Beware The Latest Malware

Malware is one of the most well-known cyber threats, defined as a blanket term for computer programs used to damage a computer or network and gain access to sensitive information. Malware has been around for a long time, but it is still a major problem for businesses – around half of all organisations suffered a malware attack against company-owned devices in the last year. 

And in 2020, the use of malware by cybercriminals is growing. The malware strains have begun to use more sophisticated techniques and in some cases, they can even evade traditional signature-based defences; at present antivirus solutions are only able to block just over 40% of malware attacks.

Additionally, malware is expanding its field of targets and is now being used against mobile phones and smart devices. 

Perhaps even more worrying is the rise of malware-as-a-service, which has seen criminals develop ‘affiliate programmes’ that engage people with little to no cyber hacking skills to extort money from victims. This means that businesses need to start taking malware much more seriously, and put in resources and investment to defend themselves against the latest malware threats across the world. Protecting your company now means going far beyond relying on antivirus and firewall software. 

Attacks are more damaging than ever before
If you are still not convinced by the need to take malware more seriously, the first thing to note is that the severity of malware attacks is increasing. Organisations affected by malware can suffer extensive damage – not only financially but also to their reputation.

One key example is currency exchange bureau Travelex which recently lost control of its IT systems and customer data in a malware attack. The cybercriminals involved then demanded a ransom of $3 million to restore services. 
It is also worth noting that it is not just businesses that are targeted with malware. In 2019, in excess of 70 state and local governments in the US suffered ransomware attacks. 

How malware spreads
Malware is able to spread extremely rapidly – and this is partly due to the fact that it is spread in a variety of different ways. Some of the most common occur as phishing attacks – where unsuspected users are tricked into opening an application or website in an email. It is also common for criminals to use so-called software subversion, where they infect applications and software that is used by web developers, rather than websites or networks directly. 
Malware can also be spread by hackers who gain access to a network and then control it remotely. And there are even examples of employees and other insiders taking a bribe from cybercriminals in order to plant malware in a network. 

Latest malware threats to be aware of
Malware can take many different forms, and some of the most well-known of the latest malware threats include:

  • Ryuk - this is a sophisticated ransomware that infiltrates a system and then encrypts the data stored on it, making it unusable. A message is then displayed informing the user of these facts and demanding payment in the form of Bitcoin in order to get the files decrypted.
  • Trickbot - this is a banking trojan that is used to target small and medium-sized businesses – it is used to steal personal information in order to conduct identity fraud.
  • Emotet - another banking trojan which has evolved into a threat-delivery service. It is distributed through spam emails that are designed to look like legitimate emails.
  • Dridex - this is another form of malware that can evade traditional defences and specialises in the theft of online banking credentials.

How to protect your business against malware
While traditional defences alone are ineffective against these newer malware threats, there are thankfully many things that you can do to protect your business against them. The first thing to note here is that systems should be regularly patched, and vulnerability scans should be carried out in order to identify systems and applications at risk. 

Signature-based and behavioural-based detection technologies also have a role to play. Endpoint detection and response tools monitor user behaviour in the system in order to detect the latest types of malware – this allows them to disrupt and mitigate attacks. These tools are complex and time-consuming to manage however, and many businesses prefer to make use of managed endpoint detection and response services

There are also some best practice steps you should take to keep your business secure, such as keeping data regularly backed up to multiple sources on and off-site, utilising multi-factor authentication when users login to accounts, as well as providing training to employees about the risks of the latest threats. 

Chester Avey is an independent business consultant.     

You Might Also Read: 

Is The Cloud Skills Gap A Problem?

 

 

 

« Cyber Security Market Slowdown Blamed On Coronavirus
CISO's Cant Find The Right People »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

USNA Center for Cyber Security Studies

USNA Center for Cyber Security Studies

The mission of the Center for Cyber Security Studies is to enhance the education of midshipmen in all areas of cyber warfare.

Infoblox

Infoblox

Infoblox solutions help businesses automate complex network control functions to reduce costs, increase security and maximize uptime.

Egress Software Technologies

Egress Software Technologies

Egress Software Technologies is a leading provider of data security services designed to protect shared information throughout its lifecycle.

Applause

Applause

Applause provides real-world software testing for functionality, usability, accessibility, load, localization and security.

Advanced Software Products Group (ASPG)

Advanced Software Products Group (ASPG)

ASPG offers a wide range of innovative mainframe software solutions for Data Security, Access Management, System Management and CICS productivity.

Basis Technology

Basis Technology

Basis Technology provides software solutions for text analytics, information retrieval, digital forensics, and identity resolution.

California Cybersecurity Institute (CCI) - Cal poly

California Cybersecurity Institute (CCI) - Cal poly

The CCI provides a hands-on research and learning environment to explore new cyber technologies and train and test tactics alongside law enforcement and cyberforensics experts.

Moxa

Moxa

Moxa is a leading provider of industrial networking, computing, and automation solutions for enabling the Industrial Internet of Things.

Montreal International

Montreal International

You’re an entrepreneur planning to launch a company in an innovative sector such as AI, cybersecurity, 'deeptech' or fintech? You’ve found the right place!

NTT Group

NTT Group

NTT offers agile, scalable technology services to bring it all together seamlessly, securely, and sustainably. We help you adopt a holistic security approach across your network, clouds, applications.

ID R&D

ID R&D

ID R&D is an award-winning provider of AI-based facial liveness, document liveness, and voice biometrics.

AccessIT Group

AccessIT Group

AccessIT Group is a specialized cybersecurity solutions provider offering a full range of advanced security services.

Strobes Security

Strobes Security

Strobes is among the world’s first cybersecurity platforms specifically designed for end-to-end continuous threat exposure management.

AppSOC

AppSOC

AppSOC is a leader in Application Security Posture Management (ASPM) and Code-to-Cloud Vulnerability Management.

Zyxel Networks

Zyxel Networks

Zyxel Networks is a leading provider of secure, AI-powered networking solutions for small to medium businesses (SMBs) and the enterprise edge.

TrueDeploy

TrueDeploy

Making Software Security EASY. The Security Status of Your Software in One Place. All you have to do is Deploy.