to identify and prevent aĀ malware attack,Ā and how to mitigate the risks.
What is Malware?
Malware, a combination of the terms āmaliciousā and āsoftware,ā includes allĀ malicious programsĀ that intend to exploit computer devices or entire network infrastructures to extract victimās data, disrupt business operations, or simply, cause chaos.
Thereās no definitive method or technique that definesĀ malware; any program that harms the computer or system owners and benefits the perpetrators is malware.
A malware usually exploits unpatchedĀ software vulnerabilitiesĀ to compromise anĀ endpointĀ device and gain a foothold in an organizationās internal network.
It could be hidden in a malicious advertisement, fake email or illegitimate software installation.Ā CybercriminalsĀ often leverageĀ social engineeringĀ tactics likeĀ phishingĀ andĀ spear-phishingĀ to propagate sophisticated malware.
From miningĀ cryptocurrencyĀ to launchingĀ DDoS attacksĀ against networks, there are countless ways in which malware can access and utilizeĀ victimās computersĀ and data.
Warning Signs ofĀ Malware Infection
How often have you ignored unusual system slowdowns or unexpected pop-up messages?
Unfortunately, this could be your computer trying to give away the presence of malware. To stop aĀ malware attackĀ in its tracks, you must first be able to identify an infection.
Here are some of the key signs that almost always indicate malware progressing in yourĀ computer system:
- Your computer starts running slowly and takes forever to boot.
- Your computer screen freezes or the system crashes, displaying the āBlue Screen of Deathā (BSOD)
- Your web browser keeps redirecting you to unknown, suspicious websites.
- Security warnings keep popping up, urging you to take immediate action or install a particular security product.
- ManyĀ pop-upĀ ads start appearing randomly.
All of these could be typical signs of malware. The more symptoms you see, the more likely it is that youāre dealing with anĀ infected computer.
But donāt just solely rely on the list included above. It is not unusual to have your system or network infected with malware, such asĀ spyware,Ā that often lingers secretly with no apparent symptoms.
Donāt worry though. Weāll be discussing how to detect and remove malware silently lurking in your system, exfiltratingĀ sensitive data.
Common Types of Malware
Malware can be categorized based on how it behaves (adware,Ā spywareĀ andĀ ransomware), and how it propagates from one victim to another (viruses, worms and trojans). For instance,Ā computer wormsĀ are self-propagatingĀ malicious software, while trojans need user activation to infect and spread.
Here are a few of the most common malware types that most people have heard of,, and how they continue to wreak havoc across industries.
1. Adware
If youāre lucky, the only malware program youāve come in contact with isĀ adware, which attempts to expose the compromisedĀ end-userĀ to unwanted, potentially malicious advertising.
A commonĀ adwareĀ program might redirect a userās browser searches to look-alikeĀ web pagesĀ that contain other product promotions.
Statistics gathered between October and December 2019 byĀ Avastās Threat LabĀ experts show thatĀ adwareĀ was responsible for 72% of all mobile malware, and the remaining 28% consisted of banking trojans, fake apps, lockers, and downloaders.
2. Spyware
SpywareĀ can silently infect a computer, mobile device or tablet, trying to collectĀ keystrokes, gatherĀ sensitive data,Ā or study user behavior, all the while victims remain entirely unaware of the intrusion.
Hackers may use aĀ keyloggerĀ to captureĀ sensitive information, including payment details and login credentials of victims, or they may leverage a screen grabber to captureĀ internet activity.
A common type ofĀ spywareĀ is a RAM scraper that attacks the storage (RAM) of electronic point-of-sale (POS) devices to scrap customersāĀ credit cardĀ information.
One of the most notorious one being theĀ BlackPOSĀ spywareĀ that compromised the data of over 40 million Target customers in 2013.
3. Ransomware
RansomwareĀ is one of the most widespreadĀ cyber threats, making up at least 27% of all malware incidents as perĀ Verizonās annual DBIR report (2020).
RansomwareĀ programsĀ gain accessĀ to a computerās file system and execute aĀ payloadĀ toĀ encryptĀ all data. The data is neither stolen nor manipulated. Shortly after aĀ ransomware attack,Ā cybercriminalsĀ will demand a ransom amount, usually inĀ cryptocurrency, in exchange for the cipher key.
WannaCry 2017Ā is well-known for the stir and panic it caused in May 2017 by affecting thousands of NHS hospitals, delaying critical medical procedures, and rerouting ambulances. TheĀ ransomwareĀ leveraged aĀ MicrosoftĀ exploit, EternalBlue, which already had a patch that many conveniently did not apply. Unfortunately, most of the data it encrypted was lost for good due to faulty code.
4. Computer Viruses
A virus is the most commonly known form of malware. It differs from other malware in its ability to attach to aĀ host fileĀ and infect other files on theĀ computer system. It copies itself whenever the file is copied, and once a user opens the file, the virusĀ payloadĀ is executed.
Viruses can be highly destructive, infecting theĀ hard driveĀ onĀ victimās computersĀ and overwriting or exfiltrating critical information.
Email attachmentsĀ are the top vector leading to virus infections.Ā Computer virusesĀ often utilize deception techniques and keep evolving to evadeĀ antivirus software. Viruses like CIH (Chen lng-hau) do not increase the file size of theĀ host file, thus becoming undetectable forĀ antivirusĀ programs that detect viruses based on the file size.
5. Computer Worms
A worm is quite similar to aĀ computer virus, except it is a standalone software that does not rely on aĀ host fileĀ or a user to propagate itself.
