Last updated August 19, 2022
Summary of Key Points:
- Malware is software designed to steal data, damage equipment, or spy on users.
- Viruses infiltrate a program or device and then spread across a network.
- Worms are viruses that self-replicate and spread without human action.
- Trojans disguise themselves as legitimate code or software, but allow attackers to carry out the same actions as authorized users.
- Ransomware restricts access to a device and gives control of it to an attacker unless a sum of money is paid to them.
- Malicious Adware uses ads to lure users to download other types of malware or visit sites that will automatically infect their devices.
- Malvertising is similar to malicious adware, but is delivered through a compromised website and only affects users while they are visiting it.
- Spyware is malware designed to gather a user’s data without their consent or knowledge.
In the internet age, organizations in all verticals are increasingly relying on digital tools to get the job done. From seemingly mundane tools such as email and digital calendars to highly specialized programs, more work than ever relies on digital and internet-connected tools, including the cloud. Unfortunately, this rapid increase in digital interconnectivity has brought with it a sharp rise in digital crime, including the distribution of malware.
If your organization has recently been targeted or is currently being targeted in a malware attack please contact our team of experts for advice and practical assistance as soon as possible and consider reading our educational article: Hacked? Here’s What to Know (and What to Do Next).
What is Malware?
Malware, short for malicious software, is a general term that encompasses a wide variety of malicious programs designed to steal sensitive data, damage equipment, or spy on unsuspecting users. In this article, we will discuss seven of the most common types of malware:
2021 Saw An Alarming Increase in Ransomware & This Trend is Likely to Continue
According to a joint cybersecurity advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI and the NSA, and in partnership with the Australian Cyber Security Centre (ACSC) and the United Kingdom’s National Cyber Security Centre (NCSC-UK) 2021 saw the continuation of several alarming cybercrime trends, and found that “Ransomware [a type of malware] groups are having an increasing impact thanks to approaches targeting the cloud, managed service providers, industrial processes and the software supply chain” and that “More and more, ransomware groups are sharing victim information with each other, including access to victims’ networks.”
The advisory also reported that the ransomware market, in particular, is becoming increasingly “professionalized”, with more criminals relying on cybercriminal services-for-hire to attack targeted organizations.
These alarming statistics highlight the importance of having an up-to-date and comprehensive cybersecurity incident response plan in place, investing in critical cybersecurity infrastructure to safeguard your digital assets, and offering all team members regular cybersecurity training.
The 7 Most Common Types of Malware (& How They Can Impact Your Organization)
Computer viruses are a form of malware designed to infiltrate one program or machine and then spread to other systems, much like the viruses that target the human body. As it spreads, the virus wreaks havoc on business activities by encrypting, corrupting, deleting, or moving data and files or launching DDoS or ransomware attacks on other connected machines.
Viruses are particularly insidious because they may remain dormant for a set period, allowing the virus to spread to as many machines and devices as possible before launching the attack. Viruses may be delivered via email or inadvertently downloaded from infected or malicious websites and can also be delivered via physical media such as USB drives. Cybercriminals may leave infected USB drives in lobbies or parking lots, hoping that a worker will pick them up and plug them into their network-connected computer.
Unlike worms (discussed below), computer viruses must be embedded in a host program and often remain dormant until they are activated by unsuspecting users, such as when a user plugs an infected USB drive into their machine, opens an infected file, or clicks on a malicious URL.
Worms are similar to viruses, but they do not require human action to infect, self-replicate, and spread to other machines. As soon as the system is breached, worms can infect both the entry point machine and spread to other machines and devices on the network unaided by humans.
Worms rely on network vulnerabilities, such as unpatched operating systems, weak email security protocols, and poor internet safety practices. Originally, the goal of most worms was to damage system resources to hinder performance. However, modern worms are often designed to steal or delete files and are typically deployed against email servers, web servers, and database servers.
The Stuxnet attack is a particularly devastating example of a worm at work. This attack targeted operations technology systems involved in uranium enrichment and impacted organizations across Iran, India, and Indonesia.
