Short for “malicious software,” malware is computed code that is designed to harm or exploit any programmable device, server, or network. The malicious intent of malware can take many forms, including denial of access, destruction or theft of data, monetary theft, hijacking computer resources, spreading misinformation, propagation of malware, and many other harmful actions. The motivation for cybercriminals to spread malware could be for money, spying or theft of secrets, or damage to a competitor or adversary.
With millions of programmable devices now connected via the internet, malware is a large and growing part of the cybercrime industry. Cybercriminals distribute malware in several ways:
A malware attack typically falls into one of five categories based on what the attacker hopes to achieve:
Adware collects information on a user's browsing habits and pushes pop-up ads to the user. Pornware is a type of adware that downloads pornographic images and advertisements to a computer and may auto-dial pornographic talk services. Spyware also collects information—sometimes the user's web browsing history, but also more sensitive data, such as passwords and account numbers. In some cases, the spyware may seek out confidential content, such as customer lists or financial reports. Spyware and adware often masquerade as legitimate applications, including malware protection programs.
Botnet malware creates networks of hijacked computers that can be remotely controlled. Called botnets, these networks may consist of hundreds or thousands of computers—all conducting one of the following malicious activities:
Ransomware gained prominence in 2016 when a wave of ransomware exploits encrypted computers around the globe and held them hostage for payment in bitcoin or other cryptocurrencies. One of the most notorious was the May 2017 WannaCry/WannaCryptor ransomware that impacted major organizations around the world, including the U.K. National Health Service (NHS). The attackers demanded $300 in bitcoin for each computer’s decryption key, although they did not always deliver the key. The ransomware shut down NHS hospitals and affected hundreds of thousands of organizations and individuals who lost valuable data. In 2018, ransomware attacks have declined as attackers refocus their efforts on cryptojacking malware.
Cryptojacking or cryptomining malware involves hijacking a computer or computer network to mine cryptocurrencies. Mining programs use large amounts of processing power, bandwidth, and energy. Victims pay the price in reduced processing power for their legitimate uses and increased electricity costs. Excessive data crunching can also damage the victim's hardware. Malware attacks may also steal or alter data or plant other malware for future use. Some cryptojackers also steal victims' own cybercurrency.
Fileless malware operates only in the memory of the computer and leaves no files for antivirus software to locate. Operation RogueRobin, is an example of a fileless malware attack. RogueRobin starts with a phishing email containing malicious Microsoft Excel Web Query files. These files force the computer to run PowerShell scripts, which in turn provide the attacker with a backdoor to the victim's system. Although the malware disappears if the computer is powered off, the backdoor remains.
By using trusted technologies such as PowerShell, Excel, or Windows Management Instrumentation, fileless malware hackers can evade traditional security software.
Because some applications are designed to run continuously, a fileless malware script might run for days, weeks, or longer. A financial services company discovered fileless malware that ran on its domain controllers and collected the credentials of system administrators and others with access to deeper parts of the system.
Below are the primary strategies that individuals and organizations can implement for better malware protection:
User training on safe internet and social media practices is recommended. Users benefit from regular informational updates on the latest malware threats, as well as reminders on security practices. IT employees can improve their security skills by attending a Trellix webcast, reading Trellix blogs, or reviewing Trellix Threat Center reports.