Understanding malware and mitigating cyber risk

Malware attack: all you need to know

Definition: Malware

The term "Malware" is a contraction of "malicious" and "software", to designate a "malicious program".

Malware is a common name for any software or code that uses unauthorized and harmful actions onto your devices, operating systems, and your cybersecurity.

Malicious software encompasses many types of attacks such as spyware, ransomware, command and control, and many more. The most common way we are confronted with malware is typically viruses or worms.

The objectives of malware can be varied. The most widespread ones are: acquiring confidential and sensitive data such as financial, commercial, banking, political or intellectual property information, often for financial gain, or simply damaging your operating system just for fun.

‍

Different types of malicious software

There are several types of malware, below are described some of the most frequently encountered. Knowing and understanding the different types will help you prevent malware attacks and improve your cybersecurity.

● The Trojan Horse is inspired by Greek mythology. The legend goes that Odysseus' idea to hide Greek soldiers in a wooden horse covered with gold to take the city of Troy by the ruse.

In computing, the principle is the same. The malware disguises (exploiting social engineering) as a useful and secure program to convince the recipient to install it on his computer environment. You get Trojans horses by downloading them thinking you are downloading something else like an attachment of an email or software like a browser extension.

Once the program is downloaded, the cybercriminal can access confidential data contained in the computer or network, launch an attack, spy on activities or steal data.

Remote Access Trojan (RAT) is a popular Trojan attack that permits the attacker to control the victim’s device. RATs are popular because they are easy to create and spread. Millions of Trojans are created every month and the anti-malware writers are having a hard time fighting them.

● A computer Virus works as a real infectious agent. It is code that infects a software program.

“Virus” is the most common word known to the public when it comes to malware, but all malware are not viruses and that is a good thing since viruses are difficult to get rid of.

After a virus is activated, it will replicate and spread to files and programs on the victim’s device.

Viruses are hard to clean up because this must be done by a legitimate program and the result is often an elimination of the whole file since antivirus software has a hard time setting apart the virus from the actual file.

● Spyware does not spread from host to host like a virus. It spies on the user's web browsing, hidden in third-party software.

Spyware is often a program installed on your computer without you being aware of it. The program enables its user to monitor your activity, behaviour, data you send and receive from and on the device. The purpose of spyware is often to provide information to a third party. This kind of activity is often used in law enforcement.

The presence of spyware means there is a weakness in your security system and you should run a security check on your device/program to make sure not to let through other threats.

● Ransomware is the most financially profitable and popular type of malware. It takes hostage your personal data. The hackers will only agree to give it back to you unharmed if you pay a ransom, often in the form of cryptocurrency.

However, even though you agree upon the ransom, you can never be sure to get your data back.

To avoid ransomware, it is recommended to have an offline backup system for your most sensitive data.

● Malvertising is the use of real paid ads on real websites. These ads have either embedded malware or a code that will redirect you to a site or automatically download malware on the clicker’s device or network.

By using legitimate websites such as known streaming media services or newspapers, the victim clicks on the ad, with confidence that it is legitimate.

The goal of malvertising is to make money.

● Worms are standalones and probably the oldest malware we know. They work like viruses except that they do not need a host to infect a computer or network.

A worm installs and replicates without any user interaction to infect IT systems. Worms often find a weakness in automatic operating systems that are often invisible to the user.

When a worm infects a computer it searches through the network for other computers to connect to. A worm consumes a lot of system resources and may affect your server responding speed, for instance.

● Scareware is a scam preying on the fears of the Internet user. It scares them with fake alarming warning windows such as “warning you have a virus” popping up in the middle of the screen.

When you click on the fake warning, you are redirected to an infected web page. These unethical advertising practices are used to frighten users into purchasing or downloading rogue applications unknowingly.

● A botnet is defined as a network of infected/hijacked computers remotely controlled by a hacker, usually to launch group attacks for financial gain.

The botnets (the infected computers) will react to the malware depending on the command-and-control (C&C) server’s instructions.

● A Rootkit can be used to open a “backdoor” to enter a system without being noticed. The hacker can retrieve sensitive information remotely, such as passwords or bank details.

Rootkits conceal programs or files to help the attacker avoid detection and are efficient at subverting security software, which makes them hard to detect.

This malware can remain on your system for a long time and the only way to get rid of the rootkit is sometimes to delete and reinstall a new operating system on your computer.

Which companies are targeted with malware?

Most affected companies are the ones having vulnerabilities in their security system. Those are often SMBs that overlook cyber security when it comes to budget or SMBs thinking hackers are only interested in targeting bigger organizations.

Since SMBs are usually not experts in cyber attacks and do not really measure the importance of the information hackers obtain, they become easy targets for cybercriminals.

According to the National Crime Agency report, the financial attacks have become more advanced and less visible, affecting the banking systems.

Not only the traditional computer devices get attacked. Mobile devices and social media as a whole – a place designed as much for individuals as for companies– are getting more and more targeted. Cybercriminals are increasingly exploiting the environments of familiarity on social media platforms.

The consequences of a cyberattack on the company

Sometimes malware can cripple a company's entire local computer network. Bank of America still remembers the Slammer worm of 2003. The attack disrupted the internet in the entire United States, Australia, New Zealand, and South Korea. This uncontrollable malware forced banks to halt operations.

The theft of sensitive information such as financial data, banking data, confidential information of an innovation, or customer database causes significant losses.

It is also time-consuming to detect and clean up malware attacks which can turn to be crucial in terms of budget and reputation.

For example, a company that is a victim of a Trojan Horse, may not identify the threat right away. Meanwhile, its servers are sending spam to its customers. A poorly conducted cyber risk analysis may also scare potential investors off.

Malware attacks actually prove fatal for most SMBs. An IMB report points out that an insider-related cyber incident has an average cost of $7.68 for any SMBs. Also, the average downtime due to malware can go up to 48 hours.

‍