A trojan is a type of malware that has disguised itself as a piece of legitimate code or software. Once an unsuspecting user grants the trojan network access, it allows attackers to carry out the same actions as legitimate users, including exporting or deleting files, modifying data, and otherwise altering the contents of the infected device. Trojans are designed to appear innocuous and are often found in downloads for games, apps, tools, or even software patches.
Many trojans rely on phishing, spoofing, or other social engineering attacks to trick users into granting them network access, but this is not always the case. Though trojans are occasionally referred to as trojan viruses or trojan worms, these terms are not strictly correct: unlike viruses, trojans cannot self-replicate, and unlike worms, they cannot self-execute. All trojans require specific and deliberate user actions to spread, such as convincing a colleague to try out this great new productivity app or download this fun game onto their work phone so you two can play together on your lunch break.
Ransomware is one of the most common and widely discussed forms of malware, and for a good reason. According to a cyber threat bulletin from the Canadian Centre for Cyber Security, 2021 saw the average recovery cost from a ransomware attack more than doubled between 2020 and 2021, from $970,722 CAD (roughly $757,852 USD as of the writing of this article) in 2020 to $2.3M CAD (roughly $1,795,380 USD) in 2021. The same bulletin revealed that the increased impact and scale of ransomware operations between 2019 and 2020 was largely fuelled by the “professionalization” of ransomware and the growth of the ransomware-as-a-service (RaaS) model, which involves less-technically-savvy criminals hiring skilled attackers to distribute ransomware campaigns, with attackers being paid a percentage of the victim’s ransom payment.
Ransomware is focused primarily on financial gain and is designed to encrypt files on an infected machine and hold them hostage until a ransom is paid. With the invention of cryptocurrencies such as Bitcoin, which don’t rely on a central authority such as a bank and are therefore more difficult for law enforcement to trace, has made it easier than ever for attackers to extort victims.
Ransomware frequently relies on social engineering to manipulate unsuspecting users into downloading infected email attachments or clicking on URLs from untrustworthy sources. Once a device is infected, the program typically creates a back door, which allows the attackers to covertly access the device and begin encrypting files while locking owners and other legitimate users out.
Even if your organization decides not to pay the ransom, you may still suffer financial loss. Employees who can’t access their work devices aren’t likely to get much work done, and your IT team and other technical specialists may need to be pulled away from other critical tasks to deal with the crisis. Depending on the nature of your business, even a few hours of downtime can have devastating consequences, as highlighted by the now-famous WannaCry attack that targeted the United Kingdom’s National Health Service (NHS) in 2017. The attack rendered the IT systems of hospitals and doctor’s surgeries inaccessible, which compromised medical care and put patient lives at risk. The attack knocked CT scanning facilities and MRI machines offline and left healthcare professionals unable to access vital data, including digital patient health records.
5. Malicious Adware
Adware, also called advertising-supported software, is legitimate software that is designed to display ads to a user when they are online, thereby generating revenue for the website’s owner. Though it is not inherently malicious, it can be used for malicious purposes.
While most legitimate organizations will carefully vet what sort of advertisements they allow to appear on their website (to ensure they don’t accidentally damage their brand by serving hateful or controversial content or drive business away by showing competitor ads), not all businesses are as meticulous as they should be. Cybercriminals may use malicious ads to trick unsuspecting users into downloading malware when they click on the ad or may use pop-ups, pop-unders (where the pop-up is intentionally hidden from view by the active window), or permanent windows that allow for drive-by downloads (where a user’s device becomes infected with malware simply by visiting the site). Malicious ads may also preemptively block antivirus programs from opening, further weakening your organization’s defenses.
Malvertising (malicious advertising) is similar to malicious adware. One key difference is that adware only targets individual users and relies on infected digital ads served via unsuspecting websites. Once a device is infected, adware operates continuously on that device unless actively removed. On the other hand, malvertising is served by the compromised web page itself (not via third-party adware programs) and only affects users while they are on the infected web page.
