What is a Malware Attack?
Many of us live in safe neighborhoods with relatively little crime. However, we can all agree that it’s still a good idea to lock your doors when you leave home and to take some basic steps to stay safe! It may be slightly hyperbolic to call the internet a rough neighborhood – but it is almost certainly a riskier place than where most of us call home and cybercriminals abound.
Malware is the home intrusion of the digital world and is a very real threat that can result in stolen personal data, identity theft, and corrupted files. Today, we’ll look at common types of malware and offer some advice on how to avoid falling victim to malware attacks.
Types of Malware Attacks
At its core, a malware attack is a digital invasion, where harmful software infiltrates your computer system, intending to cause damage, pilfer information, or simply create chaos.
With limited exceptions, such as malware deployed by state actors for political or military purposes, malware is spread by criminal organizations for financial gain.
While all malware represents a risk, hackers have many different types of cyber attacks at their disposal. Some are primarily a nuisance – changing your search engine or spamming you with annoying ads, while others give attackers remote access to your computer allowing them to steal your private information.
Viruses & Worms
Computer virus is a broad term that describes self-replicating malware. Like their biological counterparts, computer viruses exist within an ostensibly legitimate host file. Worms, like viruses, spread themselves – but do not need a host program in which to operate. They may spread by taking advantage of network or operating security vulnerabilities.
Viruses can perform a wide range of nefarious activities, from turning your computer into a botnet zombie to harvesting cryptocurrency. We’ve written an entire article examining botnets – but in short they turn your computer into a ‘bot’ which can be used to launch DDOS attacks or turn your PC into a tool to send phishing emails.
Trojan Horse Attacks
Named after the infamous wooden horse used to infiltrate Troy, a Trojan horse attack disguises malware as legitimate software. Users are tricked into installing it on their systems, and once inside, it can wreak havoc or create backdoors for other malware to enter. Pirated software programs are a common source of trojans. We recommend that users always purchase software legitimately and avoid malicious websites which may offer pirated software or serial number generators.
Additionally, use care when opening email attachments – particularly from unknown senders but even from trusted sources. If you receive an unsolicited attachment from a friend or colleague, always use an antivirus to confirm it is safe before opening it.
Spyware & Adware
Spyware secretly monitors your online activities and collects personal information, while adware bombards your device with unwanted advertisements. Spyware, sometimes called keyloggers, gives hackers the ability to see everything you type – from passwords to credit card numbers – easily facilitating identity theft. Spyware will generally not produce any noticeable effects on your computer and you will need to rely on an antivirus to detect it.
Adware can significantly slow down your computer and make your online experience frustrating with incessant pop-ups and advertisements. Due to these obvious signs it is generally readily apparent that your computer is infected. If you are getting pop-up ads on your desktop or your browser keeps changing its homepage to a spammy looking website or search engine, this is a clear sign that something is wrong.
Ransomware is a type of malicious software that locks away your computer’s files and demands a ransom, generally in bitcoin, to release them. This cyber hostage situation often leads to considerable data loss and monetary costs. If your computer presents you with a ransom note, immediately reach out to a cybersecurity specialist for remediation. Do not send your bank account information, or send payment – in many cases the attackers will simply take your money and not decrypt your data. One study found that only 8% of ransomware victims fully recovered their data after paying the ransom!
By making regular backups a part of your routine you can avoid much of the pain and heartache associated with digital extortion. When you have a backup, instead of attempting to deal with the malicious actors you can simply wipe your infected device clean and reinstall your backup.
A rootkit is a form of malware that provides root-level, or administrative access to a computer or computer network. Rootkits, like most other malware, are typically installed when a user opens an infected file or attachment. Once installed, a rootkit provides a backdoor to the system, granting the attacker full system control. One of the key characteristics of a rootkit is its ability to cloak itself and remain hidden within the system. It can hide files, other malware, and itself, often by intercepting data from the operating system, like a list of currently running processes or system files, and removing any information that could indicate its presence.
Additionally, rootkits can include functionality to further compromise your system, such as keyloggers to record keystrokes, packet sniffers to analyze Wi-Fi network traffic, or tools to create additional user accounts.
Finally, rootkits can be installed on a much deeper level of your computer – residing in the boot sector of your motherboard. These versions of rootkits, known as bootkits, were once thought to be quite rare but increasingly security researchers are worried they might just be going unnoticed. Because the virus resides outside of your harddrive – it is incredibly hard to remove: even wiping your computer, reinstalling your operating system, or replacing your harddrive will not remove the infection.
