By all reports, it appears that 2020 was a good year for cybercriminals and a bad one for the cyber security of businesses around the world.
One report found that in 2020, malware increased by 358 percent compared to the previous year, and ransomware saw a 435 percent year-over-year increase. July 2020 was a particularly bad month for cyber security, seeing a 653 percent increase in malicious activity.
The report also noted that the increase was not just a result of an increase in the number of attacks but also in the growth in sophistication of attacks that are making detection particularly challenging.
Malware, which is short for malicious software, is any kind of program used to infect, damage, or disrupt the files of a victim’s computer. Generally, malware is code that a cybercriminal develops that either gives them access to the network of an infected computer or that intends to harm or destroy data and files in a network.
As outlined in Crowdstrike’s 2021 Global Threat Report, one reason why malware is particularly damaging and so widespread today is because cybercriminals have turned to a ‘malware-as-a-service’ mode of operations to churn out malware and sell to other hackers. Kits are becoming easier and cheaper to obtain, making the overhead of time and money for criminals to enter cybercrime lower than ever before.
How does malware enter a network?
Typically, the biggest threat of a malware attack comes inadvertently from employees. For malware to enter an organisation’s system, a person generally needs to perform an action to allow it access. Similar to other forms of cyber criminal activity, the entry points include tricking an individual into clicking on something they shouldn’t, such as an email attachment or hacked web ads, downloading an infected app, and so on.
Over time, hackers have become increasingly deceptive in the ways that they’re able to convince or trick an individual to click on their malicious software. Frequently cybercriminals use social engineering techniques to exploit human nature and trick people into falling for their tricks and deception.
What are the different types of malware?
Malware comes in various forms, each of which enters a system in a different form and performs different functions. Here are 10 of the most likely malware forms that could infiltrate a company’s computer system.
Although the media will often refer to all malware as a virus, viruses are a particular strain of malware. Although once popular, viruses today represent less than 10 percent of malware attacks.
When a virus enters its host computer, it attacks and modifies files or the pointers to those files so that when someone wants to open that file, the virus is also deployed. Among malware, viruses are the only type that infect other files, which, if the COVID-19 pandemic has taught us anything, makes it extremely difficult to eradicate from a network.
Like the Greek myth of the Trojan Horse, Trojan malware masquerades as a legitimate program to convince a user to open the gates to a computer and its network.
Trojan malware has become one of the most popular techniques for hackers to gain access to a network. This type of malware also tends to be difficult to defend against because they’re easy for cybercriminals to produce and they rely on the unpredictable actions of individuals to let the Trojan in.
A dropper is a form of Trojan that, once it’s found its way into a system, installs or ‘drops’ other pieces of malware into the compromised system and then deletes itself once its job is complete. This is why it’s often referred to as “the malware that precipitates malware.” As droppers delete themselves after they’ve fulfilled their function, they don’t actually save within the network, but the presence of droppers are usually a precursor to an attack that serves to further the ultimate goal of the attack.
The most distinctive element of worm malware is that it’s the only type that can reproduce and copy itself on its own. Worms will find the darkest recesses of a computer’s system and exploit existing vulnerabilities and backdoors. Often, worms use areas of an operating system that are invisible to users or that automatically run, which is why worms can spread quickly and thoroughly throughout a computer’s network.
Australian businesses have become a particular target for ransomware attacks. According to one cyber security survey, Australian businesses are being targeted at a 10 percent higher rate than the global average and have become the second most targeted country in the world.
Ransomware attacks happen when malware enters a system and locks or encrypts the user’s data, essentially holding the victim’s data hostage until the ransom is paid.
Cryptocurrency mining (cryptomining) is a process whereby cryptocurrency transactions are verified using complex algorithms that require the processing power of computers to execute. In exchange for completing these complex problems, miners receive a small cryptocurrency fee.
Cryptomining itself is a legitimate process, but becomes illegal when miners hack into a computer and leech off its computing power without the owner’s permission (sometimes also called cryptojacking). Cryptomining malware may not damage the hacked system, but its presence can drain a system’s resources, dramatically slow down processes, and even stop the network from working entirely.
According to the 2020 Deep Instincts Threat Report, malicious cryptomining activity saw an increase of 1061% last year, the highest increase of any form of malware attack of the year.
Spyware allows another individual to spy on the activities of its victim. Parents may install one form of spyware on their children's phones or computers to check where they are or what they’re doing online. Hackers, on the other hand, may use spyware to track a victim’s keystrokes to find out sensitive information like passwords that they can then use to infiltrate an individual’s computer.
Spyware, much like adware, has decreased in popularity in recent years, but can still pose a threat to businesses with limited cyber security protections in place.
Generally speaking, adware, and its cousin spyware, are less dangerous than other forms of malware. However, the methods they use are often similar to the more negative malware attacks, which still makes them problematic to an organisation’s system and a user’s experience.
Adware will display ads on a computer or change search results so that the creators of the adware can make money from clicks, and many forms of adware don’t ask for consent before they’re installed.
As noted earlier, instances of adware have been declining in recent years, perhaps because general cyber security practices make it easy to detect and eradicate.
Malvertising works quite differently to adware in that it uses a legitimate ad to deliver malware to anyone who clicks on it. In some cases, a cybercriminal may place an ad on a legitimate site that, when clicked, will either install malware directly on the computer or redirect the click-er to a malicious site. In other cases, hackers will compromise legitimate ad networks and replace legitimate ads with malicious ones.
The main threat of malvertising is that it can introduce other forms of malware, such as ransomware or Trojans into a computer or network.
These days, it’s less common to see any of these malware types in their purest form. Instead, most consist of varying combinations of the different forms of malware. Modern malware will often take on aspects of Trojans, worms, and even viruses, or they may take the appearance of one form of malware but attack like another.
Using a combination of attacks makes a hacker’s target more vulnerable and the impact even more devastating. This is because many off-the-shelf cyber security programs are developed for specific types of malware rather than the amalgamations of malware forms that are prevalent today.
How to protect your business against malware attacks
According to the Australian Cyber Security Centre (ACSC), there are a few ways you can protect your business against malware attacks, including:
- Frequently updating software
- Using strong passwords (read more about password best practices)
- Regularly backup files (ideally daily)
- Disable Microsoft Office macros (here’s how to do it)
- Uninstall unused programs and software
- Keep employees informed of cyber security threats and best practices
These steps are a good start, but are just a simple baseline for company-wide best practices. However, nothing protects your organisation’s network and data better than thorough cyber security protections, like CyberEdge’s full suite of enterprise-grade security solutions.
What to read next: