When the subject of cybersecurity is discussed, one of the most frequently used terms is “Malware.” Malware continues to spread like wildfire in today’s digital age, but are you aware of the specific types of malicious software?
Here are some of the most common, yet dangerous faces of malware that you need to be aware of and vigilant to prevent.
Viruses – Normally the first form of malware attack that comes to mind, Viruses are a type of malicious file that once triggered corrupts or destroys information on a device and spreads to others within their connected network.
Many believe a single antivirus program alone is enough to stop virus attacks. However, no antivirus solution is foolproof. Most antivirus programs will quarantine the infected files, but more advanced viruses can be especially difficult to sanitize since they require a specific, legitimate program to be triggered. A more devastating virus evolution is a Zero-Day attack, an attack in which no antivirus solution has been developed for it yet.
A Zero-Day attack on Sony Pictures Entertainment in 2014 cause the media juggernaut to lose approximately 100 Terabytes of data, with the intention to stop their controversial film "The Interview" from being released.
A good practice to avoid a zero-day attack is to have a managed monitoring system, such as our Remote Managed Services package (RMS) to proactively seek out threats and protect you by blocking them before they can infect your office network.
Ransomware – Possibly the most discussed type of malware threat currently, ransomware is a type of malware that prevents or limits its victims from accessing their personal data and forces them to pay ransom to get it back.
Once installed, most ransomware will encrypt files and typically force the victims to use online currencies such as Bitcoin to pay up. Cryptolocker is one of the more infamous types of ransomware attacks, which once triggered, hijacks the users’ documents and commands them to pay a ransom, typically within a certain time limit to send payment.
Some ransomware attacks are even more serious as there is no guarantee that you will retrieve the data in its original state. Even worse, the ransom could be paid only for the attacker to damage or even destroy the files anyway.
2018 was been dubbed by many to be “the year of ransomware” and it has not slowed down today. An example of a particularly vicious type of ransomware was an attack that mainly spread through Russia and Eastern Europe called Bad Rabbit. This ransomware attack burrowed a malicious file on your computer that would spread through a fake Flash update.
Even though Bad Rabbit wasn’t quite as dangerous as the more severe ransomware attacks of Petya or WannaCry, there were similarities between it and those infamous threats.
Trojans – Trojan attacks give an attacker the ability to spy and steal personal data through a backdoor access to your system. Victims of a Trojan attack can be baited into opening the infected file or program, which allows the attacker remote access into the system. There have even been Trojans that are disguised as legitimate antivirus software.
Trojans are not only convincing to the untrained eye, but even legitimate sources can carry Trojan malware. In 2016, news website Forbes.com published their “Forbes 30 Under 30” article. One of the ads on the article’s page contained a malware infection known as the Angler Exploit Kit, which was a severe Trojan/ransomware hybrid.
This gained notoriety as at the time of the sneak attack, Forbes required you to turn off any AdBlock browser software before you can view their site unless you were a paid member.
While it may have been Forbes’ ad network that let that infected ad slip past their defenses, it proved that even a trustworthy source can unknowingly contain malicious code.
Worms - Computer worms are hidden programs that duplicate themselves and spread to other computers, injecting malicious code. They grow in strength through exploiting operating systems & program vulnerabilities that should be patched through security updates. Worms also are synonymous with spam-sending malware, which can generate income for hackers by allowing them to sell spam-sending services.
The biggest difference between a worm and a virus is that worms can self-replicate themselves once infected, while viruses typically need to be triggered by a human action. A typical type of worm would be one that sends mass emails with infected attachments to their contact list without the user’s awareness, attempting to trick the receiver through a phishing attack.
One of the most famous computer worm attacks was the Michelangelo worm of 1991, which on the birthday of the famous artist would activate, wreaking havoc on the victim’s hard drive. It was one of the first types of malware infections to boost the awareness of having a proper defense solution installed on your computer to the masses.
It only takes one workstation infected with a worm for the entire network to be in the hazard zone. Making sure all your workstations have up-to-date operating systems and threat management solutions prevents worms from nesting in your network.
Keyloggers – No one appreciates being spied on, and this type of malware does just that. Keyloggers are a type of malware that tracks and logs your keyboard activity in order to collect your sensitive data. They can impersonate browser extensions, mobile phone apps, and even entire websites which sometimes can evade detection by some anti-malware programs. Keyloggers are tricky for the everyday person or antivirus software to detect.
There are even more advanced keyloggers that can gather your keyboard input by the sound of your fingers, since every key has a unique sound when struck.
Some warning signs that your device may be infected by a keylogger:
- Slower than normal web browsing performance
- Mouse/keyboard stuttering or pausing when entering online forms
- Receiving unexpected notifications from websites about login credentials
- Being locked out of financial banking apps or web portals
Banking apps are one of the largest targets for keylogger attempts. Once infected, the attacker records login credentials, account details, email/FTP file transfers, and even text messages, using the archived information to alter account details and drain bank accounts in seconds.
Bots – Bots are software programs that are created with the purpose of automating specific tasks. In the case of malware, bots are typically used to instill fear and uncertainty in their victims though DDoS attacks (Distributed Denial of Service), making a workstation attack internet resources to make them unavailable to intended users.
Bots can also be used in botnets, which are a collection of infected internet-connected devices controlled by a single hacker, or a “bot herder.” A massive DDoS attack, such as the Dyn attack of 2016, is a perfect example of how attacks from botnets can halt or compromise how you access your daily internet resources such as Netflix, Amazon, and PayPal. Though Dyn resolved the attack within a day, an outage that long is more than enough time to do major damage, especially to small businesses.
This is only scratching the surface of the kind of malware that’s ready to infest unsuspecting networks. One of the best ways to protect yourself from malware threats is to have an actively-managed threat management solution and a consistently updated backup system implemented so you can roll back to a previous state in case you or your business becomes a target.
neoRhino’s Remote Managed Services provide the monitoring and protection you need to keep your workstation safe from a malware attack. Call us at (281) 779-4850 and let our expert IT consultants protect your business.