Malware

Malware describes malicious applications and code that damage or disrupt the normal use of endpoint devices. When a device becomes infected with malware, you may experience unauthorized access, compromised data, or being locked out of the device unless you pay a ransom.

People who distribute malware, known as cybercriminals, are motivated by money. They use infected devices to launch cyberattacks, such as to obtain banking credentials, collect personal information that can be sold, sell access to computing resources, or extort payment information from victims.

How does malware work?

Malware works by employing trickery to impede the normal use of a device. First a cybercriminal gains access to your device through one or more different techniques—such as a phishing email, infected file, system or software vulnerability, infected USB flash drive, or malicious website. Then they capitalize on the situation by launching additional cyberattacks, obtaining account credentials, collecting personal information to sell, selling access to computing resources, or extorting payment from victims.

Anyone can become a victim of a malware attack. Some people may know how to spot certain ways that cybercriminals try to target victims with malware, for example knowing how to identify a phishing email. But cybercriminals are sophisticated and constantly evolve their methods to keep pace with technology and security improvements. Malware attacks also look and act differently depending on the type of malware. Someone who’s a victim of a rootkit cyberattack, for example, may not even know it, because this type of malware is designed to lay low and remain unnoticed for as long as possible. Here are a few of the ways cybercriminals attempt to deliver malware to devices.

Types of malware

Malware comes in many forms—here are a few common types.

Phishing

A phishing attempt poses as a credible source to steal sensitive information through emails, websites, text messages, or other forms of electronic communication. These cyberattacks provide a delivery mechanism for malware. Common scenarios steal usernames, passwords, credit card details, and banking information. These types of malware attacks may lead to identity theft or money stolen directly from someone’s personal bank account or credit card. For example, a cybercriminal might pose as a well-known bank and send an email alerting someone that their account has been frozen because of suspicious activity, urging them to click a link in the email to address the issue. Once they clink the link, malware is installed.

Macro malware

You may already be familiar with macros—ways to quickly automate common tasks. Macro malware takes advantage of this functionality by infecting email attachments and ZIP files. To trick people into opening the files, cybercriminals often hide the malware in files disguised as invoices, receipts, and legal documents.

In the past, macro malware was more common because macros ran automatically when a document was opened. But in recent versions of Microsoft 365, macros are disabled by default, meaning that cybercriminals who infect devices in this way have to convince users to turn macros on.

Spyware

Spyware works by installing itself on a device without someone’s consent or providing adequate notice. Once installed, it can monitor online behavior, collect sensitive information, change device settings, and decrease device performance.

Adware

Like spyware, adware installs itself to a device without someone’s consent. But in the case of adware, the focus is on displaying aggressive advertising, often in popup form, to make money off clicks. These ads frequently slow a device’s performance. More dangerous types of adware can also install additional software, change browser settings, and leave a device vulnerable for other malware attacks.

Viruses

Viruses are designed to interfere with a device’s normal operation by recording, corrupting, or deleting its data. They often spread themselves to other devices by tricking people into opening malicious files.

Fileless malware

This type of cyberattack broadly describes malware that doesn’t rely on files—like an infected email attachment—to breach a network. For example, they may arrive through malicious network packets that exploit a vulnerability and then install malware that lives only in the kernel memory. Fileless cyberthreats are especially difficult to find and remove because most antivirus programs aren’t built to scan firmware.

Exploits and exploit kits

Exploits use vulnerabilities in software to bypass a computer’s security safeguards to infect a device. Malicious hackers scan for outdated systems that contain critical vulnerabilities, then exploit them by deploying malware. By including shellcode in an exploit, cybercriminals can download more malware that infects devices and infiltrates organizations.

Exploit kits contain a collection of exploits that scan for different types of software vulnerabilities. If any are detected, the kits deploy additional malware. Software that can be infected includes Adobe Flash Player, Adobe Reader, web browsers, Oracle Java, and Sun Java. Angler/Axpergle, Neutrino, and Nuclear are a few types of common exploit kits.

Exploits and exploit kits usually rely on malicious websites or email attachments to breach a network or device, but sometimes they also hide in ads on legitimate websites without the website even knowing.

Worms

Mostly found in email attachments, text messages, file-sharing programs, social networking sites, network shares, and removable drives, a worm spreads through a network by exploiting security vulnerabilities and copying itself. Depending on the type of worm, it might steal sensitive information, change your security settings, or stop you from accessing files.

Unwanted software

When a device has unwanted software, the device owner may experience a modified web browsing experience, altered control of downloads and installations, misleading messages, and unauthorized changes to device settings. Some unwanted software is bundled with software that people intend to download.

Rootkits

When a cybercriminal uses a rootkit, they hide malware on a device for as long as possible, sometimes even years, so that it steals information and resources on an ongoing basis. By intercepting and changing standard operating system processes, a rootkit may alter the information that your device reports about itself. For example, a device infected with a rootkit may not show an accurate list of programs that are running. Rootkits may also give administrative or elevated device privileges to cybercriminals, so they gain complete control of a device and can perform potentially malicious actions, such as steal data, spy on the victim, and install additional malware.

Supply chain attacks

This type of malware targets software developers and providers by accessing source codes, building processes, or updating mechanisms in legitimate apps. Once a cybercriminal has found an unsecured network protocol, unprotected server infrastructure, or unsafe coding practice, they break in, change source codes, and hide malware in build and update processes.