Like malicious adware, malvertising may take advantage of browser vulnerabilities to deploy drive-by-downloads. However, because the entire webpage (and potentially the entire website) is compromised, it can also forcibly redirect users away from the legitimate site to a malicious one or display advertising, malicious content, pop-ups, or pop-unders that the website’s owners did not intend to display. In the case of a forcible redirect, users may be brought to a different site infested with drive-by download malware (allowing attackers to compromise multiple sites and simply redirect them to the malicious site) or direct users to a site that looks almost exactly like the legitimate site as part of a wider phishing scam and attempt to trick unsuspecting users into handing over private information such as banking details or login credentials.
Malvertisements Cost Organizations More than Just Revenue & Site Traffic
While redirecting users to a different site impacts both website traffic and can compromise revenue streams, these are hardly the only potential costs. Website publishers may suffer reputational damage (since users are less likely to trust compromised organizations with their personal information going forward) and may be found legally liable for any damage suffered by users visiting their website.
Spyware differs from the other forms of malware we have discussed so far in that its goal is not to extort funds, steal sensitive files, or damage files but instead to, as the name suggests, spy on you and your organization. Spyware is designed to gather data without your consent and forward it to a third party.
Spyware can also refer to legitimate software installed by companies to monitor their workforce or programs, such as tracking tools embedded in websites that you visit that are used for advertising purposes. However, we will be focusing on malicious spyware deployed by cybercriminals against unsuspecting targets such as businesses so they can profit from stolen data, including proprietary data and usernames and passwords (obtained via keylogging software).
Malicious spyware is a type of malware that has been installed without your informed consent and is designed to monitor your activities and capture personal, confidential data, often via keystrokes, screen captures, and other types of tracking tools. This stolen data is then aggregated and either used by the party that gathered it or sold to other parties.
Malicious spyware is typically interested in confidential information such as:
- Login credentials
- Credit card numbers
- Account PINs
However, it will also monitor your keyboard strokes, track your browsing habits, and harvest email addresses (including your own and those of the people and organizations you are corresponding with).
Unlike ransomware, spyware goes out of its way to remain undetected and obscure its activities. Spyware often embeds itself in other programs that users are likely to intentionally download and install, such as bundleware (bundled software packages), without the knowledge or consent of the company that is offering the legitimate software.
However, sometimes companies will purposefully embed spyware in their bundleware while describing and requiring you to agree to the spyware in the license agreement without explicitly using the term “spyware”, tricking users into voluntarily and unknowingly infecting their devices. Spyware can also infect devices using similar methods to other malware, including via compromised websites or malicious attachments. Trojan malware and malicious adware may also both include spyware.
Spyware can wreak havoc on any business environment, allowing cybercriminals to better:
- Steal data
- Commit identity fraud
- Damage computers
- Disrupt business operations
Safeguarding Your Business From Malware
There are a few steps you can take to safeguard your organization against malware. These include:
Avoid Abandoned USBs
Attackers will often leave infected USB drives in publicly accessible places such as lobbies or parking lots in the hopes that some unsuspecting employee will pick it up and plug it into their machine. Should you come across an abandoned USB drive, you should report it to security and then hand the USB drive over to your cybersecurity team for further analysis and proper destruction.
Keep Your Software Up to Date
Software developers frequently release security patches, small programs designed to address known flaws and improve security. However, your organization can only take advantage of these improvements if the security updates are installed.
Invest in Antivirus Software
While antivirus software may not seem cutting edge anymore, it still plays a critical role in any cybersecurity strategy.
Think Before You Click
While most email providers include built-in antivirus scanning that flags potentially harmful attachments or links, it never hurts to be cautious. If you encounter a suspicious link or file, do not open it. Instead, you should forward the email to your cybersecurity team for further analysis. If the email is purportedly from someone you trust (such as your company’s bank or your boss) but seems suspicious, you should reach out to that person independently to verify that they are the real sender. You should also carefully read the sender’s email address on any email you receive.
