Cybersecurity is paramount to businesses protecting their data from cyber criminals. Malicious software, or malware, poses a significant threat to companies, as it comes in various forms. No matter the type, the overall goal of malware is to cause harm, though that could mean exploiting vulnerabilities, compromising the integrity, confidentiality and availability of sensitive data, spreading more malware and damaging or disabling devices, systems and networks.
To best defend against malware, knowing the different types and how to prevent them is important.
1. Ransomware
Ransomware is the most notable type of malware. This extortion software encrypts data or restricts user access to a device or system until a ransom (sometimes a cryptocurrency like Bitcoin) is paid. Once the files are corrupted, it’s impossible to recover them without a decryption key. However, there is no guarantee that once you pay the cyber criminal, they will give you the key.
Ransomware is usually delivered through malicious links in phishing emails or on a fake website. Some hackers will threaten to release the selected materials on the dark web unless they’re paid. This type of malware can paralyze businesses and cause financial and operational damage and downtime until the files are restored.
Some examples of ransomware include the JBS attack, the Kaseya attack, the WannaCry incident, RYUK, Locky, the RobbinHood attack and the CryptoLocker attack.
2. Virus
Viruses are among the oldest and most well-known forms of malware. This self-replicating malicious code attaches itself to programs or files, waits until the victim accidentally activates it and then spreads to other devices while deleting or corrupting data. Viruses spread uncontrollably by continuously self-replicating, slowing down devices and causing significant operational damage. They often appear as downloadable email or internet files and rely on social engineering or vulnerabilities. However, viruses cannot reproduce until activated.
There are several types of viruses: macro viruses, file infectors, system or boot-record infectors, overwrite viruses, stealth viruses, polymorphic viruses and resident viruses.
3. Spyware and Adware
Spyware is designed to gather confidential data about a victim’s activity and send it to the hacker without the victim’s knowledge to consent. The stolen information can include credentials, banking details, browsing habits, keystrokes or personally identifiable information (PII). Spyware operates in the background of a computer or phone, making it hard to detect, and it’s usually installed on the device through social engineering or vulnerability exploitations.
A sub-type of spyware is adware, which tracks a user’s online activity to determine which advertisements, pop-ups or banners to show on the device. It can also collect data and sell it to advertisers. Adware impacts the user’s device and degrades their experience by slowing down the IT system, displaying unwanted ads or directing the user to potentially harmful websites. Ad blockers are a great tool for thwarting adware.
Another spyware sub-type is keyloggers or keylogging, which monitors and logs user activity, specifically in your keystrokes. Though businesses can use keylogging to track employee activity or parents can use it to track their child’s online behavior, in the hands of cyber criminals, it can be used to steal login credentials, banking information and other sensitive information.
Examples of spyware include DarkHotel, CoolWebSearch and Pegasus.
4. Trojan Horse
Named after the Greek ploy, this malware involves a seemingly legitimate software, program or file disguising hidden malicious code that’s activated once the program is used. Trojan horses are usually hidden in an email attachment, a downloadable file or a message.
Once opened, they create security backdoors that collect sensitive user data, allow unauthorized system access, install more malware or delete, modify and steal data, making them hard to detect and extremely damaging to devices or systems. Like viruses, they require action to be deployed, but unlike other malware, Trojans don’t self-replicate.
Examples are Emotet, TrickBot, ZeuS/Zbot and FluBot.
5. Worm
Like viruses, this malicious code self-replicates to attack other hosts, inject more malware and consume data and resources. However, this standalone program doesn’t need a host program or user interaction to create copies of itself; they exploit vulnerabilities to gain access and spread.
Once inside, worms can cause widespread damage by consuming network bandwidth and causing significant system disruption. They can also execute payloads to delete, steal or encrypt files and data. They typically move from one computer to the next by sending a copy of themselves via an infected computer’s network connection, email or messages.
Examples include ILOVEYOU, SQL Slammer, Stuxnet, Morris and Mydoom.
6. Botnet
A botnet (short for robot network) is when a bot herder remotely uses a network of bots, or computers infected with malware (Trojans, viruses, worms), and can be remotely controlled to launch attacks to crash a clean network, perform more malicious activities, generate fraudulent revenue or harvest credentials.
These infected computers are usually located in different geographical locations, making them hard to trace. They use their combined power and resources to magnify their malicious attacks. They’re often used in Distributed Denial of Service attacks or large-scale automated attacks.
Additional Malware
Though we have covered the six main types of malware, there are some other types you should know:
- Rogueware or scareware: This misleading content tricks victims into believing their computer is infected and they need to click or download a “fix” to remove the malware. Instead, the “fix” installs malware. Some rogueware will ask you to pay for the “fix,” resulting in a double whammy for the victim.
- Fileless malware: Unlike usual malware that invades and infects devices or systems through files, fileless malware thrives by changing files, software and protocols native to the operating system to install and execute malicious activities. Fileless malware operates from a device’s memory instead of files, making them more challenging to detect as they piggyback on legitimate scripts while executing malicious attacks.
- Rootkits: These enable unauthorized access and control of your system without being detected. They can spread via malicious downloads and attachments, compromised shared devices or phishing.
- Mobile malware: As the name implies, this malware affects mobile devices; it can record texts and phone calls, impersonate common apps and steal credentials. It is often distributed through phishing and malicious downloads.
- Malvertising: Malicious advertising, or malvertising, uses online malicious advertisements to spread malware.
- Logic bombs: These malicious programs use a trigger to activate malicious code and harm the device. The trigger could be a specific date or time.
Protecting Against Malware
A layered approach with various security solutions and best practices is the best way to protect your data, devices and networks from malware attacks.
- Regularly backup data, air gap data and follow the 3-2-1 rule.
- Use strong passwords that change often.
- Implement two-factor authentication.
- Undergo security awareness training to help employees spot malware attacks.
- Have a robust incident response plan and disaster recovery plan.
- Install anti-virus and anti-malware software, and regularly update them.
- Avoid suspicious links, websites and emails.
- Limit local admin rights and use zero trust framework.
- Use caution when downloading files, opening attachments or installing software from unknown sources.
- Implement firewalls and email, web and spam filters.
- Avoid public networks and instead use encryption and VPNs.
- Test all systems and solutions to ensure they work properly
Thriveon Fights Malware
At Thriveon,our staff understands the importance of protecting your data, devices, systems and networks from malware. We offer managed IT and cybersecurity compliance services to help safeguard against cyber threats.
Schedule a meeting with our staff today to get started protecting your sensitive data.