Of all the cyber threats in circulation, arguably none are as fear-inducing as malware. Malware attacks hit the headlines, with high-profile ransomware attacks often gathering widespread media attention, as well as lucrative pay-outs for their perpetrators. Despite mainstream recognition of the malware threat, there are many persistent misconceptions about malware, including how these pernicious programs gain entry to corporate IT systems, and how they behave once inside.
So let’s start with the basics: what is malware?
Malware is a portmanteau word meaning ‘malicious software.’ It refers to any type of code created to damage or exploit a device or network, typically for illicit gains. In most cases, malware is used to extort a financial reward from victims, as attackers use malware to encrypt or exfiltrate valuable data, which they’re then able to use as leverage. In other cases, malware is used to steal data that has value to the attacker in and of itself. This data could go on to be sold on the dark web or used to commit fraud or identity theft.
Types of Malware
Malware comes in a range of formats, with each category possessing distinct characteristics and behaviours. Some types are used as a launchpad for more injurious attacks at a future date, while others come with immediate adverse effects that can cripple entire networks in the absence of effective mitigations. Here are some of the most common types of malware:
Ransomware
Ransomware is perhaps the most notorious and feared form of malware, and for good reason. Once a ransomware program has infected the target device or network, it identifies documents, databases, and other stores of critical information and applies strong encryption protocols to them, rendering the resources unusable. Other forms of ransomware seek to disable device functionality, for example, by corrupting operating system boot files to prevent users logging on to their devices. Ransomware gets its name from the ransom payment demanded by the attackers. This will be accompanied by a promise to restore access once payment is received, alongside deadlines and threats designed to coerce users into quick compliance.
Trojans
A Trojan is any ransomware that comes disguised as a legitimate, trustworthy application. Trojans often use names and icons that closely resemble well-known programs. They are often presented as important system updates, and sometimes they’re even inserted into software bundles alongside legitimate installation files. Once executed, Trojans can encrypt files, exfiltrate data, disable system functionality, and even orchestrate devastating DDoS attacks.
Worms
Worms are advanced, self-replicating malware programs that have the ability to propagate across computer systems without no (or limited) user interaction. Some worms are programmed to autonomously scan for network vulnerabilities. Once found, they exploit these vulnerabilities to move laterally across the network. Upon infecting a new system, a worm will typically activate its payload, which might include stealing sensitive data, setting up a “back door” for a future attack, or corrupting system files.
Viruses
The terms ‘computer virus’ and ‘malware’ are often used interchangeably, but the two shouldn’t really be confused. A virus is malware subset, characterised by reliance on a host, such as a document, or a genuine software program. A virus will attach itself to this host, lying dormant until a user opens the file or executes the program in question. Once this happens, the virus will attempt to replicate further by copying itself to nearby programs or files. This process then repeats until an execution trigger causes the virus to release its payload, which might involve deleting files, stealing data, or locking users out of the system.
How Does Malware Spread?
Attackers use a variety of delivery mechanisms to distribute malware. Many of these methods exploit poor cyber hygiene practices, relying on a degree of user compliance. Common malware delivery mechanisms include:
- Email Attachments. Phishing emails trick users into downloading attachments, which might be presented as a file from a colleague or an important software update. When users open these attachments, they inadvertently run the malicious code contained within.
- Compromised Websites. Redirects contained within phishing emails can send users to compromised websites, which often mimic the appearance of trusted sites. Simply visiting some sites can result in the download and execution of malware through a delivery method commonly known as a ‘drive-by download.’
- Removable Storage Media. Removable storage devices, such as USB drives, external hard drives, and SD cards, can become infected with malware when they are connected to compromised computers. Some malware scripts are specifically designed to detect newly connected devices and replicate onto them. Once the storage device is infected, it then acts as a vector for malware transmission, potentially infecting any subsequent device it connects to, often by exploiting auto-run features.
- Mobile Apps. Mobile devices are becoming increasingly vulnerable to malware infection due to the downloading of apps from unofficial or insecure sources.
- Adware (or advertising software) is a type of software that displays unwanted advertisements to the user when using an application, or during installation. While adware can be relatively harmless in many cases, it can sometimes direct users to malicious sites or conduct profiling to target users with customised ads.
Building Robust Defences Against Malware
To effectively defend against malware, organisations should establish defences that combine policies, best practices, and technical protections. Here are some tips for effectively mitigating the malware threat.
Use Anti-malware Software
Modern anti-malware solutions continuously monitor for the presence of malware across devices and networks. Once a threat signature is detected, the software can quarantine or remove the harmful code, protecting the network against further harm. Next-generation solutions – such as extended detection and response (XDR) platforms – incorporate machine learning capabilities which detect unknown malware types by spotting anomalous behaviours and network activity, offering advanced protection against emerging threats.
Firewalls
Firewalls remain an invaluable malware countermeasure. By filtering inbound and outbound network traffic according to pre-defined security policies, firewalls can shield users from potentially harmful online content. They can also be configured to block cross-network malware transmission, preventing threat escalation in the event that a device becomes infected.
Proactive Maintenance
Some malware is created to exploit security vulnerabilities in popular software. Proactive maintenance, including the prompt installation of security updates, is the key to closing off these security loopholes.
Staff Training
Security training should educate staff on common malware delivery methods. Priority should be given to phishing awareness, to ensure staff don’t inadvertently release a malware payload through infected email attachments and malicious links. The importance of safe browsing practices should also be emphasised, such as checking for secure connections, avoiding public Wi-Fi networks, keeping browser software updated, and removing unnecessary browser extensions.
Download Software from Trusted Sources
Always source applications from the software manufacturer or trusted vendors. Create a list of approved applications for use within your business, and prohibit the download of any apps (including browser extensions) that you haven’t sanctioned. Download restrictions can be applied through a range of tools, including web filters, firewalls, enterprise-level antivirus suites, and mobile device management solutions.
In Summary
Malware can be devastating, with attacks often resulting in severe operational disruption, data loss, reputational damage, and crippling financial losses. With the malware threat growing in scale and sophistication, partnering with a security-focused IT provider can make all the difference. They can ensure you have the right mix of procedural and technical defences to combat malware wherever it arises in your digital environment…
Virtual IT – Strategic Cyber Security that Prioritises Your Most Critical Digital Assets
The essentials cyber security suite from Virtual IT is the ultimate digital defence toolkit, offering everything your business needs for effective and complete protection against online threats and data loss risks. In addition to robust threat mitigations that operate environment-wide, our multi-layered approach applies additional safeguards around your critical systems and sensitive data assets. Overlapping defences seal vulnerabilities against attack, reinforcing your operationally critical infrastructure, and safeguarding information against malicious exfiltration and unsanctioned access.
We help organisations across London, Essex, Bedfordshire, Sussex, and the wider Southeast region develop and maintain a robust security posture, supporting their success through improved cyber resilience.
Contact us today, to discover how Virtual IT can be your trusted cyber defence partner.