A worm isĀ self-replicatingĀ and can quickly spread acrossĀ computer networksĀ by distributing itself to the victimās contact list and other devices on the same network.
AĀ firewallĀ can be effective in stopping the spread of worms through networkĀ endpoints. However, antimalware is required for detecting worms disguised asĀ email attachments.
NotPetya shook the entire world in June 2017. It was undisputedly the fastest spreading, most destructive worm that crippled hospitals, multinational companies and pharmaceutical giants globally by irreversibly encrypting systemsā master boot records.
6. Trojan Horse
AĀ trojan horseĀ is a malware program that advertises itself asĀ legitimate softwareĀ and tricks users into downloading and executing it. Once activated, it can harm theĀ victimās computerĀ in several ways, includingĀ keylogging.
Mostly, it can create aĀ backdoorĀ to bypassĀ firewallsĀ andĀ security softwareĀ to giveĀ remote accessĀ to unauthorized users who canĀ steal dataĀ and control theĀ computer system.
Trojans cannotĀ self-replicateĀ and are often propagated throughĀ email attachmentsĀ and internet downloads.
TheĀ backdoorĀ trojan,Ā PlugX malware, compromised around 7.93 million customer records from a Japanese travel agency, JTB Corp, in July 2016. And it all started with a single employee falling prey to aĀ phishing email.
7. Botnets
AĀ botnetĀ is a network of internet-connected āzombieā computers that can execute coordinated actions after receiving commands from a centralized server.
Bots secretly infect a computer, which then becomes a part of the bot network. They can be used to launch spam emails and distributedĀ denial of serviceĀ (DDoS) attacks, leveraging hundreds of thousands of compromised computers.
Conficker, or Downadup, is a fast-propagating malware discovered in November 2008. Over the years, it has infected millions of computers to create aĀ botnet.Ā CybercriminalsĀ can utilize theĀ botnetĀ to carry out malicious activities, such asĀ phishing, identity theft and bypassing security to access private networks.
Less Common Types of Malware
In addition to the types discussed above, there are many otherĀ types of malwareĀ that are less common but equally destructive.
1. Rootkit
AĀ rootkitĀ is a collection of software tools that canĀ gain accessĀ to anĀ operating systemĀ and assume administrative privileges.
It can use the acquired privileges to facilitate otherĀ types of malwareĀ infecting a computer. Moreover, it can also take over browsing sessions to prevent access toĀ webpagesĀ withĀ antimalwareĀ programs.
2. Fileless Malware
Fileless malwareĀ is aĀ malicious codeĀ that exploitsĀ legitimate softwareĀ programs andĀ operating systemĀ tools to infect a computerās memory.
As the name suggests, it does not need a file system to spread, and therefore, leaves no trace for detection through traditionalĀ antimalwareĀ programs.
3. Scareware
Scareware is basically a scam used by attackers to trick victims into thinking that their computers orĀ mobile devicesĀ have been compromised.
It typically displaysĀ pop-upsĀ onĀ webpagesĀ to scare a user into purchasing and installing fake, potentially harmful,Ā security software.
Today, bad actors often launchĀ cyber attacksĀ that are a combination of several malware types.
For instance, a worm could quicklyĀ self-replicateĀ and deliver anĀ executableĀ toĀ encryptĀ file systems across computer networks and launch massiveĀ ransomware. These hybrid forms of malware are even harder to detect, contain and remove.
How to Protect Your Business From Malware
The threat landscape is ever-evolving, and so are the security mechanisms. With malware becoming more sophisticated than ever, businesses must stay ahead of theĀ cybersecurityĀ game by ensuring that:
- All business applications andĀ operating systemsĀ are always up-to-date, and available patches for knownĀ software vulnerabilitiesĀ are installed.
- AntimalwareĀ scans are run regularly across all devices that access the internal network.
- Employees only install apps and software that they actually need from legitimate sources.
- Mobile devicesĀ that access the private network are also well-equipped with mobile security solutions.
- Single Sign-onĀ (SSO) and Multi-factor Authentication (MFA) mechanisms are implemented to protect against keylogging.
- In flexible working or bring your own device (BYOD) environments, employees have separate PCs for work and personal use.
- Employees are aware of theĀ cybersecurityĀ best practices, and regular security awareness workshops are conducted.
- Employees are knowledgeable enough to spot aĀ phishing emailĀ and double-check before providingĀ sensitive information.
- Your organization has invested in Security Information and Event Management (SIEM) software to aggregate and analyze event logs generated by network and apps.
- If you work with an MSP (Managed Service Provider), make sure they are also a Managed IT Security Provider. Certain certifications will help you identify whether or not they can provide a high level of security including, but not limited to:
- Certified Informations Systems Security Professional (CISSP)
- AICPA Service Organization Control Reports SOC 2 Certification
- MSP Alliance Cyber Verify AAA Rated Company
How to Get Rid of Malware
No single security program is enough for malware that is known to morph and evolve rapidly toĀ avoid detection.
With todayās virtually endlessĀ endpointĀ devices and huge attack surface, security incidents are inevitable.
A reputable enterpriseĀ antimalwareĀ program can detect an installed malware, quarantine the infected device to avoid transmission, and remove the malware.
But letās not forget that preventing aĀ malware infectionĀ altogether is much easier than getting rid of it once it has infiltrated your IT infrastructure.
The best course of action is to adopt a proactive approach toĀ cybersecurity.