In 1971, the first worm proof of concept was created, called ‘The Creeper’. This worm was able to spread via network protocol, infecting remote computers to display the message “I’m the creeper, catch me if you can”. However, ‘The Creeper’ was not technically malware as it was not created with malicious intent.
Fast forward 51 years and there are over 1 billion malware programs infecting endpoints and networks worldwide. This poses a huge threat for businesses of all sizes, across all industries, with many high-profile cyberattacks occurring every month.
In order to safeguard your business from these malware attacks, it is important to understand the common types of malware and how to detect them.
What is Malware?
Malware is a category of software that is intentionally designed to cause damage or disruption on an endpoint. In the past, most endpoints that were targeted by cybercriminals were servers and PCs, however, this now includes mobile phones, IoT devices, printers, cloud computers and anything connected to the internet.
Common Types of Malware
As mentioned previously, the first form of malware created was a worm. A worm is a piece of software or code that can spread automatically without human interaction. This allows worms to spread extremely quickly over local networks, jumping from user to user. Sometimes, the goal of a worm is simply to replicate itself enough times to cause a denial of service, but some worms can also modify and delete files.
Similar to worms, viruses copy themselves to cause damage to a host device. However, viruses will lie dormant in the system until they are executed or additional action is taken. Once the virus is activated it inserts code into the device to encrypt, corrupt, delete or move files, spread to other devices or cause more damage.
Ransomware has been the most talked about form of malware over the past 5 years. Ransomware encrypts a business’s data and holds them to ransom by not releasing the decryption key unless they pay up. Whilst the data is encrypted, employees and customers can’t access files, databases, IT systems or applications. This malware is designed to spread throughout a system, encrypting every file on a business’s network, often causing significant downtime.
Adware, or advertising supported software, is a form of malware that hides on a user’s device and sends them advertisements, which in turn generates revenue for the adware creator. Adware is typically included with free software downloads, but it can also be downloaded through vulnerabilities in a user’s browser. Some forms of adware also collect user data, such as browsing history and device location, to serve more targeted pop-up ads. This differs from legitimate ads as they are downloaded to a device and make advertisements appear in places they should not be.
Fileless malware is a variant of malware that uses legitimate tools built into a system or device to launch a cyberattack. Unlike the previously mentioned forms of malware, fileless malware does not need any code installed on the target endpoint to launch the attack. In order to launch a fileless malware attack, the cybercriminal still needs access to the target’s system, which can be achieved through methods such as exploit kits, memory-only malware or stolen credentials. Fileless malware is particularly dangerous as it is difficult to detect.
A trojan horse is a type of malware that disguises itself as a legitimate piece of code or software. When the target executes the malware, an attacker can perform actions such as exporting files, encrypting files, or modifying the data. Most trojan horses are disguised as executable files, such as games, tools or even software patches. Trojan horses can also be used in phishing attacks, where the attacker will imitate a trusted party and sends the file to be executed.
Spyware is a type of malware that collects user activity information without their knowledge and then sends it to the attacker. Typically, the goal of spyware is to collect personal and sensitive information, such as login credentials or payment card information. Once this information is collected it can either be used by the attacker or sold on the dark web.
A botnet is a pool or network of computers that are infected with malware that is controlled by the attacker. The cybercriminal controls the botnet of compromised devices to launch denial of service attacks or execute compute-intensive tasks, such as cryptocurrency mining. The devices are compromised by other forms of attack, such as phishing or compromised credentials.
Rootkits give cybercriminals control of a network, device, or application. Once the rootkit is installed, the attacker can remotely execute files to launch additional attacks, or change system configurations. These configuration changes make it particularly difficult to detect a rootkit as it can change security configurations to conceal itself.
How to Detect Malware as a User
As there are many different forms of malware, each has slightly different methods of detection by users or security solutions. Although some forms of malware, like ransomware, are easy to spot, others are impossible to detect as a standard user. As a user, below are some signs that your device may be infected with malware.
• Your device is significantly slower than normal or is crashing more often
• Your device is showing advertisements or pop-ups in places they aren’t normally
• Toolbars or applications are showing on your browser or operating system that you didn’t install
• Your search engine unexpectedly changes
• Your device displays ‘Out of Memory’ warnings
• There is less storage space on your device
However, businesses should not rely on employees to detect malware, as most forms of malware are difficult or impossible to detect. Rather, businesses should have a comprehensive security solution that detects malware and stops it before it is too late. Antivirus solutions can stop all forms of known malware, however, most are unable to accurately stop novel forms of malware. For this, businesses can use an endpoint detection and response (EDR) solution that detects abnormal behaviour caused by malware, which can then be blocked.
How to Protect your Business
As malware and the wider cybersecurity threat landscape becomes more complex, antivirus and EDR solutions are not enough to safeguard your business. Businesses need to have a security ecosystem that has layers of security controls, including employee awareness training. This security ecosystem needs to be managed by an expert that knows how to detect and respond to any potential cyberattacks.
If you want to find out more about malware protection, or how you can rely on our security expertise to safeguard your business, contact us today.