Malware attack: all you need to know
The term "Malware" is a contraction of "malicious" and "software", to designate a "malicious program".
Malware is a common name for any software or code that uses unauthorized and harmful actions onto your devices, operating systems, and your cybersecurity.
Malicious software encompasses many types of attacks such as spyware, ransomware, command and control, and many more. The most common way we are confronted with malware is typically viruses or worms.
The objectives of malware can be varied. The most widespread ones are: acquiring confidential and sensitive data such as financial, commercial, banking, political or intellectual property information, often for financial gain, or simply damaging your operating system just for fun.
Different types of malicious software
There are several types of malware, below are described some of the most frequently encountered. Knowing and understanding the different types will help you prevent malware attacks and improve your cybersecurity.
● The Trojan Horse is inspired by Greek mythology. The legend goes that Odysseus' idea to hide Greek soldiers in a wooden horse covered with gold to take the city of Troy by the ruse.
In computing, the principle is the same. The malware disguises (exploiting social engineering) as a useful and secure program to convince the recipient to install it on his computer environment. You get Trojans horses by downloading them thinking you are downloading something else like an attachment of an email or software like a browser extension.
Once the program is downloaded, the cybercriminal can access confidential data contained in the computer or network, launch an attack, spy on activities or steal data.
Remote Access Trojan (RAT) is a popular Trojan attack that permits the attacker to control the victim’s device. RATs are popular because they are easy to create and spread. Millions of Trojans are created every month and the anti-malware writers are having a hard time fighting them.
● A computer Virus works as a real infectious agent. It is code that infects a software program.
“Virus” is the most common word known to the public when it comes to malware, but all malware are not viruses and that is a good thing since viruses are difficult to get rid of.
After a virus is activated, it will replicate and spread to files and programs on the victim’s device.
Viruses are hard to clean up because this must be done by a legitimate program and the result is often an elimination of the whole file since antivirus software has a hard time setting apart the virus from the actual file.
● Spyware does not spread from host to host like a virus. It spies on the user's web browsing, hidden in third-party software.
Spyware is often a program installed on your computer without you being aware of it. The program enables its user to monitor your activity, behaviour, data you send and receive from and on the device. The purpose of spyware is often to provide information to a third party. This kind of activity is often used in law enforcement.
The presence of spyware means there is a weakness in your security system and you should run a security check on your device/program to make sure not to let through other threats.
● Ransomware is the most financially profitable and popular type of malware. It takes hostage your personal data. The hackers will only agree to give it back to you unharmed if you pay a ransom, often in the form of cryptocurrency.
However, even though you agree upon the ransom, you can never be sure to get your data back.
To avoid ransomware, it is recommended to have an offline backup system for your most sensitive data.
● Malvertising is the use of real paid ads on real websites. These ads have either embedded malware or a code that will redirect you to a site or automatically download malware on the clicker’s device or network.
By using legitimate websites such as known streaming media services or newspapers, the victim clicks on the ad, with confidence that it is legitimate.
The goal of malvertising is to make money.
● Worms are standalones and probably the oldest malware we know. They work like viruses except that they do not need a host to infect a computer or network.
A worm installs and replicates without any user interaction to infect IT systems. Worms often find a weakness in automatic operating systems that are often invisible to the user.
When a worm infects a computer it searches through the network for other computers to connect to. A worm consumes a lot of system resources and may affect your server responding speed, for instance.
● Scareware is a scam preying on the fears of the Internet user. It scares them with fake alarming warning windows such as “warning you have a virus” popping up in the middle of the screen.
When you click on the fake warning, you are redirected to an infected web page. These unethical advertising practices are used to frighten users into purchasing or downloading rogue applications unknowingly.
● A botnet is defined as a network of infected/hijacked computers remotely controlled by a hacker, usually to launch group attacks for financial gain.
The botnets (the infected computers) will react to the malware depending on the command-and-control (C&C) server’s instructions.
● A Rootkit can be used to open a “backdoor” to enter a system without being noticed. The hacker can retrieve sensitive information remotely, such as passwords or bank details.
Rootkits conceal programs or files to help the attacker avoid detection and are efficient at subverting security software, which makes them hard to detect.
This malware can remain on your system for a long time and the only way to get rid of the rootkit is sometimes to delete and reinstall a new operating system on your computer.
Which companies are targeted with malware?
Most affected companies are the ones having vulnerabilities in their security system. Those are often SMBs that overlook cyber security when it comes to budget or SMBs thinking hackers are only interested in targeting bigger organizations.
