Here we will look at some of the common types that one will encounter.
Ransomware is software that encrypts the victim's data and prevents it from accessing it until the ransom is paid. The organizations partially or fully become operational and have to pay for getting the data decrypted. However, there is no guarantee that attackers restore the system even after receiving the money.
Ransomware called RobbinHood was used to attack the city of Baltimore and halted all its activities. It cost the city $18 million. Another attack was against Atlanta City, which cost $17 million.
2. Fileless Malware
This malware is ten times more dangerous and successful as it does not install anything in the system but changes the existing files. The edited files are seen as legitimate and escape the notice of anti-virus software.
An example of this malware is Astaroth. It spams users with links to LNK shortcut files. When a user downloads the file, a WMIC tool downloads additional codes, which are executed in memory only, leaving no evidence and undetected by scanners—attackers then download a Trojan and steal credentials and transfer them to a remote server.
This malware collects information on user activities without their consent and knowledge. It includes passwords, pins and, payment information. Hence, spyware is a malicious weapon used by cybercriminals to compromise data from different devices like mobile phones, apps, laptops, and desktops.
Spyware named DarkHotel targets businesses and political leaders using hotel WIFI and gaining access to systems of the most influential people. Once the system is breached, the target's passwords and sensitive information get captured.
This malware tracks user surfing behavior and determines which ads to feed them. Though similar to spyware, it does not install any software on the computer or capture any keystrokes. The danger is that the victim's privacy is breached covertly, and a detailed profile regarding the users' activities can be sold to advertisers without the consent of users.
In 2017 an Adware called Fireball attacked around 250 million computers, changed default search engines, hijacked browsers, and tracked web activity.
A Trojan comes disguised as software or a tool. Once unsuspecting users download it, it can take control of victim systems for malicious activities. Trojans can be hidden in apps, games, software patches and embedded in attachments included in phishing emails.
A sophisticated trojan is the Emotel which has been around since 2014 and is difficult to fight as it evades signature-based detection. It is persistent and widespread. The trojan has caused losses to the U.S. state, territorial, tribal and local governess to the tune of $1 million per incident for remedial action.
This malware targets vulnerabilities in operating systems and installs itself in the network. They gain access in many ways: through software vulnerabilities and software backdoors or external devices. Once it gets into the network, attackers use it to launch DDoS attacks, steal sensitive data and conduct ransomware attacks.
An example of a worm is Stuxnet, which the U.S. and Israeli intelligence forces used for setting back Iran’s nuclear program. It was introduced into Iran’s IT network environment through the flash drive.
It is a code that inserts itself in an application and attacks when the app is running. Once it gets into networks, it steals sensitive data, launch DDoS attacks or conduct ransomware attacks.
A virus is unable to execute unless the app with which it has infected is running. The execution of the application makes viruses different from trojan, which requires users to download them.
It is software that gives malicious attackers remote control of a user's computer with complete administrative privileges. It is injected into applications, firmware, hypervisors, and kernels. They spread through downloads, attachments, compromised shared drives, and phishing.
Zacinto is a rootkit that infects systems when users download the fake VPN app. If installed, it conducts a security sweep to check for any competing malware to eliminate it. The malware then opens invisible browsers and interacts with content like human beings, such as clicking and highlighting. This activity fools behavioral analysis software.
Keylogger is spyware. It helps track user activity. However, they have legitimate uses. Many organizations use it to track their employee activities. Even families can use them to keep track of the online behaviors of children.
However, if installed for malicious purposes, it can steal password data, banking, and other sensitive information. This malware is inserted into a system through phishing, downloads, and social engineering.
Olympic Vision is an example of a keylogger used to target the U.S., Asian, and Middle East business people for BEC (business email compromise) attacks. Olympic Vision used social engineering and spear-phishing techniques to infect its target systems, steal data, and spy on business transactions.
The keylogger is available cheap in the market at $ 25 and accessible to malicious attackers.
10. Botnets/ Bots
It is a software application used for performing automated tasks or commands. They have legitimate purposes, but when used for malicious attacks, they take the form of malware that can connect back to a central server.
A large number of Bots create a Botnet and launch remotely for attacks such as DDoS attacks.
An example of a Botnet is the Echobot which is known to attack a wide range of IoT devices, exploit 50 and more different vulnerabilities. It can exploit the Oracle WebLogic Server and VMWare’s SD-Wan networking software. This malware also searches for unmatched legacy systems. Malicious actors use Echobot to interrupt supply chains, steal sensitive supply chain information, launch DDoS attacks and conduct corporate sabotage.
The best approach to protect oneself from malware is to use a unified single umbrella security solution that provides combined defense. Every organization should deploy Machine learning, black-listing, white-listing, exploit blocking, and IOC (indicators of attack) techniques as robust anti-malware strategies.
Cybersecurity solutions can provide fast cloud-based solutions on real-time defense capabilities and visibility to counter the threats.