Malware is code that is designed to maliciously disrupt the normal operation of — or cause harm to — a network or user’s computer, phone, tablet, or other device. There is a wide range of different malware categories, including but not limited to worms, trojans, spyware, and keyloggers. These terms are often used interchangeably, and a growing number of malware variants now incorporate a blend of different techniques.
The vast majority of today’s malware is focused on making money for the malware authors.1 This is typically done by stealing confidential data such as usernames, passwords, credit card details, or other financial particulars. This sensitive information is then used to launch further attacks on individuals and businesses or is sold to other malicious actors. Ransomware and cryptojacking are increasingly being used to monetize malware. The former is a type of malware that locks a device and requires payment to regain access to files, and the latter installs malware that steals a device’s processing power to mine for cryptocurrencies such as Bitcoin, Monero, or Ethereum.
It is estimated that 350,000 new variants of malware are discovered every day.
Malware is designed to bypass security systems and avoid detection, making it extremely difficult for security teams to ensure that users and the wider business are not adversely impacted. Malware authors implement a variety of methods to achieve this circumvention, including using obscure filenames, modifying file attributes, mimicking legitimate program operations, and hiding processes and network connections. These obfuscation and evasion techniques are helped along by the sheer volume of emerging malware; it is estimated that 350,000 new variants are discovered every day.2
How is Malware Distributed?
There are a number of different ways that malware is distributed, resulting in infected devices. These include:
- A malicious file attached to a phishing email – The email will likely use social engineering techniques to encourage the recipient to open the attachment. Once opened, the malware code is delivered.
- A malicious URL link in the body of an email – The email will likely use social engineering techniques to encourage the recipient to click on the link. Once clicked, the URL navigates to a web page that is a malware drop site.
- A drive-by download – Malware code will be delivered when the user either lands on a malware drop site directly or is redirected to such a page via a malicious advert (malvertising).
- An infected USB device.
- Direct network intrusion through exploitation of open ports on perimeter firewalls.
- A vulnerability in the device’s operating system or installed applications – Take, for example, an old, outdated, or misconfigured Flash plugin on a user’s browser. Compromised websites can be designed to scan a user’s device for such a vulnerability as soon as an individual lands on that page. The malware on said page identifies what vulnerabilities can be leveraged and then delivers specific malware code to exploit the found vulnerability.
Low Barriers to Entry
Up until a few years ago, a cybercriminal needed to have a decent understanding of software engineering, security, and networking to launch a malware attack. But an entire ecosystem has developed that enables malicious actors to build, deploy, and monetize malware. In fact, malware-as-a-service (MaaS) and ransomware-as-a-service (RaaS) are readily available, relatively cheap to purchase and download, and openly advertised.3
Types of Malware
Spyware: Tracks browsing activities and gathers information about a person or organization. Covertly sends this information to another entity for further malicious use or asserts control over a device, unbeknownst to the user.
Keylogger: Records keystrokes made by a user to extract usernames, passwords, and other sensitive information. This information is often used by cybercriminals for further malicious activity.
Trojan: Disguised as legitimate software to spy on or gain access to the user’s system to steal, delete, block, or modify data, as well as to disrupt device or network performance. There are many types of Trojans, including a backdoor Trojan that gives cybercriminals complete remote control of an infected device, a Trojan-DDoS that incorporates a device into a botnet then used to launch denial-of-service attacks, and an email Trojan that allows a device to be used to launch spam email attacks.4
Worm: Replicates itself from one device, drive, or network to another through network connections. Worms spread automatically, unassisted by human initiation, and self-replicate, consuming bandwidth and overloading web servers.5
Rootkit: Designed to take remote administrative control of a device. Once installed, the malicious actors behind the rootkit can track everything done on the device, run files, install programs and additional malware, and modify software — including anti-virus programs. Rootkits are notoriously difficult to detect and remove.6
Ransomware: Encrypts the files on a user’s device or a network’s storage devices. To restore access to the encrypted files, the user must pay a “ransom” to cybercriminals, typically through a tough-to-trace electronic payment method such as Bitcoin.
