Malware is one of the greatest security threats enterprises face. Malware attacks increased 358% in 2020 over 2019, and ransomware attacks increased 435% year over year, according to Deep Instinct. 2021 is setting up to be more of the same. The first half of the year saw 93% more ransomware attacks than the same period in 2020, according to Check Point’s midyear security report.
Security departments must actively monitor networks to catch and contain malware before it can cause extensive damage. With malware, however, prevention is key. But, to prevent an attack, it is critical to first understand what malware is, along with the 10 most common types of malware.
Malware, short for malicious software, is used by threat actors to intentionally harm and infect devices and networks. The umbrella term encompasses many subcategories, including the following:
Malware infiltrates systems physically, via email or over the internet. Phishing, which involves email that appears legitimate but contains malicious links or attachments, is one of the most common malware attack vectors. Malware can also get onto devices and networks via infected USB drives, unpatched or fraudulent software and applications, insider threats, and vulnerable or misconfigured devices and software.
This article is part of
Download this entire guide for FREE now!
Malware can go undetected for extended periods of time. Many users are only aware of a malware attack if they receive an antimalware alert, see pop-up ads, are redirected to malicious websites, or experience slow computer speeds or frequent crashes.
Malware exploits devices to benefit threat actors. Attackers use malware to steal data and credentials, spy on users, hold devices hostage, damage files and more.
A computer virus infects devices and replicates itself across systems. Viruses require human intervention to propagate. Once users download the malicious code onto their devices — often delivered via malicious advertisements or phishing emails — the virus spreads throughout their systems. Viruses can modify computer functions and applications; copy, delete and steal data; encrypt data to perform ransomware attacks; and carry out DDoS attacks.
The Zeus virus, first detected in 2006, is still used by threat actors today. Attackers use it to create botnets and as a banking Trojan to steal victims’ financial data. The Zeus creators released the malware’s source code in 2011, enabling new threat actors to create updated, more threatening versions of the original virus.
A computer worm self-replicates and infects other computers without human intervention. This malware inserts itself in devices via security vulnerabilities or malicious links or files. Once inside, worms look for networked devices to attack. Worms often go unnoticed by users, usually disguised as legitimate work files.
WannaCry, also a form of ransomware, is one of the most well-known worm attacks. The malware took advantage of the EternalBlue vulnerability in outdated versions of Windows’ Server Message Block protocol. In its first year, the worm spread to 150 countries. The next year, it infected nearly 5 million devices.
Ransomware encrypts files or devices and forces victims to pay a ransom in exchange for reentry. While ransomware and malware are often used synonymously, ransomware is a specific form of malware.
There are four main types of ransomware:
Well-known ransomware variants include REvil, WannaCry and DarkSide, the strain used in the Colonial Pipeline attack.
Data backups were long the go-to defense against ransomware — with a proper backup, victims could restore their files from a known-good version. With the rise of extortionware, however, organizations must follow other measures to protect their assets from ransomware, such as deploying advanced protection technologies and using antimalware with anti-ransomware features.
A bot is a self-replicating malware that spreads itself to other devices, creating a network of bots, or a botnet. Once infected, devices perform automated tasks commanded by the attacker. Botnets are often used in DDoS attacks. They can also conduct keylogging and send phishing emails.
Mirai is a classic example of a botnet. This malware, which launched a massive DDoS attack in 2016, continues to target IoT and other devices today. Research also shows botnets flourished during the COVID-19 pandemic. Infected consumer devices — common targets of Mirai and other botnets — used by employees for work or on the networks of employees working on company-owned devices from home enable the malware to spread to corporate systems.
A Trojan horse is malicious software that appears legitimate to users. Trojans rely on social engineering techniques to invade devices. Once inside a device, the Trojan’s payload — or malicious code — is installed, which is responsible for facilitating the exploit. Trojans give attackers backdoor access to a device, perform keylogging, install viruses or worms, and steal data.
