2020 witnessed an unprecedentedly high number of cybercrimes. The global pandemic has thrown organizations and entire industries into chaos, creating a perfect opportunity for malicious actors to exploit this sudden explosion of vulnerabilities. The number of malware cyberattacks increased by 358% compared to 2019!
Today, we will break down the concept of malware: what it is, what it does, what are the most commonly used types, and how to minimize the risk of a successful malware attack.
Malware: What it is
Definition of malware
Malware is malicious software designed to gain access or cause damage to a network or a system. Cybercriminals use malware to infect a system with different motivations: financial gain, espionage, or sabotage.
The first malware for PC dates back to 1986. Developed by two brothers in Pakistan, Basit and Amjad Farooq Alvi, the malware was transmitted via floppy disks. However, it did not cause any actual damage as the goal of the Farooq Alvi brothers was to prove that PCs did not offer a secure platform. In the last 35 years, malware has gone through multiple stages of evolution, but Stuxnet malware is commonly seen as taking malicious software to a whole new level. First uncovered in 2010 – though potentially in development for years before that – Stuxnet is a computer program that targets supervisory control and data acquisition systems. The program caused substantial damage to Iran’s nuclear program. The United States and Israel are believed to be behind the development and launch of Stuxnet, but neither country ever confirmed it.
Types of malware
The most common types of malware are:
- Virus: A virus inserts malicious code into clean code. It remains dormant until the program where the code is located gets executed. At this point, the virus gets activated and quickly spreads throughout the system. It can corrupt files and lock users out. Through your contact list, the virus will send out infected files to everyone on your list, spreading like wildfire.
- Worms: As the name suggests, worms crawl through a network, infecting one device after another. This type of malware can infect an entire network at lightning speed, replicating itself over and over again, corrupting or erasing files, stealing data, and installing additional vulnerabilities in your network that hackers can use at a later point.
- Trojan: Once again, the name says it all. A trojan enters a system by disguising itself as a trustworthy file. When users download a trojan, they give hackers a backdoor to their device, which can then be used to steal, corrupt, or erase data, gain access to the rest of the network, spy on users’ activities, etc.
- Ransomware: This type of malware denies users access to data by either locking them out or encrypting the files. Hackers demand a payment – a ransom – in return for a decryption key. Their common threat is to either make the data public, which is often private or sensitive in nature, or sell it on the dark web. Government agencies, healthcare providers, financial organizations, and educational institutions are some of the most common targets of ransomware.
- Spyware: You guessed it – spyware is a type of malware designed to spy on users. It secretly records users’ activities, be it their credit card information, usernames and passwords, browsing habits, and other sensitive data.
How malware spreads
Malware needs to be downloaded or installed onto a device. There are two main ways for cybercriminals to do so:
- They identify a vulnerability in a network and inject malware through it. Zero-day attacks are a common way of injecting malware into a network. An example of it is the SolarWinds attack in 2020. The attackers inserted a malicious code in the latest update of Orion – a network management software developed by SolarWinds. Once organizations installed the updates, the Sunburst (or Solorigate) malware got transmitted to their networks. As many as 18,000 organizations may have fallen victim to the attack.
- They use social engineering techniques to get users to download malware. Some of the most common methods of social engineering include phishing, baiting, vishing, scareware, and others. Attackers trick users into opening or downloading a piece of malware. For example, an attacker creates an email address that resembles that of a colleague, a bank, a supplier, etc. Users are asked to either download the attachment or click on a link, which leads to a website that invites to download malware, disguised as an anti-virus program, an invoice, and so on. Users may not know that they provided an entry point for days, weeks, or even months.
How to minimize the risk of malware attacks
A robust cybersecurity system is a combination of rigorous employee training, reliable monitoring and anti-malware solutions, and round-the-clock vigilance.
- Educate your employees on the dangers of social engineering as well as the ways in which their online behavior could lead to security breaches.
- Have a strong system and hierarchy of user access. Be very cautious about who you give administrative rights to as those users have the highest level of access to your network.
- Install powerful anti-virus and anti-malware software and keep it up to date. Such software is now often classified as “endpoint security” – an approach to the security of computer networks that are remotely bridged to client devices. They are being increasingly encompassed by endpoint detection and response solutions, which, in addition to covering both functions, also detect host intrusions, set up personal firewalls, and more.
- Regularly audit your system for vulnerabilities.
- Encrypt your data. Furthermore, develop and implement a data security policy. When approached systematically, it will allow you to identify the types of data your organization stores, whether that data should be stored, which staff members should have which type of access level, evaluate which specific data requires encryption, and implement measures to wipe specific records clean in compliance with relevant regulations – the GDPR, for example.
- Consider switching data storage from locally, on your systems, to securely in the cloud.
- Regularly conduct sensitive data scans to ensure that PII is not being stored in a non-compliant manner.
- Use monitoring solutions to regularly check whether your organization’s credentials are spotted on any marketplaces.
- Deploy file integrity monitoring and change detection solutions, which will constantly monitor your files for any changes, helping you identify files that may have been corrupted or otherwise tampered with.
- Design a strong backup system. Offline backups that are disconnected from your network are the safest way to maintain access to data and not risk having it accessed by attackers. Depending on the size of your data, though, offline backup may not always be a feasible option.
- Set up security information and event management (SIEM) and security orchestration automation and response (SOAR) systems, which will alert of verified threats and automatically trigger response actions.
- Make sure to have a security operations center (SOC) or an MDR team in place that will respond swiftly and effectively to incoming threats.
- Purchase cyber insurance, which will cover your organization’s liability in the event of a data breach.