Types of Malware: How to Detect and Prevent Them
Cyberattacks are rampant, and they are wreaking havoc on organizations of all sizes. With the frequency of cyberattacks increasing, it is estimated that a hacker attack occurs every 39 seconds. In March 2020, induced by the COVID-19 pandemic, ransomware attacks increased 148% and this trend is only going to continue.
Threat actors use malware, such as ransomware, viruses, trojans and worms, to launch sophisticated cyberattacks. Even scarier, 300,000 new malware variants are developed every day. The intention behind these attacks varies and no company is safe from these threats. A successful attack can be devastating to businesses both big and small. Read on to learn about the different types of malware, how they work and how to protect your data from these threats.
What is malware?
Malicious software, or malware in short, is a computer program or code developed to cause harm or damage to a computer, network or server. As McAfee puts it, “malware is a catch-all term for any type of malicious software designed to harm or exploit any programmable device, service or network.” In simple terms, any software designed with the intention to cause harm is malware, regardless of the method or technology used.
Cybercriminals use malware for different reasons. Some of the most common objectives are accessing sensitive information, such as credentials, financial data, etc., disrupting business operations and extorting money from victims. Common malware types include trojans, spyware, viruses, ransomware, rootkits, worms, keyloggers and adware. Among these, ransomware is one of the most popular and prevalent types of malware. SonicWall recorded 304.7 million global ransomware attacks during the first half of 2021, a 151% year-to-date increase.
How do you get malware?
As technology solutions to combat malware threats improve, so do the malicious activities of cybercriminals. Threat actors are devising new attack vectors and smarter ways to infiltrate vulnerable systems and networks. Malware can be disguised as a legitimate program or app and can spread through malicious emails and texts, shared networks, infected USB flash drives, external hard drives, or when you click on malicious advertisements or install bogus software.
Perpetrators even covertly take over software update services. As such, when you update your machine, you inadvertently download and install malware instead of security patches or updates.
As social networking becomes an integral part of our lives, threat actors are developing new techniques to deploy malware through social networking sites. As per the 2020 FBI Internet Crime Report, the Internet Crime Complaint Center (IC3) received over 28,500 complaints in 2020.
Malware delivered through email is increasingly prevalent. According to the FBI’s Internet Crime Complaint Center (IC3), phishing was the most common attack used by perpetrators. It’s no surprise then that email security was ranked as the top IT security project of 2021.
Trojans and viruses can secretly enter computers while downloading files online, causing them to slow down. They can also delete information and infect other files, computers and networks.
How does malware work?
There are many forms of malware and they work differently and have different purposes, such as stealing sensitive information, extorting ransom, industrial espionage, etc.
As discussed above, malware can get into computers and other computing devices like smartphones and tablets through various ways and means. Once it enters the system, it starts the tasks it is programmed for such as monitoring your online activities, recording your keystrokes, locking up your device and important files, deleting or encrypting files, spamming you with ads or rendering your device inoperable.
Different types of malware
Many forms of malware exist today, with more and more created each day. Here’s a list of some of the most common types of malware:
A computer virus is the most common type of malware, designed to self-replicate and spread from one file to another. The malicious codes infect and modify other programs, impacting the device’s functionality. A virus also deletes and corrupts files.
The trojan horse malware derives its name from the epic Trojan War in ancient Greek mythology. This malicious program is tricky and appears to be a legitimate application. Once you download the harmful program, it can gain access to sensitive files without your knowledge and alter, block or delete data.
Spyware, as the name suggests, is malicious software developed to spy on you. The malware monitors your online activities, tracks keystrokes, extracts information and sends the data to the perpetrator. Spyware programs secretly hide in the background looking for personal information such as login credentials and financial information.
Ransomware is a form of malware that locks up your device or encrypts data. Hackers then demand a ransom for a decryption key, which allows you to gain access to your computer and files again. Today, with ransomware-as-a-service, anyone can buy a malicious ransomware code to launch sophisticated cyberattacks.
The rootkit malware is dangerous and extremely hard to detect. It hides deep within your infected computer unnoticed and provides administrator privileges (aka root access) to the hacker. This allows the hacker to gain full control over your system without your knowledge.
Like viruses, worms can replicate themselves. However, this type of malware does not require a host to spread and infect other systems. They are developed to drain bandwidth and disrupt networks. Worms are commonly used to target email servers, web servers and database servers.
Keylogger malware is similar to spyware that buries itself into your device, secretly recording your keystrokes. This type of malware gathers sensitive information, like usernames, passwords, credit card numbers, etc., and sends it to the attacker.
Adware is perhaps the least malicious, but also the most annoying computer program that spams you with advertisements. Adware is capable of collecting your personal information and uses it to display more personalized ads on your computer screen. Although Adware does not harm or damage your device and files, it often comes bundled with other harmful malware. Therefore, you must be cautious with an adware infection.
Malvertising, also known as malicious advertising, is where threat actors make use of legitimate ads or advertising networks to spread malware by embedding malicious programs into ads. When you click on the ad, you will be redirected to a malicious website or a malware will be installed in your device.
