In IT, malicious software or malware (a compound word composed of malicious and software) refers to all types of programs designed to perform harmful or undesirable actions on a system. These include computer viruses, worms, Trojans, ransomware, spyware, and many other digital pests. Typically, cybercriminals use these malicious tools to access sensitive data, extort ransom, or simply cause as much damage as possible to the affected system. For the most part, malware is now being spread via the internet. Attackers use spam emails with infected file attachments or manipulated websites to distribute malware.
Malware affects both private and professional users of all industries and company sizes – hackers are more or less successful at times, depending on the digital competence of the individuals affected. Those who keep their systems up to date and always critically check content from the net and emails have far less to fear than users unwittingly surfing the internet using outdated operating systems and browsers. Nevertheless, a malware infestation can never be completely ruled out; however, a variety of best-practice methods help keep the attack surface for malware as small as possible.
The number of different types and genres of malware is increasing by the day. In the 2019 BSI report on the state of IT security, 114 million new malware variants were discovered in the year-long investigation period alone. Of these, the Windows operating system accounts for the majority of malware. In general, a distinction is made between the following types of malware:
As the name suggests, Trojans sneak onto the victim’s system disguised as a harmless file or application and perform unwanted actions. Depending on the type of Trojan, different functions are executed, such as the targeted deletion of specific system files or even the download of more malicious code from the internet.
Ransomware, also called an encryption or a crypto Trojan, encrypts data on the affected system and only unblocks it when the correct password is entered. The latter is not given to the victims until after they have paid a ransom to the hackers. Digital currencies such as Bitcoin and Ether are the most common means of payment, making it difficult to track the cybercriminals. Ransomware is one of the most popular and dangerous kinds of malware programs of the past few years. Companies, in particular, have recently received demands to pay millions to unblock critical services. The most well-known ransomware variants include WannaCry and Petya.
A computer worm is defined as a program that autonomously propagates itself on the infected system and on the connected network and beyond, and usually performs harmful actions. Computer worms delete files, cause malfunctions and damage to software and hardware, or flood the system with irrelevant content. Typical ways in which computer worms spread include infected USB thumb drives, email attachments, and even infected websites.
Unlike a computer worm, a computer virus is not a standalone program. In order to spread, a virus infects existing system files and boot sectors with its malicious code. It also requires user interaction to spread to other files and systems. Viruses usually pursue the same goals as worms; they are also designed to slow down affected systems and cause long-term damage.
A backdoor is a deliberately hidden vulnerability in the program code that allows privy users to circumvent typical protection mechanisms, such as authentication using login credentials. These digital backdoors are often hidden in programs by intelligence services in order to gain easy access to sensitive information. For example, Cisco network routers, which process large volumes of global internet traffic, were in the past provided with backdoors for the US Secret Service.
Adware (derived from “advertisement”) refers to unwanted programs that display advertising on the system or automatically direct a browser to dubious websites. The programs usually get onto users’ computers from dubious download portals or infected websites. Once installed, adware can only be removed from the system at great expense, as the tools are deeply embedded in the operating system and web browsers. The most well-known representatives of the adware milieu include unwanted browser toolbars and other mostly nonsensical extensions.
Scareware is a generic term for malware that uses uncertainty and fear to induce the user to install software. The term is derived from the word “scare.” In most cases, this is additional malware or purportedly protective software that, in reality, has no value whatsoever – yet can cost all the much more. Scareware is mainly found on questionable online platforms and is primarily aimed at inexperienced users.
As the name suggests, spyware spies on the affected system. It captures valuable user input such as passwords and other information, which is then sent over the internet to the cybercriminals responsible for it. To spread spyware, hackers use the usual infection channels such as email spam or software from questionable download portals.
Cryptominers are a novel family of malware. This malware is employed by cybercriminals to mine digital currencies such as Bitcoin and the like in the background. The computing power of the infected system is used for this – without the user’s knowledge, of course. Cryptominers hide themselves, for instance, as scripts on websites, where they are smuggled in by cybercriminals via security vulnerabilities. The mined coins end up in the attackers’ digital crypto wallets. In some cases, cryptominers are also used quite legally, to monetize websites for example. However, the site operator must clearly inform visitors of the use of such tools.
Companies can obtain reliable protection against malware by strictly observing tried and tested security measures. Best practices in the field of cybersecurity include: regular backups, software maintenance via updates, and increasing awareness among employees.
In general, all companies must protect critical records from malware attacks or other possible data breaches. Backups should be updated regularly and preferably redundantly stored multiple times. Furthermore, it is advisable to store backups at different locations to achieve geo-redundancy, which also protects backups from fire, water damage, natural disasters, and other outside influences. Depending on the type and scope of the backups, saving them to a private or public cloud is also an option.
Scanning software used to detect malware at an early stage and keep it away from systems has also become well established. These security tools usually identify malicious programs using hash values that are compared with the results of known malware.
Technical solutions alone do not help to improve cybersecurity. Rather, the person in front of the screen must also be incorporated into a comprehensive security strategy. It is not without reason that the BSI specifications for ISO 27001, based on basic IT protection, specify precise requirements for raising awareness and training personnel. The PCI-DSS international regulations for payment transactions also provide for awareness training for employees. Among the most explosive awareness issues are password security, the benefits of multi-factor login procedures such as 2FA, the benefits and use of data encryption, phishing & social engineering, as well as identifying attacks and malware infestation.
In particular, the use of secure email helps protect against malware, as it spreads primarily via spam email. For example, file attachments must always be scrutinized critically, even if they originate from emails from known contacts. In the case of unexpected file attachments, such as executable Office documents, it is advisable to contact the sender by telephone to ensure that the attachment is legitimate. This will help prevent a malware infection from continuing to spread. Suspicious emails or files should always be forwarded to the responsible IT unit and the IT security officer. In case of doubt, additional investigations can be initiated to rule out any threats.
“Never change a running system” is a thing of the past. The motto for anyone who now wants to work with stable endpoints capable of withstanding new types of attack vectors is patch, patch, and patch again! Companies should always keep their systems in operation up to date. This is the only way to ensure that no critical vulnerabilities are lurking in the operating system and application software. On the other hand, those who are negligent in the area of software maintenance are at risk of vulnerabilities to viruses, worms, Trojans, and other threats.
The BSI also advises regular monitoring of log files to detect anomalies in the network at an early stage, as well as consistent network segmentation, which is of great importance in the containment of malware. Companies and users can find additional protective measures to safeguard companies and organizations against malware on the BSI “Alliance for Cyber Security” portal.