Reducing the Risk of Malware Impacting Your Business
Educate the weakest link. The vast majority of malware requires someone to take action to activate the payload. Educating employees about how to recognize and defend against cyber attacks is vital. Many attacks will use email and social engineering techniques to trick the employee into downloading malware or divulging their username and password. As such, training should focus on these common attack vectors. Exercises where employees are sent faux “phishing” emails are effective in coaching users to distinguish between a genuine supplier communication and a phishing email with the subject line “Invoice Attached – please open.”
Patch, patch, patch. Then patch again. As demonstrated by the 2018 Spectre and Meltdown kernel-memory vulnerabilities, as well as the Drupal CMS vulnerability, failing to implement a rigorous approach to patching known security vulnerabilities can leave an enterprise exposed. Even months after the Drupal vulnerability was reported, over 115,000 servers were still running an outdated version of the platform.7 It’s relatively simple for cybercriminals to identify unpatched devices and software on an enterprise’s network, and once identified, to take advantage of known vulnerabilities.
Months after the vulnerability was made public, over 115,000 servers remained unpatched and exposed to attacks.
Back up your data, and back up your backup. To some, this may sound obvious, but malware can encrypt backups stored on network servers. As a result, enterprises need to review their current approach to backups. Are employees backing up important files to a network drive? Are the backups from these devices and the file servers then backed up to a cloud backup service? Are you testing that the backups can be restored? That way, if malware encrypts all local files and backups, an enterprise can still restore them quickly with minimal impact to the business.
Relying on a single layer of security against this evolving barrage is not best practice.
Make it harder for the bad guys — have multiple layers of defense. Cybercriminals spend huge amounts of time and money developing ever-more sophisticated forms of advanced malware that are designed to bypass a company’s security defenses. Relying on a single layer of security against this evolving barrage is not best practice. Utilizing multiple security layers means that if one layer does not block an attack, you have additional overlays that can mitigate the threat. So, what layers of security defense does your company currently have in place? Do you have different security solutions to help mitigate risk during all stages of an attack? Are there current gaps in your security that malicious actors can exploit?
Did you know?
60% of spoofed email attacks do not include a malicious link or attachment? When crafted well, most users are likely to fall victim to a highly targeted phishing attack. Many of your users think they are safe as long as they don’t click on something in an email, but through the use of a social engineering tactic called “pretexting”, the bad guys establish trust with your key users by pretending to be someone they know in order to carry out a damaging attack. These types of attacks usually do not have links or attachments and simply trick your users into replying to the email and performing actions that lead to monetary or data loss for your organization. With our security awareness training platform you can identify how many users take the bait before the bad guys do and train users to protect the business network and themselves.
How do I protect my data?
Having a reliable, secure, local, & cloud backup is one of the most critical and cost-effective strategies for any business. Anti-virus isn’t bulletproof and business users makes mistakes; ultimately costing time and money while services are restored. Is all your data backed up? How often and where? What is the plan if the local backup fails? Are your cloud backups secured with AES 256-bit encryption? These are critical questions in every business model and could make a potentially costly difference in getting back to business as usual. Raptor IT Consultants gives Sacramento business owners piece of mind with a comprehensive disaster recovery plan, designed by experienced IT support professionals to mitigate downtime.
Call the experts
Offering a one stop technology approach towards managed IT services and support for any organization; our goal is creating sustainable, efficient networks that are scaleable and adaptive towards your business needs. Let us mitigate your cost through proactive maintenance and by tailoring our services to evolve with your business needs. Our dedicated IT support experts leverage the latest technology to deliver the performance our customers demand! Call us for free to learn how your business can save time and money with our comprehensive managed IT service and support strategies. Call 916-542-1566 to speak with an expert.