Regardless of how familiar you are with Information Security, you’ve probably come across the term ‘malware’ countless times. From accessing your business-critical resources and sensitive information to halting business operations and services, a malware infection can quickly become an organization’s worst nightmare come true.
As a business owner, you must be aware of the implications of different types of malware on your company’s bottom line, and what steps you can take to protect your company from future attacks.
This article will walk you through the various types of malware, how to identify and prevent a malware attack, and how to mitigate the risks.
Malware, a combination of the terms ‘malicious’ and ‘software,’ includes all malicious programs that intend to exploit computer devices or entire network infrastructures to extract victim’s data, disrupt business operations, or simply, cause chaos.
There’s no definitive method or technique that defines malware; any program that harms the computer or system owners and benefits the perpetrators is malware.
A malware usually exploits unpatched software vulnerabilities to compromise an endpoint device and gain a foothold in an organization’s internal network.
It could be hidden in a malicious advertisement, fake email or illegitimate software installation. Cybercriminals often leverage social engineering tactics like phishing and spear-phishing to propagate sophisticated malware.
From mining cryptocurrency to launching DDoS attacks against networks, there are countless ways in which malware can access and utilize victim’s computers and data.
How often have you ignored unusual system slowdowns or unexpected pop-up messages?
Unfortunately, this could be your computer trying to give away the presence of malware. To stop a malware attack in its tracks, you must first be able to identify an infection.
Here are some of the key signs that almost always indicate malware progressing in your computer system:
All of these could be typical signs of malware. The more symptoms you see, the more likely it is that you’re dealing with an infected computer.
But don’t just solely rely on the list included above. It is not unusual to have your system or network infected with malware, such as spyware, that often lingers secretly with no apparent symptoms.
Don’t worry though. We’ll be discussing how to detect and remove malware silently lurking in your system, exfiltrating sensitive data.
Malware can be categorized based on how it behaves (adware, spyware and ransomware), and how it propagates from one victim to another (viruses, worms and trojans). For instance, computer worms are self-propagating malicious software, while trojans need user activation to infect and spread.
Here are a few of the most common malware types that most people have heard of,, and how they continue to wreak havoc across industries.
If you’re lucky, the only malware program you’ve come in contact with is adware, which attempts to expose the compromised end-user to unwanted, potentially malicious advertising.
A common adware program might redirect a user’s browser searches to look-alike web pages that contain other product promotions.
Statistics gathered between October and December 2019 by Avast’s Threat Lab experts show that adware was responsible for 72% of all mobile malware, and the remaining 28% consisted of banking trojans, fake apps, lockers, and downloaders.
Spyware can silently infect a computer, mobile device or tablet, trying to collect keystrokes, gather sensitive data, or study user behavior, all the while victims remain entirely unaware of the intrusion.
Hackers may use a keylogger to capture sensitive information, including payment details and login credentials of victims, or they may leverage a screen grabber to capture internet activity.
A common type of spyware is a RAM scraper that attacks the storage (RAM) of electronic point-of-sale (POS) devices to scrap customers’ credit card information.
One of the most notorious one being the BlackPOS spyware that compromised the data of over 40 million Target customers in 2013.
Ransomware is one of the most widespread cyber threats, making up at least 27% of all malware incidents as per Verizon’s annual DBIR report (2020).
Ransomware programs gain access to a computer’s file system and execute a payload to encrypt all data. The data is neither stolen nor manipulated. Shortly after a ransomware attack, cybercriminals will demand a ransom amount, usually in cryptocurrency, in exchange for the cipher key.
Programs such as Windows Defender and McAfee do have security in place to remove ransomware, but it is often the case that these programs are not kept up to date, leaving businesses vulnerable to ransomware attacks.
WannaCry 2017 is well-known for the stir and panic it caused in May 2017 by affecting thousands of NHS hospitals, delaying critical medical procedures, and rerouting ambulances. The ransomware leveraged a Microsoft exploit, EternalBlue, which already had a patch that many conveniently did not apply. Unfortunately, most of the data it encrypted was lost for good due to faulty code.
