Cybercriminals are nothing if not creative. Unlike most IT administrators, cybercriminals are willing to think outside the proverbial “box.” The fact that social engineering tactics so often work is a testament to the level of personalization underlying their highly targeted attacks. For example, as people prepare their tax returns, a malicious group targeted taxpayers, sending them phishing messages containing a document attachment that deploys NetWire and Remcos Remote Access trojans through macros. The phishing emails include attachments that appear to be tax-related, like those that would be sent from legitimate institutions.
You will find a news alert like this one on a weekly – nay, daily – basis! That’s because trojans account for 58% of all malware. Given that 72% of cyber breaches in 2020 involved prominent business victims and that every fourth breach (27%) involved ransomware, your organization must have a bullet-proof cybersecurity system in place to protect it against trojans.
So that will be the topic of the day – trojans: what exactly they are, and what measures you need to make sure your IT department puts in place to safeguard your system against them.
What’s a trojan?
A trojan is a type of malware. The goal of a trojan is to gain unauthorized system access to steal, corrupt, or erase data, or spy on users. Trojan malware is usually disguised as legitimate software and is often downloaded unintentionally because the target believes it to be genuine.
Types of trojan malware
Within the trojan category of malware, different sub-categories are based on the type of action they perform on an infected device. These sub-categories include:
- Backdoor trojan: This type of trojan gives cybercriminals the ability to remotely control an infected device, specifically sending and exfiltrating data.
- Dropper trojan: To avoid detection by anti-malware/anti-virus solutions, hackers often employ a dropper trojan, which covertly installs a piece of malware.
- Exploit trojan: This trojan aims to identify and exploit a vulnerability within applications on an infected device.
- DDoS attack trojan: Distributed Denial of Service is a common attack tactic. The goal is to disrupt a network by flooding it with traffic. A trojan can be used as a tool to execute this type of attack.
- Downloader trojan: This type of trojan is installed on devices that are already infected with malware. The goal is to continuously download and install new versions of the trojan onto the infected machines.
- Fake AV trojan: This trojan is designed to look like anti-virus software. It requests money from users to remove non-existent threats from a system.
- Loader trojan: This type of trojan adds a missing piece of code that activates a virus on an already infected device.
- Mailfinder trojan: Users’ address books are the main target of this trojan. It scans devices for email addresses stored on them and steals that information.
- Ransom trojan: This trojan corrupts or steals data and offers to restore it for a ransom payment.
- Remote-access trojan: Also known as a RAT, this trojan is similar to the backdoor trojan but has capabilities beyond sending and exfiltrating data, giving cybercriminals complete control of the infected device.
- Rootkit trojan: This is a stealth trojan. This malware aims to hide objects and activities in the infected system so that it can remain undetected.
- SMS trojan: This trojan targets mobile devices. Once a device is successfully infected, hackers can send messages to various numbers, driving up this user’s bills.
- Gamethief/banker/IM stealer trojan: The goal of this trojan is to steal users’ gaming, banking, or IM account information, respectively.
How does a trojan gain access to a system?
There are various ways for cybercriminals to attempt to deploy trojan malware on users’ devices.
Social engineering remains one of the most common strategies. Whether it’s sent as an email attachment or a spoofed message, social engineering tactics have cost businesses and government institutions billions of dollars in losses.
File-sharing sites also pose the danger of getting a device infected with a trojan. For example, many torrent websites are incredibly unsafe and should not be used without solid cybersecurity measures in place.
Unsecure websites can easily get hijacked by cybercriminals. In this case, an unsuspecting user enters a website but is automatically redirected to the hacker’s website, where trojans are sitting on the hacker’s servers, waiting to be downloaded.
Finally, Wi-Fi hacking can be easily used by a malicious actor to deploy a trojan. By connecting to an unknown free network, users provide cybercriminals with access to every bit of communication between their device and the router.
How can you protect your organization from trojan malware?
A robust cybersecurity system combines rigorous employee training and reliable endpoint monitoring, including anti-malware solutions and around-the-clock threat detection and response.
- Educate your employees on the dangers of social engineering and how their online behavior could lead to security breaches.
- Have a robust system and hierarchy of user access. Be very cautious about whom you give administrative rights to as those users have the highest level of access to your network.
- Install powerful anti-virus and anti-malware software and keep it up to date. Such software is now often classified as “endpoint security” – an approach to the security of computer networks that are remotely bridged to client devices. They are increasingly encompassed by endpoint detection and response solutions, which cover both functions, detect host intrusions, set up personal firewalls, and more.
- Regularly audit your system for vulnerabilities.
- Encrypt your data. Furthermore, develop and implement a data security policy. When approached systematically, it will allow you to identify the types of data your organization stores, whether that data should be stored, which staff members should have which kind of access level, evaluate which specific data requires encryption, and implement measures to wipe records clean in compliance with relevant regulations – the GDPR, for example.
- Consider switching data storage from locally, on your systems, to securely in the cloud.
- Regularly conduct sensitive data scans to ensure that PII is not being stored in a non-compliant manner.
- Use monitoring solutions to check periodically whether your organization’s credentials are spotted on any marketplaces.
- Deploy file integrity monitoring and change detection solutions, which will constantly monitor your files for any changes, helping you identify files that may have been corrupted or otherwise compromised.
- Design a robust backup system. Offline backups disconnected from your network are the safest way to maintain access to data and not risk having it accessed by attackers. Depending on the size of your data, though, offline backup may not always be a feasible option. In this regard, an intelligent network design can pay serious dividends.
- Set up security information and event management (SIEM) and security orchestration automation and response (SOAR) systems, alerting verified threats and automatically triggering response actions.
- Ensure to have a security operations center (SOC) or an MDR team in place that will respond swiftly and effectively to incoming threats.
- Purchase cyber insurance, which will cover your organization’s liability in the event of a data breach.