Remote access Trojans (RATs) enable attackers to take control of an infected device. Once inside, attackers can use the infected device to infect other devices with the RAT and create a botnet.
The Emotet banking Trojan was first discovered in 2014. Despite a global takedown at the beginning of 2021, Emotet has been rebuilt and continues to help threat actors steal victims’ financial information.
A keylogger is a surveillance malware that monitors keystroke patterns. Threat actors use keyloggers to obtain victims’ usernames and passwords and other sensitive data.
Keyloggers can be hardware or software. Hardware keyloggers are manually installed into keyboards. After a victim uses the keyboard, the attacker must physically retrieve the device. Software keyloggers, on the other hand, do not require physical access. They are often downloaded by the victim via malicious links or downloads. Software keyloggers record keystrokes and upload the data to the attacker.
The Agent Tesla keylogger first emerged in 2014. The spyware RAT still plagues users, with its latest versions not only logging keystrokes, but also taking screenshots of victims’ devices.
Password managers are particularly helpful in preventing keylogger attacks because users don’t need to physically fill in their usernames and passwords, thus preventing them from being recorded by the keylogger.
A rootkit is malicious software that enables threat actors to remotely access and control a device. Rootkits facilitate the spread of other types of malware, including ransomware, viruses and keyloggers.
Rootkits often go undetected because, once inside a device, they can deactivate endpoint antimalware and antivirus software. Rootkits typically enter devices and systems through phishing emails and malicious attachments.
To detect rootkit attacks, cybersecurity teams should analyze network behavior. Set alerts, for example, if a user who routinely logs on at the same time and in the same location every day suddenly logs on at a different time or location.
The first rootkit, NTRootkit, appeared in 1999. Hacker Defender, one of the most deployed rootkits of the 2000s, was released in 2003.
Spyware is malware that downloads onto a device without the user’s permission. It steals users’ data to sell to advertisers and external users. Spyware can track credentials and obtain bank details and other sensitive data. It infects devices through malicious apps, links, websites and email attachments. Mobile device spyware, which can be spread via Short Message Service and Multimedia Messaging Service, is particularly damaging because it tracks a user’s location and has access to the device’s camera and microphone. Adware, keyloggers, Trojans and mobile spyware are all forms of spyware.
Pegasus is a mobile spyware that targets iOS and Android devices. It was first discovered in 2016, at which time it was linked to Israeli technology vendor NSO Group. Apple filed a lawsuit against the vendor in November 2021 for attacking Apple customers and products. Pegasus was also linked to the assassination of Saudi journalist Jamal Khashoggi in 2018.
Mining — the process of verifying transactions within a blockchain — is highly profitable but requires immense processing power. Miners are rewarded for each transaction they validate. Cryptojacking, the action behind cryptomining malware, enables threat actors to use an infected device’s resources to conduct verification.
Cisco found 69% of its customers were affected by cryptomining malware in 2020, accounting for the largest category of DNS traffic to malicious sites that year.
XMRig was the most prevalent cryptomining malware in 2020, followed by JSEcoin, Lucifer, WannaMine and RubyMiner.
Adware is software that displays or downloads unwanted advertisements, typically in the form of banners or pop-ups. It collects web browser history and cookies to target users with specific advertisements.
Not all adware is malicious. Software developers use legitimate adware — with users’ consent — to offset developer costs. Malicious adware can, however, displays ads that may lead to infection when clicked.
Threat actors use vulnerabilities to infect OSes and place malicious adware within preexisting applications. Users might also download applications already corrupted with adware. Alternately, adware can be included in a software bundle when downloading a legitimate application or come pre-installed on a device, also known as bloatware.
Fireball, Gator, DollarRevenue and OpenSUpdater are examples of adware.
Strong cybersecurity hygiene is the best defense against common types of malware attacks. The premise of cyber hygiene is similar to personal hygiene: If an organization maintains a high level of health (security), it avoids getting sick (attacked).
