Malware discussion typically encompasses three main aspects:
Here’s a breakdown of some of the objectives and delivery mechanisms observed in malware. ObjectivesMalware is created with an objective in mind. While it could be said that the objective is “limited only to the imagination of its creator,” this will focus on some of the most common objectives observed in malware. Exfiltrate Information Stealing data, credentials, payment information, etc. is a recurring theme in the realm of cybercrime. Malware focused on this type of theft can be extremely costly to a person, company, or government target that falls victim. Disrupt Operations Actively working to “cause problems” for a target’s operation is another objective seen in malware. From a virus on a single computer corrupting critical OS files (making that one system unusable) to an orchestrated, physical self-destruction of many systems in an installation, the level of “disruption” can vary. And there’s also the scenario where infected systems are directed to carry out large-scale distributed denial of service (DDOS) attacks. Demand Payment Some malware is focused on directly extorting money from the target. Scareware uses empty threats (ones which are unsubstantiated and/or couldn’t actually be carried out) to “scare” the target into paying some money. Ransomware is a type of malware that attempts to prevent a target from accessing their data (usually by encrypting files on the target) until the target “pays up.” While there is debate over whether victims of ransomware should or should not pay, it has become enough of a threat that some companies have preemptively purchased Bitcoin just in case they get hit with ransomware and decide to pay the ransom. Types of malware attack vectorsThere are three main types of malware attack vectors:
Over the years, malware has been observed to use a variety of different delivery mechanisms, or attack vectors. While a few are admittedly academic, many attack vectors are effective at compromising their targets. These attack vectors generally occur over electronic communications such as email, text, vulnerable network service, or compromised website, malware delivery can also be achieved via physical media (e.g. USB thumb drive, CD/DVD, etc.). Best practices against malware attacksThe following best practices can help prevent a malware attack from succeeding and/or mitigate the damage done by a malware attack. Continuous User Education Training users on best practices for avoiding malware (i.e. don’t download and run unknown software, don’t blindly insert “found media” into your computer), as well as how to identify potential malware (i.e. phishing emails, unexpected applications/processes running on a system) can go a long way in protecting an organization. Periodic, unannounced exercises, such as intentional phishing campaigns, can help keep users aware and observant. Learn more about security awareness training. Use Reputable A/V Software When installed, a suitable A/V solution will detect (and remove) any existing malware on a system, as well as monitor for and mitigate potential malware installation or activity while the system is running. It’ll be important to keep it up-to-date with the vendor’s latest definitions/signatures. Ensure Your Network is Secure Controlling access to systems on your organization’s network is a great idea for many reasons. Use of proven technology and methodologies—such as using a firewall, IPS, IDS, and remote access only through VPN—will help minimize the attack “surface” your organization exposes. Physical system isolation is usually considered an extreme measure for most organizations, and is still vulnerable to some attack vectors. Perform Regular Website Security Audits Scanning your organization’s websites regularly for vulnerabilities (i.e. software with known bugs, server/service/application misconfiguration) and to detect if known malware has been installed can keep your organization secure, protect your users, and protect customers and visitors for public-facing sites. Create Regular, Verified Backups Having a regular (i.e. current and automated) offline backup can be the difference between smoothly recovering from a destructive virus or ransomware attack and stressful, frantic scrambling with costly downtime/data-loss. The key here is to actually have regular backups that are verified to be happening on the expected regular basis and are usable for restore operations. Old, outdated backups are less valuable than recent ones, and backups that don’t restore properly are of no value. In summaryMalware takes on many different forms and attacks in different ways. But with some thoughtful preparation and process improvements, as well as ongoing user education, your organization can gain-and-maintain a solid security stance against malware attacks.
Man-in-the-Middle (MITM) Attacks Denial-of-Service Attacks
Malware is a catch-all term for any type of malicious software designed to harm or exploit any programmable device, service or network. Cybercriminals typically use it to extract data that they can leverage over victims for financial gain. That data can range from financial data, to healthcare records, to personal emails and passwords—the possibilities of what sort of information can be compromised have become endless.
Malware encompasses all types of malicious software, including viruses, and cybercriminals use it for many reasons, such as: Tricking a victim into providing personal data for identity theft Stealing consumer credit card data or other financial data Assuming control of multiple computers to launch denial-of-service attacks against other networks Infecting computers and using them to mine bitcoin or other cryptocurrencies
Since its birth more than 30 years ago, malware has found several methods of attack. They include email attachments, malicious advertisements on popular sites (malvertising), fake software installations, infected USB drives, infected apps, phishing emails and even text messages.
Viruses A virus usually comes as an attachment in an email that holds a virus payload, or the part of the malware that performs the malicious action. Once the victim opens the file, the device is infected.
Ransomware One of the most profitable, and therefore one of the most popular, types of malware amongst cybercriminals is ransomware. This malware installs itself onto a victim’s machine, encrypts their files, and then turns around and demands a ransom (usually in Bitcoin) to return that data to the user.
Scareware Cybercriminals scare us into thinking that our computers or smartphones have become infected to convince victims to purchase a fake application. In a typical scareware scam, you might see an alarming message while browsing the Web that says “Warning: Your computer is infected!” or “You have a virus!” Cybercriminals use these programs and unethical advertising practices to frighten users into purchasing rogue applications.
Worms Worms have the ability to copy themselves from machine to machine, usually by exploiting some sort of security weakness in a software or operating system and don’t require user interaction to function.
Spyware Spyware is a program installed on your computer, usually without your explicit knowledge, that captures and transmits personal information or Internet browsing habits and details to its user. Spyware enables its users to monitor all forms of communications on the targeted device. Spyware is often used by law enforcement, government agencies and information security organizations to test and monitor communications in a sensitive environment or in an investigation. But spyware is also available to consumers, allowing purchasers to spy on their spouse, children and employees.
Trojans Trojans masquerade as harmless applications, tricking users into downloading and using them. Once up and running, they then can steal personal data, crash a device, spy on activities or even launch an attack.
Adware Adware programs push unwanted advertisements at users and typically display blinking advertisements or pop-up windows when you perform a certain action. Adware programs are often installed in exchange for another service, such as the right to use a program without paying for it.
Fileless malware Fileless malware is a type of malicious software that uses legitimate programs to infect a computer. Fileless malware registry attacks leave no malware files to scan and no malicious processes to detect. It does not rely on files and leaves no footprint, making it challenging to detect and remove.
The most common signs that your computer has been compromised by malware are: Slow computer performance Browser redirects, or when your web browser takes you to sites you did not intend to visit Infection warnings, frequently accompanied by solicitations to buy something to fix them Problems shutting down or starting up your computer Frequent pop-up ads The more of these common symptoms you see, the higher the likelihood your computer has a malware infection. Browser redirects and large numbers of pop-up warnings claiming you have a virus are the strongest indicators that your computer has been compromised.
Even though there are a lot of types of malware out there, the good news is, there are just as many ways to protect yourself from malware. Check out these top tips:
Protect your devices
Be careful online
Pay attention to downloads and other software purchases
Perform regular checks
With these tips and some reliable security software, you’ll be well on your way to protecting your data and devices from all kinds of malware.
* Important Terms and Offer Details:
Subscription, Free Trial, Pricing and Automatic Renewal Terms: Subscription, Free Trial, Pricing and Automatic Renewal Terms:
**Free Benefits With Auto-Renewal: **Free Benefits With Auto-Renewal:
‡Additional Terms Specific to Identity Monitoring Service: ‡Additional Terms Specific to Identity Monitoring Service:
United States / English Copyright © 2022 McAfee, LLC |