Cyber crime is no longer the province of the computer super-geek. In fact, it can almost be said to have gone mainstream with exploit lists, downloadable network tools and scripts – even hacking IT support – all available online at bargain prices.
As with any threat to our homes and businesses, knowing the nature of the threat we face helps us to minimize the danger.
Unless you are working for a big company or organization, it is unlikely that you will face a concerted cyber-attack, but there are enough nasties out there to cause damage and loss to your sensitive data if you don’t take the right precautions.
Six types of malware and how they work
The term ‘malware’ simply stands for ‘malicious software’ and is an umbrella term for all the harmful pieces of computer code designed to steal data, cause disruption or take control of devices.
Adware is simply software that contains integrated advertising materials often in the form of pop-ups or other visually prominent material. Adware can be a gray area as it is often legitimately included as part of a bundle to allow a service to be used free of charge or at a reduced price.
However, if you are tricked into downloading adware, if it is designed to be difficult or impossible to remove or if it downloads itself through browser vulnerabilities, it can rightly be thought of as malware.
Ransomware is a popular form of malware that is characterized by two things: it locks away or threatens to delete data as it asks for money – usually in a cryptocurrency like Bitcoins – to save or unlock it. Ransomware can take the form of a Trojan horse, virus, worm, or blended attack. (See below.) The May 2017 WannaCry attack was an example of a ransomware worm.
Spyware often comes packaged with adware. Its purpose is to covertly collect data and pass it back to the author of the code.
4. Trojan Horse
Adware, ransomware and spyware are defined by what they do whereas trojan horses, viruses and worms are defined by how they work. A trojan horse is a malicious program that is designed to mimic another type of program (e.g. an anti-virus, screensaver, etc.) in order to avoid detection.
Unlike viruses and worms, trojan horses are rarely able to replicate themselves but are often used to steal data, alter or damage files, or create a ‘back door’ to facilitate remote control. Remote controlled devices are often recruited as part of a ‘botnet’ for launching attacks on other devices or networks.
A virus is a piece of code with the ability to replicate itself. It is introduced into another program and runs when that program is executed. Since most viruses reside on an executable file, they need to be activated by the recipient before they can do their damage. However, there is a subset of viruses that need no human assistance to spread.
Unlike its namesake, a computer worm is actually a type of self-sending virus that uses a system’s inbuilt transport features to infect further devices before replicating itself. A worm’s main method of attack is via system vulnerabilities, but authors may use social engineering tactics (see below) to initially introduce the malware into an unsuspecting victim’s device.
A blended attack uses one or more of the above methods and can be extremely potent once installed.
There are two main attack vectors through which malware gains access to devices and networks:
1. Drive-by download/install
Drive-by attacks generally target vulnerabilities in browsers or insecure third-party API calls. The malware is introduced simply by browsing an infected website and may be encrypted to foil anti-virus programs. Most drive-by downloads can be thwarted by ensuring operating systems have been updated with the latest security patches.
2. Social engineering (phishing and pharming)
Whereas drive-by attacks can be triggered automatically or with minimal human input, social engineering attacks rely on human behavior to bypass safeguards. Phishing is the most widely mentioned tactic for targeting computer users. This is the practice of hiding malware behind emails or websites designed to look like legitimate organizations (banks, tax collection services, social media sites, shopping sites, etc.).
The strategy offers either a reward (prize, free gift, voucher, etc.) or a warning (stolen data, compromised password, etc.) in the hope that the recipient will drop their guard and click a link, download a file, or execute a similar action. Avoiding phishing attacks is best achieved through security education.
Pharming is an even more insidious tactic in that it poisons the host computer’s DNS cache or even an ISP’s DNS server so that a browser is redirected to a fake version of an intended website.
If you are concerned about any aspect of cyber security, you may wish to consider investing in high-quality IT consulting for tailored advice on creating an action plan for your business.
About the Author: Brent Whitfield is the CEO of DCG Technical Solutions Inc. DCG provides the specialist advice and IT consulting Los Angeles area businesses need to remain competitive and productive, while being sensitive to limited IT budgets. Brent has been featured in Fast Company, CNBC, Network Computing, Reuters, and Yahoo Business. https://www.dcgla.com was recognized among the Top 10 Fastest Growing MSPs in North America by MSP mentor. Twitter: @DCGCloud.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.