Malware is a broad name for any type of malicious software designed to cause harm or damage to a computer, server, client or computer network and/or infrastructure without end-user knowledge.
Cyber attackers create, use and sell malware for many different reasons, but it is most frequently used to steal personal, financial or business information. While their motivations vary, cyber attackers nearly always focus their tactics, techniques and procedures (TTPs) on gaining access to privileged credentials and accounts to carry out their mission.
Most malware types can be classified into one of the following categories:
- Virus: When a computer virus is executed, it can replicate itself by modifying other programs and inserting its malicious code. It is the only type of malware that can “infect” other files and is one of the most difficult types of malware to remove.
- Worm: A worm has the power to self-replicate without end-user involvement and can infect entire networks quickly by moving from one machine to another.
- Trojan: Trojan malware disguises itself as a legitimate program, making it one of the most difficult types of malware to detect. This type of malware contains malicious code and instructions that, once executed by the victim, can operate under the radar. It is often used to let other types of malware into the system.
- Hybrid malware: Modern malware is often a “hybrid” or combination of malicious software types. For example, “bots” first appear as Trojans then, once executed, act as worms. They are frequently used to target individual users as part of a larger network-wide cyber attack.
- Adware: Adware serves unwanted and aggressive advertising (e.g., pop-up ads) to the end-user.
- Malvertising: Malvertising uses legitimate ads to deliver malware to end-user machines.
- Spyware: Spyware spies on the unsuspecting end-user, collecting credentials and passwords, browsing history and more.
- Ransomware: Ransomware infects machines, encrypts files and holds the needed decryption key for ransom until the victim pays. Ransomware attacks targeting enterprises and government entities are on the rise, costing organizations millions as some pay off the attackers to restore vital systems. Cyptolocker, Petya and Loky are some of the most common and notorious families of ransomware.
Here are just a few of the many types of malware cyber attackers use to target sensitive data:
- Pony malware is the most commonly used malware for stealing passwords and credentials. It is sometimes referred to as Pony Stealer, Pony Loader or FareIT. Pony malware targets Windows machines and collects information about the system and the users connected to it. It can be used to download other malware or to steal credentials and send them to the command and control server.
- Loki, or Loki-Bot, is an information-stealing malware that targets credentials and passwords across approximately 80 programs, including all known browsers, email clients, remote control programs and file sharing programs. It has been used by cyber attackers since 2016 and continues to be a popular method for stealing credentials and accessing personal data.
- Krypton Stealer first appeared in early 2019 and is sold on foreign forums as malware-as-a-service (MaaS) for just $100 in cryptocurrency. It targets Windows machines running version 7 and above and steals credentials without the need for admin permissions. The malware also targets credit card numbers and other sensitive data stored in browsers, such as browsing history, auto-completion, download lists, cookies and search history.
- Triton malware crippled operations at a critical infrastructure facility in the Middle East in 2017 in one of the first recorded malware attacks of its kind. The malware is named after the system it targets – Triconex safety instrumented system (SIS) controllers. These systems are used to shut down operations in nuclear facilities, oil and gas plants in the event of a problem, such as equipment failure, explosions or fire. The Triton malware is designed to disable these failsafe mechanisms, which could lead to physical attacks on critical infrastructure and potential human harm.
How To Mitigate the Risk of Malware
To strengthen malware protection and detection without negatively impacting business productivity, organizations often take the following steps:
- Use anti-virus tools to protect against common and known malware.
- Utilize endpoint detection and response technology to continuously monitor and respond to malware attacks and other cyber threats on end-user machines.
- Follow application and Operating System (OS) patching best practices.
- Implement the principle of least privilege and just-in-time access to elevate account privileges for specific authorized tasks to keep users productive without providing unnecessary privileges.
- Remove local administrator rights from standard user accounts to reduce the attack surface.
- Apply application greylisting on user endpoints to prevent unknown applications, such as new ransomware instances, from accessing the Internet and gaining the read, write and modify permissions needed to encrypt files.
- Apply application whitelisting on servers to maximize the security of these assets.
- Frequently and automatically backup data from endpoints and servers to allow for effective disaster recovery.