malware


Malware – a term for malicious software – is a designation for any type of software designed to steal data and/or damage computers and systems. These types of software include Trojans, viruses, worms, spyware, adware, and ransomware.

Even though there are a lot of different types of malware they all have essentially the same purpose. They are designed to provide hackers intelligence on users, disrupt and extort machines and networks, destroy or vandalize infrastructure, steal resources, or provide hackers monetary gain.

It’s important to note that malware is not a virus. Viruses are a type of malware. Malware is software specifically designed to harm computer systems and users. Viruses spread between computers to inflict damage and disrupt operations.

Let’s briefly explore the origins of malware.

Brief history of malware

Detailing every milestone in the history of malware is out of the scope of this article, so we’re going to touch on some highlights.

The idea of malware dates all the way back to the mid 1960s with John von Neumann’s Theory of Self-Reproducing Automata. It poses the theoretical concept of computer viruses during the infancy of modern computer technology.

A lot of early malware was created as pranks and experiments that spiraled out of control. Over the course of the 70s and 80s worms and viruses like Creeper, Elk Cloner, Brain, and Morris spread. Most initial types of malware were created to infect Apple computers, but creators diversified them as MS-DOS and IBM computers gained more and more market share.

These initial malware programs were a good indication of the widespread damage this type of computer application is capable of.

Throughout the 90s and into the new millennium malware became more sophisticated. More difficult to contain and more difficult to prevent. Then in the early 2010s the first instances of ransomware appeared.

Types of malware

Malware is one of the most diverse types of cyberthreats. Let’s examine some of the most common.

Viruses

Viruses attach to legitimate programs and replicate when those programs are executed. They infect files, applications, even the hard drive’s boot sector. They spread rapidly through file-sharing networks, email attachments, or infected peripheral drives.

Worms

Worms are standalone malicious programs that replicate themselves and spread across networks and don’t require a host program to distribute. They exploit vulnerabilities in network devices to cause widespread.

Trojans

Trojans disguise themselves as legitimate software to trick users into downloading and executing them. Once installed, they perform all kinds of malicious actions, like stealing sensitive information, opening remote access to attackers, or installing additional malware onto the infected system.

Ransomware

Ransomware encrypts files or locks systems. This renders them inaccessible to users until a ransom is paid to the attacker. They spread through phishing emails, malicious attachments, or exploit kits and are a lucrative tool for cybercriminals seeking financial gain or other types of digital extortion.

Rootkits

Rootkits are a malware variant that conceals their presence on infected systems. This makes them difficult to detect and remove. They often exploit vulnerabilities in operating systems or device firmware to gain privileged access and maintain persistence, enabling attackers to control infected devices remotely.

Backdoors

Backdoor malware circumvents standard authentication procedures to gain access to a system. When successful, remote access grants attackers application resources. It commonly comes through phishing emails, but can be introduced to a system in different ways.

Spyware

This monitors web use, displays unsolicited advertisements, and redirects affiliate marketing revenue. Spyware doesn’t spread like typical viruses; it usually comes from exploits. Sometimes it’s packaged with software the user installs.

The Sony BMG rootkit was a famous type of spyware designed to prevent illegal piracy. But it also tracked user listening habits and opened up additional security vulnerabilities.

Adware

Adware displays unwanted advertisements to users, like pop-up windows, banners, or browser redirects. It can degrade system performance, compromise privacy, and create a poor user experience.

Not all adware is malicious though. Sometimes it’s just annoying!

The modern malware landscape

It’s not just hackers that use malware. Nation states use it to acquire, or steal depending on how you look at it, all kinds of information.

The malware threat landscape expands with how common smart devices are these days. Appliances, mobile devices, toys, digital assistants, Bluetooth speakers, the internet of things is all around us.

Key to protecting yourself and your organization from emerging threats as thoroughly as possible is to stay informed. Identify and understand what needs to be protected, and create a holistic cybersecurity strategy that addresses specific needs.

A large amount of cyberattacks originate from employee actions. This doesn’t necessarily mean insider threat. Something as simple as not reading an email thoroughly or downloading a file haphazardly to not staying up to date with patching.

Providing security training to employees so they understand the significant role they play can prevent disaster down the line.

The thing to remember is that just like other cyberattack types, the battlefield of malware and the way attackers use it is always changing. Just like it adapts and innovates, so should the defenses against it.

How does malware spread?

There are various delivery methods bad actors use to spread malware.

Phishing

The most common type of social engineering, phishing tricks people into revealing personal or confidential information, clicking a link, or into downloading tainted attachments that contain malware.

Phishing emails and malicious attachments have never been more prominent, so users need to be vigilant about every email they receive.

Credential compromise

Hackers compromise credentials in any number of ways. From purchasing them on the dark web, to a user unaware a keylogger is installed on their computer to an automated brute force attack. Once a hacker has the credentials they might install malware right away, or “live off the land” and escalate privileges, move laterally across the network, and prep the environment so when they decide to strike the damage is maximized.

The best ways to defend against are multi-factor authentication, strong password hygiene, and for organizations to use the principle of least privilege.

Exploit kits

Exploit kits take advantage of known security vulnerabilities and deploy malware to take advantage of that particular flaw. They’re often found on compromised websites. When a user visits, the exploit kit scans for vulnerabilities on their system and through automation attempts to deliver malware to it.

Drive-by download

“Drive-by download” is when malware installs on a user’s device without their knowledge. They usually come from spoofed websites that contain malicious code. The user doesn’t have to take any action other than visiting the site for the infection chain to initiate.

How do you know if you have malware?

Let’s not sugar coat it, malware has gotten a lot better over the years. It’s not always so obvious if your machine or network is infected with it.

Here are some of the most common warning signs something might be wrong.

How to protect from malware

Like many cyberattack types, the best way to protect from malware is to use antivirus software (and keep it up to date!), secure network infrastructure, strong passwords, multi-factor authentication, and have good cybersecurity awareness.

Initiate regular scans, keep systems and applications updated. Don’t click on popups, unknown links or email attachments, and avoid risky websites. Perform an assessment of the assets you need to protect so you know how to best protect them.

The future of malware

With the proliferation of artificial intelligence, threat actors aren’t wasting any time designing ways to incorporate the technology into malware. New strains and variations, the overall number of attacks, deepfake video, voice generated by AI, and mobile devices and IoT continuously connected to 5G or the internet are attack vectors that will see cyberattacks increase.

The good news is AI-backed detection is coming into its own and should help prevent cyber incidents earlier.

Mobile devices are another area of concern. Mixing personal and corporate data combined with loose or nonexistent security policies appeals to cyber criminals. Specific types of malware that target mobile devices is on the rise. That paired with the likelihood of less strict security measures employed and users that access unsecured networks like public wi-fi increases vulnerability and the likelihood of getting malware.

The cybersecurity skills shortage only exacerbates this. With demand growing twice as fast as the supply of people with professional and technical cybersecurity skills and how fast technology advances there are millions of job vacancies. And that number is only forecasted to grow.

Detection tools and the right team to monitor and investigate flags is one of the best investments organizations can take to protect themselves. Early detection and efficient response will always be the most important factors.

Conclusion

Malware is a broad term that describes different types of malicious software programs. The concept dates back to the 60s, and the evolution over the decades since has seen steady progression.

It’s not going away. In fact, with advancements in AI it will only get more widespread and more effective. But with the proper awareness and efforts to defend against it, malware is just another threat in the cybersecurity wild.