Good cyber hygiene practices that prevent malware attacks include the following:
The 7 elements of an enterprise cybersecurity culture
Use these 6 user authentication types to secure networks
Security awareness training quiz: Insider threat prevention
Steps in DNS server troubleshooting include checking the DNS status, looking at zone configurations and evaluating logs. Follow …
‘Emerging Green Technologies’ details how technology is a flexible tool organizations can use to make business operations more …
In this Q&A, ‘Emerging Green Technologies’ author Matthew N. O. Sadiku discusses the importance of going green and how to make …
The Inflation Reduction Act increases incentives for clean energy, but there is concern that it doesn’t address existing …
The ADPPA passed the U.S. House Committee on Energy and Commerce in July, making it farther than other recently introduced data …
The end of Amazon Care and acquisition of One Medical means Amazon is turning from employee health to direct to consumer.
Businesses have delayed and reduced their desktop and laptop orders from HP and Dell, executives reported. The PC market has …
The shift to Chromium has improved several aspects of Microsoft’s Edge browser — from privacy settings to reliability.
Whether organizations automate their log monitoring within Windows desktops or inspect them manually, logs can offer IT …
VMware plans to change products, strategic direction and marketing to keep up with customers rushing to deploy multi-cloud …
IBM and VMware expanded their long-held partnership with a deal to provide hybrid cloud services and consulting to IT pros in …
Updates to VMware’s flagship vSphere and vSAN software keep pace with enterprise interest in hybrid cloud infrastructure for …
We look at cloud bursting, which allows organisations to meet demand by bursting compute and storage to the cloud
Creator of app and debit card designed to support people living with dementia tells Computer Weekly how the idea developed
Swedish comms tech provider makes further inroads into more sustainable networks with the introduction of a new triple-band, …
All Rights Reserved, Copyright 2000 – 2022, TechTarget
Biden to create cybersecurity standards for nation’s ports as concerns grow over vulnerabilities
WASHINGTON (AP) — President Joe Biden on Wednesday signed an executive order and created a federal rule aimed at better securing the nation’s ports from potential cyberattacks.
The administration is outlining a set of cybersecurity regulations that port operators must comply with across the country, not unlike standardized safety regulations that seek to prevent injury or damage to people and infrastructure.
“We want to ensure there are similar requirements for cyber, when a cyberattack can cause just as much if not more damage than a storm or another physical threat,” said Anne Neuberger, deputy national security adviser at the White House.
Nationwide, ports employ roughly 31 million people and contribute $5.4 trillion to the economy, and could be left vulnerable to a ransomware or other brand of cyberattack, Neuberger said. The standardized set of requirements is designed to help protect against that.
The new requirements are part of the federal government’s focus on modernizing how critical infrastructure like power grids, ports and pipelines are protected as they are increasingly managed and controlled online, often remotely. There is no set of nationwide standards that govern how operators should protect against potential attacks online.
The threat continues to grow. Hostile activity in cyberspace — from spying to the planting of malware to infect and disrupt a country’s infrastructure — has become a hallmark of modern geopolitical rivalry.
For example, in 2021, the operator of the nation’s largest fuel pipeline had to temporarily halt operations after it fell victim to a ransomware attack in which hackers hold a victim’s data or device hostage in exchange for money. The company, Colonial Pipeline, paid $4.4 million to a Russia-based hacker group, though Justice Department officials later recovered much of the money.
Ports, too, are vulnerable. In Australia last year, a cyber incident forced one of the country’s largest port operators to suspend operations for three days.
In the U.S., roughly 80% of the giant cranes used to lift and haul cargo off ships onto U.S. docks come from China, and are controlled remotely, said Admiral John Vann, commander of the U.S. Coast Guard’s cyber command. That leaves them vulnerable to attack, he said.
Late last month, U.S. officials said they had disrupted a state-backed Chinese effort to plant malware that could be used to damage civilian infrastructure. Vann said this type of potential attack was a concern as officials pushed for new standards, but they are also worried about the possibility for criminal activity.