Recent malware news
Malware attacks are evolving and their frequency continues to escalate. Here is some malware news that reminds us how dangerous and prevalent malware is:
Microsoft named “Big Malware Hoster”
Former Microsoft security analyst, Kevin Beaumont, said that Microsoft is “the best malware host in the world for about a decade.” This comment was made in response to a report by The Analyst, which highlighted that a BazarLoader malware campaign was hosting its malware on Microsoft’s OneDrive service. They also asked, “Does Microsoft have any responsibility in this when they KNOWINGLY are hosting hundreds of files leading to this, now for over three days?”
YouTube channels attacked with cookie-stealing malware
Google recently warned that financially motivated threat actors hired in Russian-speaking forums are targeting YouTube creators with cookie-stealing malware. According to Google’s recent article, its Threat Analysis Group (TAG) has been tracking the “pass-the-cookie” attackers since 2019. The perpetrators behind this attack use cookie-theft malware to hijack victims’ channels. The stolen credentials are then auctioned online on the dark web.
MCH Group hit by cyberattack
In one of the latest cyberattacks, Switzerland’s MCH Group, an international marketing company and exhibitions organizer, fell victim to a malware attack. Whether any data has been stolen is yet to be investigated.
Debt-IN Consultants data breach impacted millions of South Africans
Debt recovery firm Debt-IN Consultants suffered a data breach incident in September 2021, which impacted more than a million customers. It is estimated that the personal information of more than 1.4 million South African citizens, including the firm’s employees, were exposed.
JBS USA shuts down operations after a ransomware attack
On May 30, 2021, JBS USA, a global beef manufacturer, suffered a ransomware attack that disrupted its operations. The company is said to have paid an $11 million ransom demand to the notorious REvil group.
Colonial Pipeline Company cyber incident
On May 7, 2021, Colonial Pipeline Co. fell victim to a ransomware attack carried out by the DarkSide ransomware group. The perpetrators used a compromised password to bring down the largest fuel pipeline in the United States. The company paid a $4.4 million demand to restore its operations.
How to identify and detect malware
The threat of malware attacks is widespread and inevitable. It is possible that malware has entered your device without your knowledge, and you might not know where it came from. However, there are tell-tale signs that will help you understand if your systems, files or applications are infected by malware. Common signs of malware infection include:
- Your device is slower than usual. Malware impacts the performance of your device, which slows down your system.
- Your browser redirects automatically or takes you to malicious websites without your intention.
- Your computer screen is inundated with frequent, annoying pop-up ads.
- Your device behaves abnormally or crashes unexpectedly.
- Your browser settings have changed without your knowledge.
- There’s a massive increase in internet activity.
- Your files or your device is inaccessible.
- Shutting down or powering up your device is a problem.
How to prevent malware?
Malware attacks are inevitable but there are reliable ways to minimize the risk of these threats.
- Antimalware solutions: Installing robust antivirus, antimalware and antispyware software is a good way to avoid malware infections. Ensure your security tools are up to date and run periodic scans to monitor your activities online.
- Secure authentication methods: Implement a strong password policy that requires the use of a combination of at least eight characters, lower case, upper case, numbers and symbols in passwords. In addition to implementing a strong password, enable multifactor authentication such as a secure PIN.
- Update software regularly: Obsolete tools may have vulnerabilities that cybercriminals can exploit to penetrate your computers or network. By updating software regularly, you can apply patches and plug security gaps before they cause any damage.
- Adopt the least-privilege model: Implement the least-privilege model to ensure only necessary rights/privileges required to complete a task are granted to users. This helps mitigate the risk of account compromise.
- Implement email security and spam protection: Verizon’s 2021 Data Breach Investigations Report reveals that 94% of malware is delivered via email. Use email security and spam protection solutions to scan emails and attachments that may be infected with a malware. By setting up spam filters, you can prevent unwanted emails from reaching your inbox.
- Training and awareness: Educating your users is one of the most effective ways to combat malware. After all, your employees are your best line of defense. Train your employees on common techniques used in malware attacks, the latest cybersecurity trends and security best practices.
- Back up critical data: Regularly backing up your data is key to reducing downtime and minimizing the impact of a cyberattack on your business. Having a good backup of critical assets will help you recover from a cybersecurity incident smoothly and quickly.
Reinforce your organization’s data protection with Spanning Backup
Malware attacks are costly and destructive. Having a backup of your critical SaaS data can be the difference between recovering quickly from a catastrophic malware attack and grappling with costly downtime and data loss.
Spanning Backup is a powerful yet easy-to-use SaaS data protection solution for Microsoft 365, Google Workspace and Salesforce. Our enterprise-class solution enables IT administrators and users to restore data and get back to work in just a few clicks. The cloud-to-cloud SaaS backup solution provides end-to-end protection with advanced capabilities to help prevent, anticipate and mitigate account compromise and data loss.