For example, if your boss Jennifer Smith usually emails you from her work email (email@example.com), but this email is from a different address, such as firstname.lastname@example.org or [email protected], you should not reply to the email, but should instead reach out to your boss independently to verify that she sent the email. This is particularly important if the sender is asking you for sensitive or personal information, such as banking details or your password, or asking you to do something unusual, such as purchase a large number of gift cards or make changes to company banking details.
If someone sends you a URL, make sure you read it carefully. While you may be expecting a URL that directs you to www.yourbank.com and instead see www.yourbaank.com (note the extra ‘a’), you should once again independently verify that the sender is who they say they are before taking any action or handing over any information. It’s always better to spend a bit of time verifying than rush and take actions that could potentially compromise the safety and security of your organization.
Invest in Cybersecurity Training for All Employees
Even the most comprehensive and robust cybersecurity incident response plan and cutting-edge cybersecurity infrastructure depends on educated users for maximum efficacy. Ensure all employees undergo cybersecurity training as part of your onboarding process and periodically receive additional training.
Only Buy Devices from Trusted, Reputable Sources
While it may be more budget-conscious and environmentally friendly to purchase gently used devices, second-hand devices may offer more than you bargained for in the form of pre-downloaded malware. If you still intend to purchase second-hand equipment, make sure you do so from a trusted, authorized retailer of pre-owned devices and audit each item thoroughly for suspicious programs before connecting it to your network.
Opt for the Paid Version
One of the easiest ways to avoid falling victim to malicious adware is to opt for the paid, ad-free version of the software you are using whenever possible. Most organizations that offer premium subscriptions to otherwise ad-supported free products do not serve ads to premium users, so opting for the paid version can dramatically reduce your attack surface.
Vet Ads Partners Carefully to Avoid Malvertisement
Ad networks serve users ads from millions of advertisers, and most rely on real-time bidding, which means the ads shown on a website are constantly changing. This can make it difficult, if not nearly impossible, for individual website publishers to separate malicious ads from innocent ones. As such, it falls primarily on the ad provider to carefully vet ads, so it is critical that all website publishers choose their advertising partners with care.
Be Cautious About Cookies
With GDPR compliance affecting more organizations each day, almost all websites now ask users for their explicit permission before creating cookies. Cookies are considered by some to be a form of spyware, so make sure you only accept cookies from trusted sites and consider limiting your permission to essential cookies only.
Consider Using an Anti-Tracking Browser Extension
Not all of your browsing activities need to be tracked by third parties, whether for legitimate means like advertising or otherwise. Anti-tracking tools can allow you to better opt-out of omnipresent tracking, which helps keep your browsing activities and data private.
Avoid Third-Party App Stores
Cybercriminals are increasingly targeting people through their phones, often using apps. Third-party app stores may not vet the apps they offer as carefully as Apple and Google, so it is best to be cautious and stick to the official app stores.
Stick with Official App Publishers
Apps are an increasingly common delivery mechanism for malware, particularly spyware. Before you download an app, make sure that you trust the company that developed it.
Limit App Permissions
A troubling trend in the app space is apps that ask for more generous permissions than they require. Many apps ask to access your microphone, camera, or location data without justifying why they need this information. To avoid handing over more data than you need or want to, you should regularly review your app permissions and ensure your current settings reflect your actual preferences.
Nothing is Ever Really Free
Are You Concerned About Malware? VirtualArmour is Here to Help!
While it may feel like malware is lurking around every corner, there are concrete steps you can take to better safeguard your organization and its data. In addition to the advice above, you should also consider partnering with a trusted MSSP like VirtualArmour. With offices in both Denver, Colorado, and Middlesbrough, England, we are able to offer live, 24/7/365 monitoring as well as industry-leading response times.
The cybersecurity experts at VirtualArmour have extensive experience working with organizations in a variety of verticals, including healthcare, finance, retail, and energy and are also familiar with the unique needs of service providers and offer tailored plans based on your level of need, including essential services, premium services, and one-time consults. We offer a wide selection of cybersecurity services, including:
- Managed SIEM
- Endpoint detection and response
- Managed infrastructure and firewall
- Vulnerability scanning
- SOC as a service
For more information, or to get your free, no-obligation quote, please contact our team of experts today.