Malware is the family name for some of the all-time most dangerous internet threats. Several types of malware are still widespread today. From the early 1960s, malware has evolved and diversified to perform all kinds of nefarious acts.
Attackers may use malware to steal your sensitive information (with a Trojan), access your accounts, or encrypt all your files (with Ransomware). But the list doesn’t end there.
Malware can cause countless malicious actions against whatever is connected to a network. From gathering your buying habits for selling that information to companies to provoking the destruction of physical components in a nuclear plant.
Malware is the short form for Malicious Software. It includes any program having an evil intention like:
Malware often has two main parts: a dropper and a payload.
The dropper delivers the payload on the target system by spreading and installing malicious codes. For example, a worm makes a copy of itself somewhere else when it has run. It typically breaks into other systems by using brute-forcing or code execution vulnerabilities.
Then, we have the payload, who takes the key role in the show. The payload code can do a diverse range of things.
In older times, the payload was typically used for gathering your information and giving remote access to your system. It is not rare nowadays, though. For example, in Operation Socialist, the UK Government Communication Headquarters (GCHQ) breached Belgian telecommunications company Belgamon. They installed malware to do surveillance of traffic passing through Belgium to other countries.
But the damage can also go to physical components in your system. That was the case with the Stuxnet worm, which targeted programmable logic controllers (PLCs) in Iranian nuclear plants to destroy fast-spinning centrifuges.
Last decade, malware payloads focused on using your hardware to mine cryptocurrency, taking your system as a “zombie” (Botnet) to perform other attacks, and on encrypting all your sensitive information to demand a ransom.
And a vast collection of payloads is publicly available, like here.
There are different media that malware can use to get into your system. Some of the most common are:
These are the most common signs you may experience when infected with malware:
We can classify malware by its way of operation and by its goals.
A virus is a self-replicating program. It can produce copies of itself by attaching with another program of any format. They can act when they are downloaded, may wait for the host to execute them, or stay in sleep mode for a predetermined time.
Unlike a virus requiring a triggering event to operate, worms can propagate by themselves. They can use different file transport protocols to infect other devices in a network. Samy Worm is an iconic case; it flooded the MySpace social network in 20 hours in 2005.
Spyware gathers user interaction data such as email addresses, login credentials, keystrokes, GPS, voice recordings, etc. This information is sent to the attacker via a remote connection. Spyware hides its files and processes to avoid detection. The most common spyware are:
The last one deserves a new section.
A Trojan, referencing the old Greek history of the Trojan Horse, is a malicious program disguising as or inside another one. Trojans are typically spread by Social Engineering to create backdoors and monitor the host system. For example, the messaging app ANOM was a Trojan used by law enforcement to monitor criminals in a covert operation from 2018 to 2021.
Ransomware is the type of malware that made the most first-lines in the news last year. It even flourished a new illegal business: Ransomware as a Service (RaaS), offering ransomware kits in the Dark Web to as little as $100.
The major ransomware attack of 2021 (and one of the biggest all-times) victimized Kaseya, an IT solutions company. It affected Kaseya’s clients and their clients; more than one thousand companies all over the world.
WannaCry is considered one of the most harmful ransomware attacks in history. In 2017, this attack infected 7,000 computers in the first hour and 110,000 different IP addresses in the following two days.
Many companies in different countries lost control over their industrial processes, including car giants Renault and Honda.
According to the Mimecast 2021 State of Email Security Report, 61% of organizations experienced a ransomware attack that led to, at least, partial disruption of business operations. The previous year was 51%. We can see the attacks’ effectiveness on the rise.
Here’s a list of recommendations to better protect yourself.
Attackers often rely on users clicking on malicious links in emails, social media or pop-up ads that lead to malware installation.
Even if you receive an email from someone you trust, the email still could have been sent by an attacker impersonating the person you trust.
Malware sometimes relies on exploits for known vulnerable components to gain access or code execution in your server.
Surf only renowned and secure websites using HTTPS. You will recognize when a website is using HTTPS by a closed lock icon next to your URL. If you are unsure you can trust a specific page, check here and in forums.
And do it only from trustworthy websites! A malicious app could contain malware. Remember what we mentioned before: free programs may come with surprises!
An anti-virus, anti-spyware, ad blocker, a firewall, and an Intrusion Prevention System (IPS) are essential lines in your defenses. They monitor the behavior of your system and network in search of threats and act when necessary. For example, a firewall will block automatic downloads triggered by a malicious website when you are browsing.
An anti-malware software helps you to detect and remove, or in the best case prevent malware infections. Let’s analyze this in more detail in the following sections.
To be prepared for the unexpected, like a 0-day vulnerability, security should be applied in layers. You should protect each part of your system.
BitNinja has features specially designed to protect against malware:
BitNinja’s features are backed by state-of-art technology in different areas:
Let’s analyze the 2021 Kaseya attack step by step.
First, the attackers got access to the Virtual System Administrator (VSA) and gained code execution exploiting zero-day vulnerabilities. At this point, the attackers turned Kaseya VSA software into a Trojan, which they used to install ransomware in Kaseya client’s systems.
The malware contained an encryptor, which obfuscated the malicious content from the eyes of Kaseya and clients’ defense software. Finally, victims’ files were encrypted and taken as hostages demanding a ransom.
This example shows well how sophisticated and dangerous malware can get.
Malware is the most dangerous threat out there. Cybersecurity is not optional anymore. It is necessary! If you haven’t tried BitNinja yet, don’t forget to register for the 7-day free trial! No credit card needed!
We are always happy to help you! If you have any questions, check out our Knowledgebase, feel free to ask at info@bitninja.io, or you can even reach us on the Dashboard chat!
Let’s make the Internet a safer place together!
