First Column IT blog
Your Guide to the Malware You Could Encounter
You’d be hard-pressed to find someone nowadays who hasn’t heard of malware, although they may have difficulty identifying different threats as they encounter them. Does this sound like the people that you work with? We’re here with a simple solution to assist you and your team in spotting the different kinds of threats - a malware guide to distribute among your staff so they can better spot the usual suspects.
Print out this guide and hand it out so your team always has a handy reference to turn to.
A computer virus is perhaps the most recognized term for malware, in that many users will attribute any stunted functionality to one. In actuality, a computer virus is a malicious piece of code that can replicate and disperse without the person responsible for unleashing it remaining involved. This makes them a particularly effective weapon for hackers to use against targets of all sizes, often by attaching it to some file or application that their intended victim is likely to download.
Worms are another self-replicating pest, predating even viruses. Once a system has been infected (either via an application flaw or a hacker’s social engineering) a worm can truly wreak havoc. Additional malware can be transferred into the system, system memory can be used up to create issues, and communications can be cut back. Email is another effective way that worms have been used against businesses. All it takes for an entire company to be infected is for one employee to open the wrong email attachment.
This variety of malware is useful to a cybercriminal who intends to create even more considerable problems sometime later. This is because it can be used to bypass a system’s security by monitoring a user’s actions, recording credentials and snooping on their behaviors. Keyloggers are a well-known variety of spyware, as they secretly record a user’s keystrokes to steal credentials and other sensitive data. As an added impact, spyware also eats up a system’s CPU resources to increase its vulnerability to further attack.
Adware is intended to fool a user into clicking through a forged advertisement to what appears to be the website described in the ad, but is actually the creation of a cybercriminal.
Some cybercriminals prefer to camouflage their attacks behind legitimate advertising networks. By paying for ad space and hiding code within the ad, the user could again be brought to a malicious site. Alternatively, the ad may instead install malware onto the user’s system - sometimes without any action needed from the user at all. This includes scripts used to turn a system into a cryptomining puppet for the cybercriminal’s benefit, as well as Trojans and ransomware.
Just like the wooden horse strategically used in the Trojan War, Trojans hide their malware attacks in what appear to be legitimate programs. They are particularly common for a few reasons: first, they are relatively easy for even a novice hacker to create, and second, they are very effectively spread through social engineering and deception. Once the user activates the program, the payload is delivered and the Trojan fulfills its goal, whether that’s damaging or stealing data or simply throwing the proverbial wrench into the computer’s operations.
Ransomware has seen a considerable jump in popularity over the last few years, which makes a lot of sense in a few ways. Not only has it proven to be an effective means of attack, as businesses, healthcare organizations, and even entire cities have been brought to a halt by it, it can be very lucrative for the cybercriminal responsible. Once the ransomware has been executed, it encrypts the infected system and locks the user out. The user is then given a message explaining what happened, with a link to an encrypted cryptocurrency wallet to pay the ransom in exchange for the decryption key. Unfortunately, many victims are never given the key, even if they pay.
A logic bomb can, appropriately enough, act as a digital land mine. Lying dormant in a system until it is triggered by some event, a logic bomb will damage a computer - sometimes causing physical damage to its components. For instance, some logic bombs overwork certain pieces of hardware, like hard drives and cooling fans, until these devices fail.
A backdoor is less of an attack itself, and more of an attack vector. It effectively gives a cybercriminal a means of getting into a vulnerable system again later, even if the original vulnerability is resolved. Using this backdoor, the cybercriminal has the opportunity to return again later, when the user has again let their guard down.
A rootkit is what enables a hacker to create a backdoor. By modifying system files by virtue of software vulnerabilities, a hacker is able to leave themselves an opening into their targeted system.
Botnets are made up of bots, or infected programs and systems, that can execute whatever task the cybercriminal wishes in tandem with one another. Essentially, a botnet can consist of hundreds of thousands of devices, such as computers, smartphones, and even IoT devices. With their collected computing power, botnets are formidable threats, which is why they are commonly used to execute Distributed Denial of Service attacks.
A more recent development, fileless malware infects a computer and starts to pull the strings from inside the device’s random-access memory, or RAM. Once there, this malware is able to spread using encryption keys and APIs, as well as cause problems by altering user privileges and misusing admin tools.
Being able to recognize threats is a crucial part of stopping them. The other part? Having the right security solutions in place before they strike. First Column IT can help on both fronts. Reach out to us at 703-880-6683 to learn more and ensure your company is better defended.