Ransomware

El ransomware es un tipo de malware que amenaza a la víctima destruyendo o bloqueando el acceso a datos críticos hasta que se pague un rescate. El ransomware operado por humanos se dirige a una organización a través de configuraciones erróneas comunes del sistema y de la seguridad que se infiltran en la organización, navegan por su red empresarial y se adaptan al entorno y a cualquier debilidad. Un método común para obtener acceso a la red de una organización para distribuir ransomware es mediante el robo de credenciales, en el que un ciberdelincuente podría robar las credenciales de un empleado real para hacerse pasar por él y obtener acceso a sus cuentas.

Los ciberdelincuentes que utilizan ransomware operado por humanos se dirigen a grandes organizaciones porque pueden pagar un rescate más alto que el individuo promedio, a menudo muchos millones de dólares. Debido a lo mucho que está en juego con una infracción de esta escala, muchas organizaciones optan por pagar el rescate en lugar de que se filtren sus datos confidenciales o arriesgarse a nuevos ataques cibernéticos por parte de los delincuentes, aunque el pago no garantiza la prevención de ninguno de los resultados.

A medida que crecen las ciberamenazas de ransomware operadas por humanos, los delincuentes detrás de los ciberataques se vuelven más organizados. De hecho, muchas operaciones de ransomware utilizan ahora un modelo de ransomware como servicio. Esto significa que un conjunto de desarrolladores criminales crean el ransomware y luego contratan a otros afiliados cibercriminales para invadir la red de una organización e instalar el ransomware, dividiendo las ganancias entre los dos grupos a una tarifa acordada.

Coin miners

With the rise in popularity of cryptocurrencies, mining coins has become a lucrative practice. Coin miners use a device’s computing resources to mine for cryptocurrencies. Infections of this type of malware often begin with an email attachment that attempts to install malware or a website that uses vulnerabilities in web browsers or takes advantage of computer processing power to add malware to devices.

Using complex mathematical calculations, coin miners maintain the blockchain ledger to steal computing resources that allow the miner to create new coins. Coin mining takes significant computer processing power, however, to steal relatively small amounts of cryptocurrencies. For this reason, cybercriminals often work in teams to maximize and split profits.

Not all coin miners are criminal, though—individuals and organizations sometimes purchase hardware and electronic power for legitimate coin mining. The act becomes criminal when a cybercriminal infiltrates a corporate network against its knowledge to use its computing power for mining.

Tech support scams

An industry-wide issue, tech support scams use scare tactics to trick people into paying for unnecessary technical support services that may be advertised to fix a falsified problem relating to a device, platform, or software. With this type of malware, a cybercriminal may call someone directly and pretend to be an employee of a software company. Once they’ve gained someone’s trust, cybercriminals often urge potential victims to install applications or give remote access to their devices.

Trojans

Trojans rely on a user unknowingly downloading them because they appear to be legitimate files or apps. Once downloaded, they may:

Download and install additional malware, such as viruses or worms.
Use the infected device for click fraud.
Record the keystrokes and websites that you visit.
Send information (for example, passwords, login details, and browsing history) about the infected device to a malicious hacker.
Give a cybercriminal control over the infected device.

Malware protection

Although anyone can become the victim of a malware attack, there are many ways to prevent a cyberattack from ever happening.

Install an antivirus program

The best form of protection is prevention. Organizations can block or detect many malware attacks with a trusted security solution or antimalware service, such as Microsoft Defender for Endpoint or Microsoft Defender Antivirus. When you use a program like these, your device first scans any files or links that you attempt to open to help ensure they’re safe. If a file or website is malicious, the program will alert you and suggest that you not open it. These programs can also remove malware from a device that’s already infected.

Help prevent malware attacks with Microsoft Defender for Office 365, which scans links and attachments in emails and collaboration tools, like SharePoint, OneDrive, and Microsoft Teams. As part of Microsoft Defender XDR, Defender for Office 365 offers detection and response capabilities to eliminate the malware threats.

Also a part of Defender XDR, Microsoft Defender for Endpoint uses endpoint behavioral sensors, cloud security analytics, and threat intelligence to help organizations prevent, detect, investigate, and respond to advanced cyberthreats.

Implement advanced email and endpoint protections

Hold regular trainings

Keep employees informed about how to spot the signs of phishing and other cyberattacks with regular trainings. This will not only teach them safer practices for work but also how to be safer when using their personal devices. Simulation and training tools, like the attack simulation training in Defender for Office 365, help simulate real-world cyberthreats in your environment and assign training to employees based on simulation results.

When you move your data to a cloud-based service, you’ll be able to easily back up data for safer keeping. If your data is ever compromised by malware, these services help ensure that recovery is both immediate and comprehensive.

Take advantage of cloud backups

Adopt a Zero Trust model

A Zero Trust model evaluates all devices and accounts for risk before permitting them to access applications, files, databases, and other devices, decreasing the likelihood that a malicious identity or device could access resources and install malware. As an example, implementing multifactor authentication, one component of a Zero Trust model, has been shown to reduce the effectiveness of identity cyberattacks by more than 99%. To evaluate your organization’s Zero Trust maturity stage, take the Zero Trust maturity assessment.

Connect with Us

Embark on a journey where your goals become our mission. Contact us today to discover how Tiforbi can transform your challenges into opportunities. Because when it comes to your success, we’re not just a service provider; we’re your dedicated partner in progress.