Malware Attacks

Chris Swagler | December 11th, 2023

 

Malware is one of the most serious security dangers that businesses face. Security teams must actively monitor networks to detect and contain malware before it causes widespread damage. However, when it comes to malware, prevention is essential. However, to prevent a malware attack, it is necessary to first understand what malware is and the most frequent types of malware. Malware, short for malicious software, is used by attackers to purposefully harm and infect devices and networks. Many subcategories fall under the umbrella phrase, including the following:

12 Different Malware Attacks

  1. Viruses
  2. Worms
  3. Ransomware
  4. Bots
  5. Trojan horses
  6. Keyloggers
  7. Rootkits
  8. Spyware
  9. Fileless malware
  10. Cryptojacking
  11. Wiper malware
  12. Adware

Viruses – Computer viruses can affect devices and can spread throughout systems. Viruses need human interaction to spread. The infection spreads across users’ computers after they download the harmful malware onto their devices, which is frequently supplied using fraudulent adverts or phishing emails. Viruses can alter computer functionality and applications, copy, erase, and exfiltrate data, encrypt data to perform ransomware attacks and launch distributed denial-of-service (DDoS) attacks. The Zeus virus, which was discovered in 2006, is still being used by threat actors today. Threat operators use it to build botnets and as a banking Trojan to steal financial information from victims. In 2011, the malware’s designers released the source code, allowing threat actors to create updated and more dangerous variants of the original virus.

Worms – Computer worms can replicate themselves and can infect other computers without human involvement. The malware can infiltrate devices through security vulnerabilities or malicious URLs or files. Worms search for networked devices to attack once inside. Worms are typically undetected by users because they’re camouflaged as legitimate work files. One of the most well-known worms is WannaCry, which is a type of ransomware. The EternalBlue vulnerability in outdated Windows Server Message Block protocol was exploited by the malware. The worm spread to 150 countries in its first year and then infected roughly 5 million devices the next year.

Ransomware – Ransomware will encrypt or lock files or devices forcing victims to pay a ransom to regain access. Even though ransomware and malware are frequently used interchangeably, ransomware is a subset of malware. The following are examples of ransomware:

Locker Ransomware – It locks users completely out of their devices.

Crypto Ransomware – It encrypts all or some of a device’s files.

Extortionware – This type of malware in which threat operators steal data and threaten to disclose it unless a ransom is paid.

Double Extortion Ransomware – Users’ files are encrypted and exported, resulting in threat operators receiving payments from ransom and/or selling the stolen data.

Triple Extortion Ransomware – Third layer to double extortion attacks, including DDoS attacks, to demand a third payment.

Ransomware-as-a-Service (RaaS) – It allows affiliates or customers to rent ransomware. Ransomware developers obtain a share of the ransoms paid under this subscription model.

REvil, WannaCry, and DarkSide, which was used in the Colonial Pipeline attack, are among well-known ransomware strains. Data backups have long been the go-to defense against ransomware. Victims could restore their files from a known-good version if they had proper backups. However, with the advent of extortionware, enterprises must take additional precautions to safeguard their assets from ransomware, including the deployment of advanced protection technologies and antimalware.

Bots – Bots are self-replicating malware that can spread to other devices, forming a botnet, or a network of bots. Devices will carry out automatic actions as directed by the threat operators once infected. DDoS attacks frequently employ botnets. They’re capable of keylogging and sending phishing emails. One classic example of a botnet is Mirai. The malware, which carried out a large DDoS attack in 2016, still targets IoT and other devices today. According to research, botnets thrived during the COVID-19 pandemic. Infected consumer devices, which are the common targets for Mirai and other botnets, are used by the company’s employees or on the company’s networks of employees working from home on company-owned devices, allowing malware to spread to corporate systems.

Trojan Horses – Trojan horses are malicious software that seems to users to be legitimate. Trojans use social engineering techniques to infiltrate devices. The Trojan’s payload or malicious code is loaded once inside devices to facilitate the exploit. Trojans allow threat operators to gain backdoor access to devices, and keylogs, install viruses or worms, and steal data. Remote Access Trojans (RATs) allow threat operators to gain control of infected devices. Threat operators can utilize infected devices to spread the RAT and form a botnet once inside. Emotet is one example of a Trojan that was found in 2014. Despite being taken down globally in 2021, threat operators revived Emotet and it now assists threat actors in stealing users’ financial information.

Keyloggers – Keyloggers are surveillance malware that records keystroke patterns. Keyloggers are used by threat actors to gather users’ usernames, passwords, and other sensitive information. Keyloggers can either be hardware or software. Hardware keyloggers are installed manually into keyboards. Threat operators must retrieve the devices physically once victims use them. Software keyloggers, however, don’t require physical access. Victims frequently get them through malicious links or attachments. Software keyloggers record keystrokes and send the information to threat operators. In 2014, the Agent Tesla keylogger first appeared. The spyware RAT continues to afflict people, with the most recent versions not just collecting keystrokes but also taking screenshots of victims’ devices. Password managers aid in the prevention of keylogger attacks because they eliminate the need for users to physically enter their usernames and passwords, preventing keyloggers from capturing them.

