Malware malicious software

What is malware?

Malicious software, or malware, is any type of computer program designed to perform unwanted or harmful functions on computers, servers, and within networks

01

Malware: a definition

In IT, malicious software or malware (a compound word composed of malicious and software) refers to all types of programs designed to perform harmful or undesirable actions on a system. These include computer viruses, worms, Trojans, ransomware, spyware, and many other digital pests. Typically, cybercriminals use these malicious tools to access sensitive data, extort ransom, or simply cause as much damage as possible to the affected system. For the most part, malware is now being spread via the internet. Attackers use spam emails with infected file attachments or manipulated websites to distribute malware.

Malware affects both private and professional users of all industries and company sizes – hackers are more or less successful at times, depending on the digital competence of the individuals affected. Those who keep their systems up to date and always critically check content from the net and emails have far less to fear than users unwittingly surfing the internet using outdated operating systems and browsers. Nevertheless, a malware infestation can never be completely ruled out; however, a variety of best-practice methods help keep the attack surface for malware as small as possible.

02

What types of malware are there?

The number of different types and genres of malware is increasing by the day. In the 2019 BSI report on the state of IT security, 114 million new malware variants were discovered in the year-long investigation period alone. Of these, the Windows operating system accounts for the majority of malware. In general, a distinction is made between the following types of malware:

Trojans

As the name suggests, Trojans sneak onto the victim’s system disguised as a harmless file or application and perform unwanted actions. Depending on the type of Trojan, different functions are executed, such as the targeted deletion of specific system files or even the download of more malicious code from the internet.

Ransomware

Ransomware, also called an encryption or a crypto Trojan, encrypts data on the affected system and only unblocks it when the correct password is entered. The latter is not given to the victims until after they have paid a ransom to the hackers. Digital currencies such as Bitcoin and Ether are the most common means of payment, making it difficult to track the cybercriminals. Ransomware is one of the most popular and dangerous kinds of malware programs of the past few years. Companies, in particular, have recently received demands to pay millions to unblock critical services. The most well-known ransomware variants include WannaCry and Petya.

Computer worm

A computer worm is defined as a program that autonomously propagates itself on the infected system and on the connected network and beyond, and usually performs harmful actions. Computer worms delete files, cause malfunctions and damage to software and hardware, or flood the system with irrelevant content. Typical ways in which computer worms spread include infected USB thumb drives, email attachments, and even infected websites.

Computer virus

Unlike a computer worm, a computer virus is not a standalone program. In order to spread, a virus infects existing system files and boot sectors with its malicious code. It also requires user interaction to spread to other files and systems. Viruses usually pursue the same goals as worms; they are also designed to slow down affected systems and cause long-term damage.

Backdoor

A backdoor is a deliberately hidden vulnerability in the program code that allows privy users to circumvent typical protection mechanisms, such as authentication using login credentials. These digital backdoors are often hidden in programs by intelligence services in order to gain easy access to sensitive information. For example, Cisco network routers, which process large volumes of global internet traffic, were in the past provided with backdoors for the US Secret Service.

Adware

Adware (derived from “advertisement”) refers to unwanted programs that display advertising on the system or automatically direct a browser to dubious websites. The programs usually get onto users’ computers from dubious download portals or infected websites. Once installed, adware can only be removed from the system at great expense, as the tools are deeply embedded in the operating system and web browsers. The most well-known representatives of the adware milieu include unwanted browser toolbars and other mostly nonsensical extensions.

Scareware

Scareware is a generic term for malware that uses uncertainty and fear to induce the user to install software. The term is derived from the word “scare.” In most cases, this is additional malware or purportedly protective software that, in reality, has no value whatsoever – yet can cost all the much more. Scareware is mainly found on questionable online platforms and is primarily aimed at inexperienced users.

Spyware

As the name suggests, spyware spies on the affected system. It captures valuable user input such as passwords and other information, which is then sent over the internet to the cybercriminals responsible for it. To spread spyware, hackers use the usual infection channels such as email spam or software from questionable download portals.

