Understanding Malware
At first glance, ‘malware’ looks like a word to describe the kind of casual clothing someone might wear to go shopping in, however this could not be further from the truth. Malware – short for ‘malicious software’ – has nothing to do with retail therapy.
According to the Microsoft definition, it is “a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network.”Hostile and intrusive in nature, malware attempts to invade, damage, or disable its intended target by taking partial control over its operations.
Cybercriminals typically use malware to compromise data they can leverage for financial gain. This includes:
- Conning targets into providing personal data for identity theft
- Stealing victims credit card data or other personal information
- Taking control of multiple computers to launch distributed denial-of-service (DDoS) attacks against other networks
- Infecting computers and using them to mine bitcoin or other cryptocurrencies
Types of malware
Cybercrime must evolve to be effective, therefore Cybercriminals are constantly developing innovative attacks to fit new trends while tweaking existing ones to avoid detection. Unfortunately, this means there is a lot of malware to contend with. Before you can begin protecting your business’s data and devices, you must first understand the different types of malware out there:
- Viruses: a computer virus is typically delivered as an attachment in a phishing email that either contains a virus payload, or the part of the malware that performs the malicious action. Once the victim opens the file, the virus is executed and the device becomes infected
- Worms: the distinctive trait of computer worms is that they are self-replicating, copying themselves from device to device. Crucially, they don’t require any user interaction to spread and function; instead, they exploit other files and programmes to do the dirty work for them. For example, the notorious ‘Iloveyou’ worm wreaked havoc around the world, hitting millions of email users, overloading phone systems with fraudulent texts and even bringing down television networks
- Trojans: worms have been replaced by trojans as the hacker’s weapon of choice. They masquerade as legitimate applications, tricking victims into downloading and using them without realising they contain malicious instructions. Once executed, they can compromise personal data, crash devices, spy on the user’s activities or even launch DDoS attacks. For example, the ‘Zeus’ trojan was first distributed in 2007 through malicious files hidden in emails and fake websites. Having propagated quickly, it compromised victims’ – including Amazon, Bank of America and Cisco customers – email and bank accounts by copying their keystrokes
- Ransomware: this installs itself onto a victim’s machine and encrypts their files or locks their device. The perpetrator then demands a ransom – usually in Bitcoin – to unencrypt the data or unlock the device. Ransomware programmes are typically trojans, meaning they are spread through social engineering techniques, but they hold victims to ransom over obtaining their data or device back. Recently the ‘CovidLock’ ransomware has been deployed to prey on fear and uncertainty surrounding the pandemic. This ransomware infects the victim’s Android device via malicious files promising to offer more information about the virus. Once installed, it encrypts data from the device and denies access to the victim, who must pay a ransom of USD 100 to get access back
- Spyware: these programmes capture and transmit personal information or internet browsing habits and details from the targeted device to the spyware user. While spyware is often used for legitimate purposes, Cybercriminals also use it to execute targeted attacks that log victims’ keystrokes and gain access to passwords or intellectual property
- Adware: these programmes attempt to expose the target to unwanted, potentially malicious, advertising. Adware is often installed in exchange for another service, such as the right to use a programme without paying for it
How to detect malware
The most common signs that your device, server or network has been compromised by malware are:
- Slow computer performance
- Your screen is inundated with unwanted pop-up ads
- You lose access to your files or your entire device
- Your browser settings change
- Frequent infection warnings accompanied by solicitations to buy tools to fix the problem
- An unexpected spike in your system’s internet activity
- Your antivirus product stops working
- Problems shutting down or starting your computer
How to prevent malware
The key to preventing malware is improving Cybersecurity across your business by taking proactive measures to protect devices, servers and networks, and educating your staff about how to be Cyber aware and vigilant online.
Proactive measures
- Keep your operating system and applications updated by installing updates as soon as they become available (ONLY from legitimate sources)
- Limit the number of Apps on your users’ devices
- Install antivirus software on your devices that actively scans and blocks malware threats
- Regularly run scans using the security software you have installed
Cybersecurity education
Empower your employees to combat the threat posed by malware by teaching them how to be vigilant and cautious online. This includes:
- Avoiding opening email attachments from unknown senders
- Avoiding clicking on unverified links in emails, texts, and social media messages
- Using strong passwords with multi-factor authentication, and avoid using the same password for multiple accounts
- Only visiting known and trusted sites
- Being aware of emails requesting personal information, and never hand these over unless verified
- Never clicking on a link in a pop-up ad
- Not leaving devices unlocked
- Only downloading software or updates from official app stores
How to remove malware
If you suspect or know your systems have been infected with malware, follow these steps to get it removed:
- Update your antivirus: ensure your antivirus software is updated with the latest virus definitions. This will enable the software to identify malware based on what has come before. Antivirus providers are constantly reviewing and updating these lists as /when new variations manifest themselves
- Perform a deep, thorough scan: let this run for as long as it takes to find and fix the problem. Be warned, if the malware is effective, it will deactivate your antivirus software so it can do its job
- Reboot and scan: if the infected computer is still accessible, reboot the system in safe mode, scan the computer and restore it to a previous, non-infected state
Malware trends
According to official Government figures, the nature of Cyber-attacks has changed in the UK since 2017. During this period, there has been a fall in businesses identifying breaches or attacks caused by viruses or other malware (from 33% to 16%) and ransomware (from 17% to 8%), however phishing increased from 72% to 86%. That said, ransomware still appears to be the most prevalent form of malware in use in the Cybercrime landscape: the 2019 Official Annual Cybercrime Report predicted that a business will fall victim to a ransomware attack every 11 seconds by 2021. According to TechRepublic, the top five sectors targeted by ransomware are healthcare, legal, farming and food production, education and manufacturing.
The threat landscape is changing and these harmful computer programmes that hackers use to gain access to sensitive information and wreak havoc on businesses remain a very real threat. Don’t cross your fingers and hope your business isn’t targeted, because chances are, it will at some point. Take proactive action that allows you to anticipate potential attacks and implement measures designed to prevent them. Cyber security is becoming more of a necessity than a nicety in the current climate, making it essential that your business has a robust Cyber security strategy in place to protect your people, assets and data.
