What Is Malware? How Can It Affect My Business?
Editor’s note: This article was first published in 2018 and has been updated to reflect the latest information and trends.
Imagine that an employee, perhaps a brand-new hire, receives an important-looking email from the CEO of the company. What will that employee do? In the vast majority of cases, he or she will open the email immediately thinking that it must be important if it's coming from the head of the company.
Often the employee may even click on a bogus link in the email. Seeing that nothing unusual happens immediately, the email is quickly forgotten.
But, three weeks later, production grinds to a halt as every employee in the company, from entry-level to executive, discovers they've been locked out of the system. The computers warn that until a Bitcoin payment is made to a secret address, accessing the system will be impossible.
The classic scenario I just described involves one type of malware called ransomware. As the name indicates, it holds data hostage until a ransom is paid.
In this article, I’ll explain the different kinds of malware and how they work. I'll also give you some steps you can take to avoid malware.
As part of Kelser’s comprehensive managed It support services solution, we provide malware protection for our clients. But, I’m not here to sell you our services.
The truth is, while we provide a robust offering, we know that managed IT isn’t the right solution for everyone. Instead, I’m writing this article to provide information you can use to keep your data safe (whether you work with us or not).
What Is Malware?
Malware is a catch-all term used to define ransomware, viruses, trojans, worms, and some bots. These software applications are designed to secretly install themselves on a host computer and harm their users in some way.
Many of these technologies have been in use for more than two decades, but it's only in recent times that cybercriminals have turned their use into a full-fledged enterprise.
Thanks to ransomware’s ability to make cybercriminal behavior profitable, criminal entrepreneurs are becoming increasingly common, selling malware applications, stolen corporate data and more through illicit channels on the Deep Web.
Related article: What Is Ransomware? How Does It Work? How To Avoid It
5 Types Of Malware
The five basic forms of malware are:
As I mentioned, the scenario outlined above is a typical example of ransomware, which is the most common and most popular form of malware.
While traditional malware applications may collect data and give to hackers so they can sell it to the highest bidder, ransomware actively infects the host’s data and makes it inaccessible.
A common strategy is to encrypt an entire database and force the victim to pay for the decryption key. Naturally, there is no guarantee that any decryption key will be provided, and no guarantee that the ransomware application won't encrypt the system again when the attacker needs more money.
These applications are designed to change the way a computer operates. They spread by replicating themselves, much in the same way biological viruses infect host cells.
When a device comes in contact with an infected device, whether through an open Wi-Fi network, a USB flash drive or an FTP server, it too becomes infected and propagates the virus further.
Trojans masquerade as real programs. They can be highly convincing and very effective. They look legitimate and trick users into opening them and then collect data, copy files or delete important information.
They also can create backdoors that give people with malicious intent access to the system.
Trojans need user interaction to spread. In other words, a user must take an action such as downloading and opening a file from the internet or clicking on an email attachment to spread a Trojan.
These are applications that target data while it's in transit.
Unlike viruses, which spread through infected host files, worms are standalone applications that can travel between systems on their own. They don't need to wait for an unsuspecting user to connect to the network because they can connect themselves and propagate from there.
An abbreviation for the word “robot”, bots are automated processes used to collect information.
While bots are often used for legitimate information gathering, malicious, self-propagating bots can be used for activities that include gathering passwords, logging keystrokes, and stealing financial information.
Bots often infect networks in a way that is not immediately apparent.
How Does Malware Spread?
Malware can spread in a number of ways, but there are three vector classes that are of particular interest to modern cybersecurity experts. These are the most common methods by which users expose themselves to malware risks:
Propagating a malware application by email is surprisingly simple and effective.
Attackers can send malware applications via email that appear to come from trusted sources such as the user’s bank, the U.S. Postal Service, FedEx, Amazon, or other trusted addresses from the user’s own contact list.
These emails may feature links that direct the user toward convincing versions of their bank's website, compelling them to change their password and then sending the login information to a cybercriminal, or they may have infected attachments that immediately begin collecting data on their own once opened.
Cybercriminals can design websites that exploit system vulnerabilities, human error and common sense.
Here’s a typical example: a pop-up ad warns users that they have a virus and encourages them to click OK to clean their system registry and get rid of the virus. In fact, if the user clicks OK a virus will be installed on the host system.
Direct vectors include infected USB devices, social engineering tactics, or exploiting the host operating system from within the network.
Social engineering is one of the most popular methods of gaining access to closed systems: the idea is to trick a user into compromising their own security.
For instance, an attacker may scan a public LinkedIn profile to find an employee's name and title, get their phone number from the company website and then call them, pretending to be from the IT department and asking for login credentials.
As simple as it sounds, it works surprisingly well.
Related article: What Is Social Engineering? Tactics, Impact & 6 Tips To Avoid It
Safeguard Your Business From Malware Attacks
With cyber threats on the rise, and ransomware occurrences becoming increasingly common, there is no better time than now to implement a robust cybersecurity defense against malware. Here are four steps to do this:
Adopt An Information Security Culture
Instruct employees to be suspicious and always protect your organization's data.
For example, if someone receives an unexpected email that appears to come from the CEO or CFO, they need to feel comfortable picking up the phone and calling that individual to confirm.
The extra phone call may be inconvenient, but it's nothing compared to losing a few million dollars because a hacker impersonated one of them and gained access to the company bank account.
Related article: What Is An Information Security Culture? How Can You Foster One?
Keep Comprehensive, Easily Recoverable Backups
Since there is often no way to decrypt files compromised by ransomware, your only course of action is continuing business from a backup.
If you have a comprehensive, highly organized data recovery strategy, this can take as little as ten minutes and cost nothing.
If your backup strategy is inefficient, irregular or unorganized, however, migrating all your data can take days or even weeks.
Make sure to have backup processes in place and that you test them regularly to ensure easy and quick access in the event of a disaster.
Implement Multi-Factor Authentication
Multi-factor authentication (MFA) requires users to provide multiple forms of identification before granting access to an application, website or other service. MFA provides an extra layer of security and also makes it more difficult for malware applications to propagate.
Related article: The Truth About 3 Common Multi-Factor Authentication (MFA) Concerns
Protect Mobile Data
Every employee and business partner or collaborator has a mobile device that likely has has some of your corporate data on it maybe through a linked email account or a cloud application like DropBox.
Address these applications with corporate policy that includes erasing data after unsuccessful password attempts and protecting sensitive data when mobile devices get into the wrong hands.
And, consider implementing mobile device management tools, which allow your mobile devices to be remotely configured, monitored, supported, controlled and secured. This can be invaluable when a device is stolen or lost.
What’s The Bottom Line?
After reading this article, you have a complete understanding of malware. You know the different types: ransomware, viruses, trojans, worms, and bots. You know three common ways people are exposed to malware: email, web and direct vectors.
And, you know four actions you can take to protect your organization: adopt an information security culture, maintain and test data backup procedures, implement MFA, and protect mobile data.
Looking for other ways to keep your data safe? Learn the advantages of implementing employee security awareness training.