Malware, also known as malicious software, is a rogue piece of software that disrupts the normal functioning of a computer. The goal of malware is to gain access to sensitive information that can be used by an attacker for profit. There is always a profit motive for most cybersecurity attacks today.
In part I of this article, we will review the different types of computer malware that exists today such as ransomware, trojans, worms, fileless virus, bots, and crypto malware. We will review the definition, threat, vulnerability, how to control it, and some examples of malware in the wild.
There were nearly 500 million attempted ransomware attacks through September 2021 as reported by SonicWall. This is a 148% increase over last year. That shows how profitable ransomware is to attackers.
Types of Malware Attacks
Malware uses a variety of ways to spread itself onto a computer system such as the following:
- Email attachments – Malware can be downloaded and installed by unsuspecting users with an attachment
- Email / malicious web links – Malware can spread by a user clicking a link in email that goes to a web site where a user provides the attacker credentials to log into the system. Then, the attacker logs in and dumps the payload (malware) onto the system and installs it. Then, the malware takes over and creates havoc on a computer.
- Pictures – Malware can spread through harmless pictures
These are just some of the ways that attackers are using to dump malware onto an unsuspecting user.
In 2021, ransomware is the most popular technique by attackers to profit from. Ransomware is malicious software that encrypts files and/or hard drives until a ransom is paid to the attackers. The attackers provide a key to unlock the files and/or hard drive.
Colonial Pipeline was attacked in April of 2021 by DarkSide and disrupted the gas supply chain up and down the East Coast. Thankfully, the FBI was able to recover most of the $4.4 million ransom payment.
Brenntag was attacked in May of 2021 by the same hacker group called DarkSide who was able to exfiltrate 150 GB of data and demanded $7.5 million dollars in bitcoin. Brenntag caved and paid $4.4 million in ransom.
JBS Foods, the largest meat processor in the world, was attacked in May of 2021 by a hacker group called REvil who demanded and was paid a $11 million dollar ransom.
These are just three examples of ransomware attacks. There were many more attacks in 2021. Experts recommend that you should not pay the ransom.
A trojan is a piece of malicious software disguised as legitimate software. Trojans do not replicate during an infection.
In 2016, there was a trojan called MEMZ, made for Microsoft Windows. Examples of payloads would be to open satirical Google searches, opening random Windows apps, and can overwrite the boot sector.
A worm is a self-replicating virus that exploits vulnerabilities of an operating system and spreads automatically across the network and other computers. If not caught, the removal of a worm is not an easy process. So, make sure you have a virus scanner in place that is up to date to prevent these infections.
Some examples of worms were the ILOVEYOU virus spread through an email attachment and Code Red exploited weaknesses in Microsoft\’s web server.
Potentially unwanted programs (PUPs) – Fileless virus
PUPs are unwanted software despite users consenting to download which consists of spyware, adware, dialers, etc. They are normally downloaded as part of a download onto the system by a user.
Examples of PUPs are spyware, adware, dialers, and others.
Command and control – Bots
A bot is a \”robot network\” that has two parts to it. A client part is loaded on the attacker\’s computer and a server part is loaded onto a computer through an infection usually through a vulnerability in a Web server. It is a command-and-control network. A command from the client is sent to the control part on the server and performs the actions of the attacker. The attacker has control over the computer and does lots of damage to the machine through remote control.
Examples of botnets include Conficker, Zeus, waledac, and others. Let\’s explore the botnet called Zeus. Zeus, zbot, is a trojan horse that runs on Microsoft Windows. It is used to steal banking information using a man-in-the-middle keystroke logging and form grabbing. It was used to install the ransomware called Cryptolocker.
Crypto malware is malware that enables an attacker to out crypto hijacking activity such as ransomware to encrypt a system and request a ransom for payment.
An example of crypto malware is ransomware.
How to protect systems from malware attacks
There are two major ways to protect systems from malware is through the use of a virus scanner and a malware scanner. This assumes that an organization has a defense-in-depth mentality for its cybersecurity defense. A virus scanner is a piece of software that runs on a computer and continually scans and monitors changes to files and internet activity. It is always on the lookout for viruses and malware. A system administrator must keep systems up to date on their virus protection. A malware scanner acts as a second layer of defense against malware on a computer. It also scans and monitors for malware activity on a computer.
Also, organizations need to have a detailed disaster recovery plan and a good backup strategy so if you are attacked with ransomware you have a procedure in place for recovery so you do not have to pay the ransom to the attackers.
In part I, we explored the types of computer malware, that exist today and a few examples. We reviewed the types of malware attacks and how to protect your systems from malware.
Please leave comments and/or questions below so I can provide any answers you might have.