The new standards, which will be subject to a public comment period, will be required for any port operator and there will be enforcement actions for failing to comply with the standards, though the officials did not outline them. They require port operators to notify authorities when they have been victimized by a cyberattack. The actions also give the Coast Guard, which regulates the nation’s ports, the ability to respond to cyberattacks.
Why Was Sam Altman Fired? Possible Ties to China D2 (Double Dragon) Data from Hackers
Theories are going around the internet why Sam Altman was fired. On an insider tech forum (Blind) – one person claims to know by third-hand account and how this news will trickle into the media over the next couple of weeks.
It’s said OpenAI had been using data from D2 to train its AI models, which includes GPT-4. This data was obtained through a hidden business contract with a D2 shell company called Whitefly, which was based in Singapore. This D2 group has the largest and biggest crawling/indexing/scanning capacity in the world 10x more than Alphabet Inc (Google), hence the deal so Open AI could get their hands on vast quantities of data for training after exhausting their other options.
The Chinese government became aware of this arrangement and raised concerns with the Biden administration. As a result, the NSA launched an investigation, which confirmed that OpenAI had been using data from D2. Satya Nadella, the CEO of Microsoft, which is a major investor in OpenAI, was informed of the findings and ordered Altman’s removal.
There was also suggestion that Altman refused to disclose this information to the OpenAI board. This lack of candor ultimately led to his dismissal and is what the board publicly alluded to when they said “not consistently candid in his communications with the board.”
To summarize what happened with Sam Altman’s firing:
1. Sam Altman was removed from OpenAI due to his ties to a Chinese cyber army group.
2.OpenAI had been using data from D2 to train its AI models.
3. The Chinese government raised concerns about this arrangement with the Biden administration.
4. The NSA launched an investigation, which confirmed OpenAI’s use of D2 data.
5. Satya Nadella ordered Altman’s removal after being informed of the findings.
6. Altman refused to disclose this information to the OpenAI board.
We’ll see in the next couple of weeks if this story holds up or not.
AMAZON says cloud operating normally after outage left publishers unable to operate websites…
SEATTLE (AP) — Amazon’s cloud computing unit Amazon Web Services experienced an outage on Tuesday, affecting publishers that suddenly found themselves unable to operate their sites.
The company said on its website that the root cause of the issue was tied to a service called AWS Lambda, which lets customers run code for different types of applications.
Roughly two hours after customers began experiencing errors, the company posted on its AWS status page that many of the affected AWS services were “fully recovered” and it was continuing to recover the rest. Soon after 6:30 pm E.T., the company announced all AWS services were operating normally.
Amazon said it had experienced multiple error rates for AWS services in the Northern Virginia region where it clusters data centers. The company said customers may be dealing with authentication or sign-in errors when using some AWS services, and experiencing challenges when attempting to connect with AWS Support. The issue with Lambda also indirectly affected other AWS services.
Patrick Neighorn, a company spokesperson, declined to provide additional details about the outage.
AWS is the market leader in the cloud arena, and its customers include some of the world’s biggest businesses and organizations, such as Netflix, Coca-Cola and government agencies.
Tuesday’s outage was first confirmed shortly after 3 p.m. ET. and it was unclear how widespread the problem extended. But many companies, including news organizations such as The Verge and Penn Live, said they were experiencing issues. The Associated Press was also hampered by the outage, unable to operate their sites amid breaking news that former President Donald Trump was appearing in court in Miami.
Morgan Durrant, a spokesperson for Delta Air Lines, said the company experienced “some slowing of inbound calls for some minutes” on Tuesday afternoon. But he said the outage did not impact bookings, flights or other airport operations.
The episode on Tuesday is reminiscent of a much longer AWS outage in December 2021, which affected a host of U.S. companies for more than five hours.
The outage comes as Amazon is holding a two-day security conference in Anaheim, California to tout its cloud offerings to its clients or other companies that might be interested in storing their data on its vast network of servers around the world. Companies have been cutting back their spending on the unit, causing growth to slow during the most recent quarter.