As previously mentioned, the importance of Cyber Security for organisations and individuals is now more important than ever. This blog takes a deeper look at malware and its ever-growing threat to the Cyber Security of all organisations.
What is Malware?
Malware is any software used to disrupt computer or mobile operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising. According to Lifewire , the first PC-based malware, known as Brain, was unleased in 1986 and ever since we have seen an explosion of malware delivered online. During the Covid-19 global pandemic, attackers have taken advantage of changes in the way many organisations do business to intensify attacks with a bewildering array of malicious campaigns including malware.
Types of Malware
As a tool used in cyber attacks malware comes in many forms including:
- Virus: a program that performs an unwanted function on the infected computer. This could involve destructive actions or the collection of information that can be used by the attacker
- Trojan: a program that pretends to be legitimate code but conceals other unwanted functions. It is often disguised as a game or useful utility program
- Worm: a program that is capable of copying itself onto other computers or devices without user interaction
- Logic bomb: malicious code that has been set to run at a specified date and time or when certain conditions are met
- Rootkit: a program used to disguise malicious activities on a computer by hiding the processes and files from the user
- Keylogger: code that records keystrokes entered by the user
- Backdoor: a program that allows unauthorised access at will to an attacker
The Stages of a Cyberattack
- Survey: Attackers will use any means available to find technical, procedural or physical vulnerabilities which they can attempt to exploit. They can use publicly available information such as social media. Hackers can also employ commodity toolkits such as network scanning tools to collect and assess any information about your organisation’s computers, security systems and personnel. Attackers will also use social engineering (often via social media) to exploit users to give away more, less openly available information.
- Delivery: The attacker will look to get into a position where they can exploit a vulnerability that they have identified, or they think could potentially exist. For example, sending an email containing a link to a malicious website or an attachment which contains malicious code.
- Breach: The harm to your business will depend on the nature of the vulnerability and the exploitation method. It may allow attackers to make changes that affect the system’s operation, gain access to online accounts and achieve full control of a user’s computer, tablet or smartphone.
- Affect: Depending on their motivation, the attacker may seek to explore your systems, expand their access and establish a persistent presence by taking over a user or administrator account. With access to just one system, they can try to install automated scanning tools to discover more about your networks and take control of more systems. Examples include retrieving information they would otherwise not be able to access, such as intellectual property or commercially sensitive information.
After the attacker is satisfied with what they have gotten the more capable attacker will exit, carefully removing any evidence of their presence. Or they could create an access route for future visits by them, or for others they have sold the access to. Equally, some attackers will want to seriously damage your system or make as much ‘noise’ as possible to advertise their success.
USB memory sticks, CDs, DVDs and other removable media devices provide an effective way of spreading malware onto additional computers. When the media is inserted into the machine the malware will either run and infect the target or will copy itself onto the removable media in order to prepare to infect the next machine it is plugged into.
