In this article, we present a definition of malware, drill down into different types of malware and outline preventative measures.
What is Malware?
Malware is short for malicious software and it allows unauthorised access to networks for theft, sabotage, or espionage objectives. Malware comes in a variety of forms, and many cyberattacks employ a mixture of them to achieve their objectives. Although it typically spreads through phishing, malicious attachments, or malicious downloads, malware can also be spread by social engineering or flash drives.
Many early viral programmes were built as experiments or pranks, including the first Internet Worm. Nowadays, malware is utilised to steal personal, financial, and business information by both black hat hackers and governments.
What are the Different Kinds of Malware?
It would be too simple if there was one threat only. Instead, the malware “industry” exploits all methods imaginable to gain access to critical data or other information. Let’s start with the most impactful for most companies including SMEs.
In simple terms, ransomware threatens to publish or permanently limit access to the victim’s information or data unless a ransom is paid. More advanced ransomware uses a technique called cryptoviral extortion. Recovery of files without the decryption key in a properly executed cryptoviral extortion attack is an insurmountable task. Bad actors basically ask how much the data is worth to the victim. This puts the victim in a business threatening position where it has to decide between decrypting a virtually impenetrable crypto locker or paying a cyber-criminal. Both options are terrible, so ideally this scenario should be avoided.
Spyware is harmful software that collects information about a person or organisation and sends that information to another entity in a way that damages the user. For example, by invading their privacy or jeopardising the security of their equipment. This behaviour can be found in both virus and genuine applications. Web tracking, for example, is a spyware practice that some websites engage in. It’s possible that hardware devices will be affected as well. Although spyware is often linked to advertising and has many of the same problems, it becomes malicious when it collects words, passwords, and other private information, such as credit card numbers or banking details, at its most dangerous. All of this data can be obtained and exploited to steal identities or gain access to your business network.
A famous example is DarkHotel, a spyware that exploited public networks in hotels to deploy keyloggers and collect passwords from business and government leaders.
Trojans, Worms and Viruses
A Trojan masquerades as useful code or software. The Trojan can take control of victims’ systems for harmful reasons after being downloaded by unwary users. Worms take use of flaws in operating systems to infiltrate networks. They could obtain access through backdoors designed into software, inadvertent software weaknesses, or flash drives, among other methods. Malicious actors can use worms to perform DDoS attacks, steal sensitive data, or initiate ransomware assaults once they’ve been installed. A virus is a piece of code that infiltrates an application and runs when it is launched. A virus can be used to steal sensitive data, execute DDoS assaults, or carry out ransomware assaults after it has gained access to a network.
A virus can’t execute or reproduce itself unless the app it infects is running. Viruses differ from trojans, which require users to download them, and worms, which execute without the use of applications.
Famous examples are:
- Emotet is a sophisticated banking trojan that was first discovered in 2014. Emotet is difficult to combat because it evades signature-based detection, is persistent and contains spreader modules that aid in its spread. Emotet has cost state, local, tribal, and territorial governments up to $1 million per incident to remediate, according to a US Department of Homeland Security alert.
- Stuxnet was most likely created by US and Israeli intelligence agencies with the goal of delaying Iran’s nuclear programme. A flash drive was used to introduce it into Iran’s environment. Stuxnet’s creators never expected it to escape its target’s network because the environment was air-gapped, but it did. Stuxnet spread quickly once it was released into the wild, but it caused little damage because its sole purpose was to disrupt the uranium enrichment process’s industrial controllers.
- The ILOVEYOU virus spread via email and disguised itself as a love letter from one of its victims’ contacts. The malware was hidden in the “LOVE-LETTER-FOR-YOU.TXT.vbs” attachment. The worm began overwriting random files on the user’s PC after the user activated a Visual Basic script (a programming language that allows programmers to modify code). The worm also made copies of itself and sent them to everyone in the user’s address book. Over ten million Windows PCs were infected with ILOVEYOU. The Pentagon, the British Government, and the CIA all had to shut down their mail systems due to the sudden rush caused by the “love” bug.
Protect and Prevent
Over the last 2 years only, we’ve seen major payments made by organisations including the University of California in San Francisco (£808k), Travelex (£1.63M), and Colonial Pipeline (£3.1M). Yes, these are big organisations, yes, the one-time gain was huge, but no, not only large organisations are targeted. That’s, simply put, a myth. The reality is that verybody is a target because it’s much easier to breach 10 companies with 50 staff and extort £10k each time than one company with 500 staff for £100k. Larger organisations invest more in their equipment and security measures while SMBs lack the funds or expertise to implement the same methods.
Make sure to review your setup regularly and use a cohesive security stack including an up-to-date firewall, Endpoint Detection & Response (EDR), whitelisting and blacklisting, Indicators of Compromise (IoCs), and train your staff to prepare them against social or email phishing attempts.
The last line of defence will always be your backup and disaster recovery plan. Make sure to test your backups regularly to ensure that they are functional and not infected.
IQ in IT is a Technology Success Provider and supports you as your outsourced IT department. If you have any question or would like a deep dive on any of the topics discussed, don’t hesitate to get in touch.