Malware, which stands for “malicious software,” is computer code that is intended to harm or exploit any programmable device, server, or network.
Malware’s malicious intent can take many forms, including denying access, destroying or stealing data, stealing money, hijacking computer resources, spreading false information, spreading malware, and a variety of other harmful actions.
Money, spying or stealing secrets, or causing harm to a competitor or adversary could all be reasons for cybercriminals to spread malware.
Malware is a large and growing part of the cybercrime industry, with millions of programmable devices now connected to the internet. In September 2018, Security Labs Global Threat Intelligence identified over 41 million new malware samples, a slight 5 percent decrease from the previous quarter.
Over the last four quarters, the total number of malware samples has increased by 34% to over 774 million. Check out our malware infographic for a more in-depth look at this Global Threat Intelligence report.
Malware is distributed by cybercriminals in a variety of ways:
- They infect a well-known website, which then spreads the malware to website visitors.
- They send malware disguised as a legitimate file attached to emails.
- They infiltrate trusted applications and tools with malicious code, such as programming utilities and software updates.
Five Categories of Malware Attacks
Based on the goal of the attacker, malware attacks are classified into one of five categories:
Spyware and Adware
Adware gathers information about a user’s browsing habits and displays pop-up advertisements to them. Pornware is a type of adware that downloads pornographic images and advertisements to a computer and may dial pornographic talk services automatically. Spyware also gathers data, including the user’s web browsing history, as well as more sensitive information like passwords and account numbers. In some cases, spyware will look for sensitive information such as customer lists or financial reports. Spyware and adware, including malware protection programs, are frequently disguised as legitimate applications.
Botnet malware is a type of malware that creates networks of hijacked computers that can be controlled remotely. Botnets are networks of hundreds or thousands of computers that are all engaged in one of the following malicious activities:
- Spam Emailing
- Cryptocurrency mining (see cryptojacking below)
- Distributed denial-of-service (DDoS) attacks are used to disrupt or disable a company’s network.
- More botnets are being created by distributing malware.
Ransomware rose to prominence in 2016 when a wave of ransomware exploited encrypted computers all over the world and held them, hostage, for bitcoin or other cryptocurrencies in exchange for payment. The WannaCry/WannaCryptor ransomware attack in May 2017 was one of the most well-known, affecting major organizations all over the world, including the United Kingdom’s National Health Service (NHS). The attackers demanded $300 in bitcoin in exchange for each computer’s decryption key, which they did not always deliver. Hundreds of thousands of organizations and individuals were affected by ransomware, which resulted in the loss of valuable data. As attackers refocus their efforts on cryptojacking malware, ransomware attacks have decreased in 2018.
Cryptojacking or Cryptomining Malware
The act of hijacking a computer or a computer network to mine cryptocurrencies is known as cryptojacking or cryptomining malware. Large amounts of processing power, bandwidth, and energy are consumed by mining programs. Victims pay the price in terms of reduced processing power and higher electricity costs for their legitimate uses. Excessive data crunching can also harm the hardware of the victim. Malware can also be used to steal or alter data, as well as to plant other malware for later use. Cryptojackers may also steal the victims’ own digital currency.
In 2018, the Cryptomining Subcommittee of the Cyber Threat Alliance recorded a 459 percent increase in mining malware attacks. The rise in bitcoin’s value (to more than $19,000 per coin) in late 2017 fueled the spread of cyberjacking malware. Infected computers mine Monero and send the cryptocurrency to the attacker’s account. Cybercriminals are still following the money.
Fileless malware only runs in the computer’s memory and leaves no files for antivirus software to detect. A fileless malware attack is Operation RogueRobin, which was discovered in July 2018. The RogueRobin attack begins with a phishing email that contains malicious Microsoft Excel Web Query files. These files force the computer to run PowerShell scripts, giving the attacker access to the victim’s system through a backdoor. The malware is removed when the computer is turned off, but the backdoor remains.
Fileless malware hackers can get around traditional security software by using trusted technologies like PowerShell, Excel, or Windows Management Instrumentation.
A fileless malware script could run for days, weeks, or even months because some applications are designed to run indefinitely. The credentials of system administrators and others with access to deeper parts of the system were collected by fileless malware that ran on a financial services company’s domain controllers.
Best practices for malware protection
Individuals and organizations can use the following primary strategies to improve malware protection:
- Frequently back up your data. If a file or database becomes corrupted, a recent backup can be used to restore it. As a result, keep multiple backups for a long time. Also, test backups on a regular basis to ensure that they are working properly.
- Turn off macros. Unused administrative tools and browser plug-ins should be disabled.
Install and keep malware detection software up to date. For detecting and responding to malware, advanced malware detection programs and services use a variety of methods, including:
- In a quarantined environment, sandboxing or activating a suspected virus
- Filtering for bad reputation (e.g., filtering by the reputation of the sending IP address)
- By comparing it to known malware signatures, signature-based filtering can be used to identify malware.
- Using behavior-based analytics software, which profiles normal user behavior and detects abnormal application use using artificial intelligence and machine learning.
- Learn about the dangers of malware. The users themselves are the most important factor in preventing malware infection. Users should be aware of the dangers of downloading and installing unauthorized software, plugging in USB thumb drives, and visiting untrustworthy websites.