Cryptominer

Cryptominers are a novel family of malware. This malware is employed by cybercriminals to mine digital currencies such as Bitcoin and the like in the background. The computing power of the infected system is used for this – without the user’s knowledge, of course. Cryptominers hide themselves, for instance, as scripts on websites, where they are smuggled in by cybercriminals via security vulnerabilities. The mined coins end up in the attackers’ digital crypto wallets. In some cases, cryptominers are also used quite legally, to monetize websites for example. However, the site operator must clearly inform visitors of the use of such tools.

03

Which industries are affected by malware?

Malware makes no distinction between industries and companies. In large campaigns, cybercriminals use a scattergun approach to distribute their malware evenly across the computers of small start-ups, SMEs, and large corporations in every industry. Government agencies and other organizations are also not safe from malware.

Far more dangerous than broad-based waves of attacks, however, are targeted attacks designed for a specific company or a single target. In such scenarios, attackers invest a great deal of effort in preparing and executing the attacks. For example, the target’s environment is analyzed in detail to identify any weak points in networks and systems. This analysis is followed by the actual attack, which usually involves a combination of social engineering, phishing, and malware. Such professional attacks are used to infiltrate systems and networks containing highly sensitive and, therefore, extremely valuable data.

04

How companies can protect themselves from malware

Companies can obtain reliable protection against malware by strictly observing tried and tested security measures. Best practices in the field of cybersecurity include: regular backups, software maintenance via updates, and increasing awareness among employees.

Create backups

In general, all companies must protect critical records from malware attacks or other possible data breaches. Backups should be updated regularly and preferably redundantly stored multiple times. Furthermore, it is advisable to store backups at different locations to achieve geo-redundancy, which also protects backups from fire, water damage, natural disasters, and other outside influences. Depending on the type and scope of the backups, saving them to a private or public cloud is also an option.

Malware scanners

Scanning software used to detect malware at an early stage and keep it away from systems has also become well established. These security tools usually identify malicious programs using hash values that are compared with the results of known malware.

Awareness creates a human firewall

Technical solutions alone do not help to improve cybersecurity. Rather, the person in front of the screen must also be incorporated into a comprehensive security strategy. It is not without reason that the BSI specifications for ISO 27001, based on basic IT protection, specify precise requirements for raising awareness and training personnel. The PCI-DSS international regulations for payment transactions also provide for awareness training for employees. Among the most explosive awareness issues are password security, the benefits of multi-factor login procedures such as 2FA, the benefits and use of data encryption, phishing & social engineering, as well as identifying attacks and malware infestation.

Check email attachements

In particular, the use of secure email helps protect against malware, as it spreads primarily via spam email. For example, file attachments must always be scrutinized critically, even if they originate from emails from known contacts. In the case of unexpected file attachments, such as executable Office documents, it is advisable to contact the sender by telephone to ensure that the attachment is legitimate. This will help prevent a malware infection from continuing to spread. Suspicious emails or files should always be forwarded to the responsible IT unit and the IT security officer. In case of doubt, additional investigations can be initiated to rule out any threats.

Software maintenance

“Never change a running system” is a thing of the past. The motto for anyone who now wants to work with stable endpoints capable of withstanding new types of attack vectors is patch, patch, and patch again! Companies should always keep their systems in operation up to date. This is the only way to ensure that no critical vulnerabilities are lurking in the operating system and application software. On the other hand, those who are negligent in the area of software maintenance are at risk of vulnerabilities to viruses, worms, Trojans, and other threats.

Monitoring and network segmentation

The BSI also advises regular monitoring of log files to detect anomalies in the network at an early stage, as well as consistent network segmentation, which is of great importance in the containment of malware. Companies and users can find additional protective measures to safeguard companies and organizations against malware on the BSI “Alliance for Cyber Security” portal.​

How malware works

05

What you need to know about malware

Cybercriminals use malware to infect systems and networks and to gain access to the data stored there. The programs initiate different actions depending on the type of malware. The spectrum ranges from the malicious destruction of data to the stealthy sniffing of user input. The threat of malware affects all user groups, both private and professional. Since new variations of malware are being developed on a daily basis, no protection system can guarantee one hundred percent security. There are, however, established behavioral guidelines for keeping the virtual attack surface as small as possible.

Security solutions such as the Myra Hyperscale WAF also help to automatically prevent the spread of malicious software and protect company web servers from being infected by malware.