Since SMBs are usually not experts in cyber attacks and do not really measure the importance of the information hackers obtain, they become easy targets for cybercriminals.
According to the National Crime Agency report, the financial attacks have become more advanced and less visible, affecting the banking systems.
Not only the traditional computer devices get attacked. Mobile devices and social media as a whole – a place designed as much for individuals as for companies– are getting more and more targeted. Cybercriminals are increasingly exploiting the environments of familiarity on social media platforms.
The consequences of a cyberattack on the company
Sometimes malware can cripple a company's entire local computer network. Bank of America still remembers the Slammer worm of 2003. The attack disrupted the internet in the entire United States, Australia, New Zealand, and South Korea. This uncontrollable malware forced banks to halt operations.
The theft of sensitive information such as financial data, banking data, confidential information of an innovation, or customer database causes significant losses.
It is also time-consuming to detect and clean up malware attacks which can turn to be crucial in terms of budget and reputation.
For example, a company that is a victim of a Trojan Horse, may not identify the threat right away. Meanwhile, its servers are sending spam to its customers. A poorly conducted cyber risk analysis may also scare potential investors off.
Malware attacks actually prove fatal for most SMBs. An IMB report points out that an insider-related cyber incident has an average cost of $7.68 for any SMBs. Also, the average downtime due to malware can go up to 48 hours.
Transform how you model, measure, and manage cyber risk.
Don't wait for the inevitable cyber incident. Build a resilient, risk-based cybersecurity program with CRQ.
How to protect yourself from malware attacks?
Protecting yourself from malware means understanding it, first of all, but it also means adopting safe online behaviour.
In addition, you need to learn how to tell when malware is on the verge of being installed, and you need to set up functional cyber security measures.
Behaviours to adopt for safe navigation
Unfortunately, there is no way to completely protect your organization from malware. However, there are multiple processes you can implement to ensure cybersecurity.
1/ User education
You need to educate and keep your staff up to date regarding security systems. Providing training on different malware and implementing malware awareness campaigns can help your staff be ready for different types of cyber attacks.
Make sure that you train your staff to avoid:
- downloading free software, which usually has to be paid for;
- using simplistic passwords;
- using public or unknown WiFi networks to connect their work computer;
- clicking on pop-up windows claiming to have found a virus on their computer;
- opening emails or even attachments from unknown senders;
- browsing web pages with incomprehensible URLs.
2/ Create backups
Make sure that you have a verified offline backup system for your most important files, use different locations and solutions from your main system. Check your backups periodically and run authorized malware detectors for your files.
3/ Keep your software updated
Software updates fix and remove bugs and repair security vulnerabilities, therefore it is important to always do your software updates on time and follow recommendations from your IT team.
4/ Secure your network
Use verified security technologies such as antivirus, firewall, IDS, IPS to secure your network. These programs are regularly updated and ready for new malwares. They periodically scan your device to detect and defeat any threat stocked on your device or network.
5/ Website security audits
Scan your organization’s websites for any sensitivity in your cyber security. Doing this regularly can help you handle the problem on time and keep your organization safe.
Signs of rogue malware in action
In the event that, despite your precautions, your company has been exposed to cyber risk, there are certain clues that can reveal it:
- files appear in places you don't remember saving them;
- your mouse is playing tricks on you;
- your computer is slowing down for no obvious reason;
- your online accounts are reporting access attempts;
- your online access has been reset;
- passwords and logins no longer work;
- something is redirecting your internet searches;
- unwanted tabs or windows appear while you are browsing the Internet.
If your organization has been infected with malware you need to limit the threat of further infection as soon as possible.
Be reactive, immediately disconnect all the devices (computer, laptop, mobile phones, tablets…) from the network connection (wifi, operational systems, etc.), reset passwords, do not restore from backups before running a scanning program.
In general, strictly follow advice from your IT departments in the event of an attack. Also, do not hesitate to ask questions to the specialist in case of doubts, your actions after the attack can also be crucial.
FAQ : malware attack
What are the different types of malware?
Malware covers a variety of malicious software, including viruses, worms, trojans, spyware, botnets, rootkits that operate through "backdoors" and "ransomware"
How to detect malware?
To identify a malicious program, you should be alert to signs of a cybersecurity problem, such as abnormally slow computer performances or password problems. If you have antivirus software, a full scan is necessary to reveal hidden malware.
How to remove malware?
On a computer, detected malware can be easily removed from your cybersecurity software. On a mobile device, the priority is to remove the suspicious application.
We build scalable solutions to quantify cyber risk in financial terms so organizations can make informed decisions to improve governance and resilience.