A virus is the most commonly known form of malware. It differs from other malware in its ability to attach to a host file and infect other files on the computer system. It copies itself whenever the file is copied, and once a user opens the file, the virus payload is executed.
Viruses can be highly destructive, infecting the hard drive on victim’s computers and overwriting or exfiltrating critical information.
Email attachments are the top vector leading to virus infections. Computer viruses often utilize deception techniques and keep evolving to evade antivirus software. Viruses like CIH (Chen lng-hau) do not increase the file size of the host file, thus becoming undetectable for antivirus programs that detect viruses based on the file size.
A worm is quite similar to a computer virus, except it is a standalone software that does not rely on a host file or a user to propagate itself.
A worm is self-replicating and can quickly spread across computer networks by distributing itself to the victim’s contact list and other devices on the same network.
A firewall can be effective in stopping the spread of worms through network endpoints. However, antimalware is required for detecting worms disguised as email attachments.
NotPetya shook the entire world in June 2017. It was undisputedly the fastest spreading, most destructive worm that crippled hospitals, multinational companies and pharmaceutical giants globally by irreversibly encrypting systems’ master boot records.
A trojan horse is a malware program that advertises itself as legitimate software and tricks users into downloading and executing it. Once activated, it can harm the victim’s computer in several ways, including keylogging.
Mostly, it can create a backdoor to bypass firewalls and security software to give remote access to unauthorized users who can steal data and control the computer system.
Trojans cannot self-replicate and are often propagated through email attachments and internet downloads.
The backdoor trojan, PlugX malware, compromised around 7.93 million customer records from a Japanese travel agency, JTB Corp, in July 2016. And it all started with a single employee falling prey to a phishing email.
A botnet is a network of internet-connected ‘zombie’ computers that can execute coordinated actions after receiving commands from a centralized server.
Bots secretly infect a computer, which then becomes a part of the bot network. They can be used to launch spam emails and distributed denial of service (DDoS) attacks, leveraging hundreds of thousands of compromised computers.
Conficker, or Downadup, is a fast-propagating malware discovered in November 2008. Over the years, it has infected millions of computers to create a botnet. Cybercriminals can utilize the botnet to carry out malicious activities, such as phishing, identity theft and bypassing security to access private networks.
In addition to the types discussed above, there are many other types of malware that are less common but equally destructive.
A rootkit is a collection of software tools that can gain access to an operating system and assume administrative privileges.
It can use the acquired privileges to facilitate other types of malware infecting a computer. Moreover, it can also take over browsing sessions to prevent access to webpages with antimalware programs.
Fileless malware is a malicious code that exploits legitimate software programs and operating system tools to infect a computer’s memory.
As the name suggests, it does not need a file system to spread, and therefore, leaves no trace for detection through traditional antimalware programs.
Scareware is basically a scam used by attackers to trick victims into thinking that their computers or mobile devices have been compromised.
It typically displays pop-ups on webpages to scare a user into purchasing and installing fake, potentially harmful, security software.
Today, bad actors often launch cyber attacks that are a combination of several malware types.
For instance, a worm could quickly self-replicate and deliver an executable to encrypt file systems across computer networks and launch massive ransomware. These hybrid forms of malware are even harder to detect, contain and remove.
The threat landscape is ever-evolving, and so are the security mechanisms. With malware becoming more sophisticated than ever, businesses must stay ahead of the cybersecurity game by ensuring that:
No single security program is enough for malware that is known to morph and evolve rapidly to avoid detection.
With today’s virtually endless endpoint devices and huge attack surface, security incidents are inevitable.
A reputable enterprise antimalware program can detect an installed malware, quarantine the infected device to avoid transmission, and remove the malware.
But let’s not forget that preventing a malware infection altogether is much easier than getting rid of it once it has infiltrated your IT infrastructure.
The best course of action is to adopt a proactive approach to cybersecurity.