A rootkit’s stealth features make it particularly dangerous and hard to detect. Specialized tools and techniques are often needed to identify and remove them from an infected system.
Fileless attacks behave much differently than traditional malware. Unlike regular malware, which leaves traces of itself on a computer’s hard drive, fileless malware is designed to leave as little evidence as possible, making it very challenging to detect. The way it does this is by running malicious code directly within a computer’s memory. Just as our short-term memory allows us to store and recall information temporarily, a computer’s memory holds data for immediate or short-term use. By running within this space, fileless malware avoids creating the telltale files on the hard drive that regular malware would.
Fileless malware often enters its victim’s system through malicious email attachments or a compromised website, and once inside, it gets to work, performing malicious activities like stealing data or damaging system files, all while leaving little to no trace of its presence.
All of these characteristics make fileless malware a significant threat. It’s harder for traditional antivirus programs to spot, and its activities can often go unnoticed until it’s too late.
Mobile malware is malicious software specifically designed to target mobile devices like smartphones and tablets. Similar to its counterparts which infect desktop computers, there is a wide variety of mobile malware variants. Android devices have a reputation for being at a greater risk than iOS devices – but security researchers suggest that this is a dangerous misconception. All mobile devices are at risk of infection and it is important for users to guard against such attacks. Mobile malware includes spyware that silently monitors your activities, ransomware that locks your device until a ransom is paid, and even SMS malware that can rack up charges by sending premium-rate text messages.
A common method of spreading mobile malware is through malicious apps. These can often be disguised as popular games or useful tools and are usually found on third-party app stores, though even official app stores are not entirely immune. Once downloaded and installed, these apps can steal data, send fraudulent messages, or even take control of your device.
Spotting a Malware Attack
In many cases, recognizing a malware attack is as simple as noticing unusual system behavior. Slow performance, incessant pop-ups, or unexpected reboots are warning signs that indicate you may have a malware problem. If you suspect something is amiss, run a full-system scan with your antivirus software.
It’s a good idea to run weekly antivirus scans even if your computer is running well. This can help you detect stealthy and eliminate stealthy malware infections.
Preventing Malware Attacks
Defending against malware isn’t challenging – but does require multiple layers of protection. We recommend maintaining your digital hygiene, regular antivirus scans, and using a firewall.
Digital hygiene is the first, and perhaps most important, step for safeguarding your computer. You can think of digital hygiene as the online equivalent of washing your hands, and the practice includes keeping your operating system, firmware, web browser, and applications up-to-date, using caution when opening email attachments and links, and regularly backing up your sensitive data.
Note: Like phishing attacks, many malware attacks rely on social engineering – convincing users to download and deploy the payload themselves. A little bit of vigilance goes a long way to prevent yourself from falling victim to cybercrime.
One common attack vector is macro-enabled Microsoft Word and Excel files. By default, Microsoft asks users whether or not they would like to enable macros – we recommend against enabling macros unless you are 100% certain that the file is safe and requires macros to function.
In addition to taking steps to avoid infection – digital hygiene also includes using robust, unique passwords and multi-factor authentication. Don’t reuse passwords as attackers will be able to compromise multiple of your accounts if they gain access to a single password. While digital hygiene will keep most threats at bay – it is still a good idea to regularly perform full-system scans with an antivirus program. This will help protect your system by detecting and removing any malicious software that might have slipped in. Any time you download a file or attachment, it is good practice to scan it with your antivirus before opening it.
Finally, using a firewall helps to control the traffic that enters and exits your system. This can both prevent infection by limiting your computer’s exposure to outside threats – but can also prevent malware from successfully phoning home in the event of its introduction to your system.
Know Your Enemy
Just like in most areas of life – knowing the risks we face helps us to prepare for them. Malware takes many different forms – but generally can be avoided with just a little bit of effort. Protecting your sensitive information and staying safe online can be accomplished by following internet best practices in addition to using malware protection.
Don’t download attachments or click on links from strangers, and remember that it pays to be vigilant even with emails from known senders. Keep your computer and software updated to patch any vulnerabilities that attackers may seek to exploit. Finally, use security solutions like antivirus programs and firewalls to harden your system against attack.