Cybersecurity is paramount to businesses protecting their data from cyber criminals. Malicious software, or malware, poses a significant threat to companies, as it comes in various forms. No matter the type, the overall goal of malware is to cause harm, though that could mean exploiting vulnerabilities, compromising the integrity, confidentiality and availability of sensitive data, spreading more malware and damaging or disabling devices, systems and networks.
To best defend against malware, knowing the different types and how to prevent them is important.
Ransomware is the most notable type of malware. This extortion software encrypts data or restricts user access to a device or system until a ransom (sometimes a cryptocurrency like Bitcoin) is paid. Once the files are corrupted, it’s impossible to recover them without a decryption key. However, there is no guarantee that once you pay the cyber criminal, they will give you the key.
Ransomware is usually delivered through malicious links in phishing emails or on a fake website. Some hackers will threaten to release the selected materials on the dark web unless they’re paid. This type of malware can paralyze businesses and cause financial and operational damage and downtime until the files are restored.
Some examples of ransomware include the JBS attack, the Kaseya attack, the WannaCry incident, RYUK, Locky, the RobbinHood attack and the CryptoLocker attack.
Viruses are among the oldest and most well-known forms of malware. This self-replicating malicious code attaches itself to programs or files, waits until the victim accidentally activates it and then spreads to other devices while deleting or corrupting data. Viruses spread uncontrollably by continuously self-replicating, slowing down devices and causing significant operational damage. They often appear as downloadable email or internet files and rely on social engineering or vulnerabilities. However, viruses cannot reproduce until activated.
There are several types of viruses: macro viruses, file infectors, system or boot-record infectors, overwrite viruses, stealth viruses, polymorphic viruses and resident viruses.
Spyware is designed to gather confidential data about a victim’s activity and send it to the hacker without the victim’s knowledge to consent. The stolen information can include credentials, banking details, browsing habits, keystrokes or personally identifiable information (PII). Spyware operates in the background of a computer or phone, making it hard to detect, and it’s usually installed on the device through social engineering or vulnerability exploitations.
A sub-type of spyware is adware, which tracks a user’s online activity to determine which advertisements, pop-ups or banners to show on the device. It can also collect data and sell it to advertisers. Adware impacts the user’s device and degrades their experience by slowing down the IT system, displaying unwanted ads or directing the user to potentially harmful websites. Ad blockers are a great tool for thwarting adware.
Another spyware sub-type is keyloggers or keylogging, which monitors and logs user activity, specifically in your keystrokes. Though businesses can use keylogging to track employee activity or parents can use it to track their child’s online behavior, in the hands of cyber criminals, it can be used to steal login credentials, banking information and other sensitive information.
Examples of spyware include DarkHotel, CoolWebSearch and Pegasus.
Named after the Greek ploy, this malware involves a seemingly legitimate software, program or file disguising hidden malicious code that’s activated once the program is used. Trojan horses are usually hidden in an email attachment, a downloadable file or a message.
Once opened, they create security backdoors that collect sensitive user data, allow unauthorized system access, install more malware or delete, modify and steal data, making them hard to detect and extremely damaging to devices or systems. Like viruses, they require action to be deployed, but unlike other malware, Trojans don’t self-replicate.
Examples are Emotet, TrickBot, ZeuS/Zbot and FluBot.
Like viruses, this malicious code self-replicates to attack other hosts, inject more malware and consume data and resources. However, this standalone program doesn’t need a host program or user interaction to create copies of itself; they exploit vulnerabilities to gain access and spread.
Once inside, worms can cause widespread damage by consuming network bandwidth and causing significant system disruption. They can also execute payloads to delete, steal or encrypt files and data. They typically move from one computer to the next by sending a copy of themselves via an infected computer’s network connection, email or messages.
Examples include ILOVEYOU, SQL Slammer, Stuxnet, Morris and Mydoom.
A botnet (short for robot network) is when a bot herder remotely uses a network of bots, or computers infected with malware (Trojans, viruses, worms), and can be remotely controlled to launch attacks to crash a clean network, perform more malicious activities, generate fraudulent revenue or harvest credentials.
These infected computers are usually located in different geographical locations, making them hard to trace. They use their combined power and resources to magnify their malicious attacks. They’re often used in Distributed Denial of Service attacks or large-scale automated attacks.
Though we have covered the six main types of malware, there are some other types you should know:
A layered approach with various security solutions and best practices is the best way to protect your data, devices and networks from malware attacks.
At Thriveon,our staff understands the importance of protecting your data, devices, systems and networks from malware. We offer managed IT and cybersecurity compliance services to help safeguard against cyber threats.
Schedule a meeting with our staff today to get started protecting your sensitive data.