What is malware?
Viruses, Trojans, and ransomware are all malware, but what does that mean?
What's the biggest threat to modern businesses? One might suggest legacy technology, automation or even competitors with better products. A more accurate answer, however, would be malware, a lexical blend of 'malicious' and 'software' which acts as an attacker's favourite tool to upend a business from the inside.
Malware is now used as an umbrella term, one that encompasses many different types of infectious program used for nefarious purposes. Trojans, ransomware, botnets, worms and adware all fit under the term, and they will all try and steal data or take your system(s) offline.
Unfortunately, malware strikes businesses every day and the cyber threat is as large as it has ever been, and staying vigilant against current and incoming threats is essential for any business hoping to protect their data. A business that fails to combat malware will likely see an IT catastrophe sooner rather than later, which can mean anything from service disruptions to stolen sensitive data belonging to your employees, and anything in between.
It's in every business leader's interest to fully understand what Malware is and the threat it presents to your critical infrastructure. So with that in mind, we've put together a guide on what you need to be looking out for.
There are several different types of malware, with some being more common than others. These are some of the ones you're most likely to run into at home or in your business.
Predating 'malware', and once widely used as a catchall term for any computer-related meltdowns, a 'virus' is perhaps the term that people will be most familiar with. As implied by its namesake, a computer virus is a self-replicating, self-distributing piece of malicious code, designed to be a fire and forget weapon.
It's become one of the most widely used forms of malware as a result, able to spread through a variety of methods, whether it be by email attachment, direct download, or by hiding inside a storage media, such as a USB.
Mobile devices, including smartphones and tablets, aren't immune to viruses, which typically spread as a result of someone installing an application from an unknown source - although there are examples of malicious files being hidden inside official app stores.
The purpose of a virus varies greatly, with some being more damaging than others. Fairly innocuous viruses result in degraded performance on a machine, slowing down browsers or desktop applications, however, others may self-replicate in order to spread to other machines on a network.
Some may become so disruptive that a PC will crash or fail to startup entirely, while others may hijack your desktop to display advertising, block legitimate software or hijack your webcam.
Most types of malware are defined by their style of attack, and 'worms' are no exception. While similar to viruses in many ways, worms don't a user downloading a file or clicking on an attachment to spread. Instead, they exploit the interconnectivity of a network, sifting through shared software to find exploits.
Many worms are designed to simply replicate across networks rather than cause direct disruption through changed settings, however, even those without a 'payload' can still cause increased network traffic and instability.
The aptly-named Trojan is designed to trick victims into believing it's a legitimate program. Once downloaded and executed, a Trojan will run behind a seemingly normal looking application or service, remaining undiscovered for as long as it can to carry out its real goal, which is often stealing user information or copying files.
Unlike viruses and worms, however, Trojans tend not to self-replicate so while they are a threat to an individual endpoint and the files on it, they're typically not a major threat to a network.
Adware and Spyware
Adware, while counted as malware, is more annoying than it is malicious. This type of program displays unwanted adverts that are hard to get rid of, for example displaying as pop-ups that are either impossible to dismiss or which reappear shortly after the user has closed them. As well as being obviously disruptive in that they obscure part of the screen, adware can also cause a system to run slowly.
Spyware, on the other hand, is malicious. As the name would suggest, it spies on a user's activity and can exfiltrate sensitive data. Unlike adware it hides its existence, silently syphoning off information. Keyloggers and screen readers are just two types of spyware that may infect your system.
Ransomware has become one of the most well-known forms of malware out there, thanks to massive attacks like WannaCry in 2017.
Ransomware, as the name suggests, is a type of extortion malware that quietly breaks into a user's system with the goal of encrypting files. These files are then returned to the user if they hand over a set amount of cash.
It has proven to be one of the most popular forms of malware given its propensity to generate a high return on investment, particularly when 100% uptime is critical for the victim. Public sector organisations have been a recent favourite among criminal groups, with a number of cities in the US having paid out hundreds of thousands of dollars this year alone.
Ransomware is best known for its distinctive use of splash screens, which can vary considerably depending on the strain used. Regardless of the design, the aim is to alert users to the infection, and given them instructions as to how they can recover their files. More malicious infections will demand payment be issued within a specific time frame, such as the Jigsaw ransomware which will start deleting files for each hour that goes by without payment.
Usually, the criminal groups will demand payment in Bitcoin, Monero or similar cryptocurrencies, which makes it near-impossible to trace.
Unfortunately, ransomware is one of the easier methods of attack, particularly for those looking to make quick cash. Ransomware as a service, where criminal groups offer up their ransomware strains and services for hire, has become one of the biggest threats facing the business world. In fact, many of the most popular ransomware strains hitting Europe, and in particular the UK, right now are considered to be the result of ransomware as a service.
These are able to change your browser settings, like the home page, and can make it extremely difficult to change the settings back. They are able to install unwanted toolbars, search bars and can also redirect existing browser shortcuts to other sites.
How malware spreads
Malware can spread through a variety of means, although it often depends on the attack vector the variant chooses to exploit. One of the most common methods is to hide malicious code within an email, masquerading as a legitimate attachment, yet this isn't always effective, particularly if a company has robust filters.
Criminals may also use drive-by downloads, a tactic that attempts to forcibly download a file to a user's PC as they visit a website, or more sophisticated methods involving command and control (C&C) servers. Rather than letting a malware variant act independently, C&C servers are able to maintain links between every infected machine, allowing criminals to not only repeatedly steal data, but also hijack its functions to be used as part of a larger botnet.
While not strictly malware, the rising interest in cryptocurrencies such as Bitcoin and Monero has seen malware modified and created to turn infected computers and mobile devices into machines to generate valuable digital currency.
To generate or 'mine' cryptocurrency, equations need to be solved which requires a decent amount of processing power; this can be a time consuming and power-hungry process. So hackers have been adding cryptocurrency miners and scripts into malware payloads which surreptitiously siphon an infected machine's processor power to crunch the calculations needed to mine cryptocurrency.
Known as cryptojacking, when scaled up through a network of infected machines this process can end up generating digital money for hackers off the back of other people's computing power.
There is not necessarily an easy way to detect if your machine has a cryptojacker on it, but if you find it's is inexplicably running slower or the processor is heating up, then there's a chance that a cryptojacker script is running in the background.
Cryptojackers can also infect smartphones and in extreme cases can over-tax their processor and cause it to overheat and malfunction, potentially damaging the phone or heating it up to the extent that it burns the user.
Security analytics for your multi-cloud deployments
IBM Security QRadar SIEM solution briefDownload now
Five reasons to move to the cloud
Join the enterprises moving their workloads to the cloudDownload now
Architecting hybrid IT and edge for digital advantage
Why business leaders should consider a hybrid IT strategyDownload now
Six reasons to accelerate remote asset monitoring with AI
How to optimise resources, increase productivity, and grow profit margins with AIDownload now