Rootkits – Rootkits are malicious software that allows threat actors to access and control devices remotely. Rootkits help other malware, including ransomware, viruses, and keyloggers, spread. Rootkits frequently go unnoticed because they can disable antimalware and antivirus software once inside devices. Rootkits usually infiltrate devices and systems by phishing emails and malicious attachments. Cybersecurity teams should examine network behavior to detect rootkit attacks. For example, setting alerts for users who regularly log in at the same time and location every day and suddenly log in at a different time or location. NTRootkit, the original rootkit, was released in 1999. In 2003, Hacker Defender, one of the most extensively used rootkits of the 2000s, was released.

Spyware – Spyware are malware that installs itself on users’ devices without their knowledge. It steals users’ data and sells it to advertisers and external users. Spyware can follow credentials, bank account information and other sensitive information. It spreads through malicious applications, URLs, web pages, and email attachments. Mobile device spyware, which can be delivered by SMS and MMS, is especially dangerous since it follows users’ locations and has access to devices’ cameras and microphones. Spyware includes adware, keyloggers, Trojans, and mobile spyware. Pegasus is a mobile spyware that’s designed to attack iOS and Android devices. It was identified in 2016 and was connected to an Israeli technology vendor NSO Group. In November 2021, Apple filed a lawsuit against the vendor for allegedly targeting Apple customers and products. Additionally, Pegasus was connected to a Saudi journalist being assassinated.

Fileless Malware – Unlike typical malware, fileless malware doesn’t require threat operators to install code on victims’ hard drives. It employs off-the-grid methods to infect users’ systems using legitimate and seemingly safe tools, including PowerShell, Microsoft macros and WMI. Fileless malware lives in computers’ memory. It can avoid detection by file- and signature-based tools, including antivirus and antimalware without an executable. Even though fileless malware may contain files, the attacks leave no files behind after completion, making attribution difficult. Fileless malware includes Frodo, Emotet, and Sorebrect.

Cryptojacking – It’s a process of authenticating transactions on a blockchain, which is extremely rewarding but needs massive processing power. Miners are rewarded for validating each blockchain transaction. Malicious cryptomining, or cryptojacking, allows threat actors to conduct verification using the resources of infected devices, such as electricity and computing power. It can degrade the performance of infected devices and result in monetary loss due to stolen resources. Cryptomining malware includes Coinhive, Vivin, XMRig Lucifer, WannaMine, and RubyMiner.

Wiper Malware – The malware, often known as wiperware or data wipers, is frequently classified as ransomware. Its goal, like other ransomware, is to prevent access to victims’ data. In contrast to ransomware, it destroys data instead of holding it for ransom. The goal of the wiper malware attacks isn’t financial gain, but to destroy data. Wiper malware is frequently used by malicious actors to hide their tracks after attacks.  Wiper malware includes NotPetya, Azov, HermeticWiper, and WhisperGate.

Adware – It’s software that shows or downloads unwanted advertisements, such as banners or pop-ups. It gathers online browser data and cookies to target users with relevant advertisements. Not all adware is harmful. To mitigate developer costs, software companies deploy legitimate adware with users’ approval. Malicious adware, on the other hand, presents advertisements that, if clicked, could lead to infection. Threat actors exploit vulnerabilities to infect operating systems and embed malicious adware within pre-existing programs. Additionally, users might download software that is already infected with adware. Adware could be included in software bundles when downloading legitimate applications or be pre-installed on devices, referred to as bloatware. Adware can include Fireball, Gator, DollarRevenue, and OpenSUpdater.

Preventing Malware Attacks

The best defense against malware attacks is having strong cybersecurity hygiene. The concept of cyber hygiene is analogous to that of human hygiene: if organizations maintain a high degree of health (security), they avoid being ill (attacked). The following cyber hygiene procedures help to prevent malware attacks:

  • Updating and patching software
  • Using firewalls and security software, such as antimalware and antivirus
  • Follow recommended practices for email security
  • Install email security gateways
  • Clicking on links and downloading attachments should be avoided
  • Strong access control needs to be implemented
  • Multifactor authentication needs to be required
  • Use the least privilege principle
  • Adopt a security strategy based on zero trust
  • Monitoring abnormal or suspicious activity

Companies should conduct frequent security awareness training teaching staff about the dangers of various types of malware and encouraging them to exercise caution when clicking links and downloading files.

Understanding the different malware and how to prevent them can help companies remain ahead of the latest threat landscape and follow cyber hygiene measures. At SpearTip, our pre-breach advisory services allow our engineers to examine companies’ security posture improving the weak points in their networks. Our team engages with companies’ people, processes, and technologies to measure the maturity of their technical environment. For all vulnerabilities uncovered, our analysts and engineers provide technical roadmaps ensuring companies have the awareness and support to optimize their overall cybersecurity posture. Our assessments leave no stone unturned in examining how companies leverage their current technology. We review application and operating system access controls and analyze physical access to their systems. We conclude with detailed reports and recommendations to keep companies compliant and safe, according to industry standards. 43% of data breaches involve attacks against web applications. We help companies protect themselves from breaches that originate through web applications with our array of assessments.

If your company is experiencing a breach, call our Security Operations Center at 833.997.7327 to speak directly with an engineer.

Categories

Connect With Us

Featured Articles

Cybersecurity Health Checks
Cybersecurity Health Checks: Why Companies Need Them
22 April 2024
New Loop DoS Attack
New Loop DoS Attack Affecting Linux Systems
19 April 2024
Possible Cyberattack
Possible Cyberattack During 2024 Summer Olympics
15 April 2024
Tabletop Exercises
Tabletop Exercises: Transformative Impact on Companies
12 April 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.