10 types of Malware, their impact on your devices and network and how to stay protected.
Malwares are threats to both your endpoint and your organization’s network (if the endpoint is connected to one, even through a remote connection). Malware is short for Malicious Software, some of which could get installed on your device, monitor user activity, and send confidential data to the attacker. This in turn could help the attacker gain further access and penetrate other targets within the network and even cause the user’s device to be part of a botnet (bot + network) – Where the infected device propagates the threat to other devices connected to the same network making them participate in the malicious behavior without the user’s knowledge or consent.
There were 5.4 billion malware attacks in 2022. (Source: SonicWall) 71% of malware attacks had a specific target according to positive technologies. Malwares usually result in data breaches and end up compromising an organization’s reputation. While the term Malware describes a genre of threats, there are various types that could be easily identified by the user, and we’ll show you how to know if you’re infected in a later section of this blog.
Malware is a piece of malicious code inserted into an application, system or a program. Sometimes it is deployed by the victim themselves, but they do require a host (a device to live). They stay inactive until an action is triggered, this action can be a user downloading an e-mail attachment, commonly an executable file extension (like .exe) and running it.
The most common medium for spreading Malware is e-mail. In Verizon’s 2019 data breach investigation report, 94% of malware was delivered by e-mail. (One of many reasons why you need an e-mail security solution).
Here are 10 of the most common Malware types:
Ransomware is a novel kind of attack – relatively. The first known ransomware attack took place in 1989 on floppy disks (read about the AIDS trojan) The idea behind it is that the attacker gains access over some files, encrypts them and threatens the owner to corrupt or erase them if a ransom is not paid. Ransomware evolved rapidly in the mid-2000s, with attacks such as Gpcode, TROJ.RANSOM.A and Archiveus. These attacks used a complex type of data encryption (asymmetric) making the victim’s files inaccessible and the decryption key was offered in exchange for a cash ransom. According to SonicWall’s 2022 Cyber Threat Report, Ransomware attacks grew 105% in the year 2021 with a total of 623.3 million reported ransomware attacks globally.
Also known as bots. This type of malware acts as a spider, crawling the internet searching for vulnerabilities in security infrastructures to penetrate a device or a network (bot=robot, meaning it crawls the infrastructure robotically). A botnet attack can compromise a whole network of devices even if they are not connected on the same network but exchange data one way or another. Botnets are used by attackers to gain access into user’s device through a piece of code and could be the first step towards launching a DDoS attack, record user’s activity including keystrokes, webcam and take screenshots. The worst-case scenario for a botnet attack is hackers taking complete control of a device.
Spyware is the kind of malware that gains access to the user’s internet activity without their knowledge. It is often used for spying, tracking online activity and logging browsing, log in and password information. A spyware can also be used to commit fraud or impersonate a user on one of their accounts. One type of spyware is keyloggers, that has the ability to monitor and log the activity of the victim’s keyboard to spy on what they are typing in password fields for example, making it easier to fetch their log in data, or worse, commit credit card fraud.
Worm malware is a particularly insidious type of malware that operates differently from viruses. While viruses require human interaction to spread, worm malware can replicate itself without any intervention and doesn't need to attach itself to other software to wreak havoc. Worms can spread through software vulnerabilities, email attachments or USB devices. Once installed, it silently infects a device or the complete network without a user’s knowledge. The impact can range from file damage and stealing to creating botnets, launching DDoS or Ransomware attacks.
5. Fileless Malware:
Unlike file-based malwares that require action from a user, Fileless malware is a snippet of malicious code that uses already existing applications or software to piggyback on it. The term fileless means that the threat is not file based. Instead it runs in the memory through an already running software or application to cause damage. This is why fileless malware is much harder to spot. Such malware can disrupt antivirus software and steal a device’s data.
6. Trojan Virus:
The term originated from the myth of the trojan horse, where soldiers from one army delivered a sculpted horse as a gift to an opposing army. Once the horse was inside the premises of the enemy, a backdoor in the horse sculpture was opened and a force of attackers started coming out of the horse attacking the enemy’s soldiers. This is the same way a trojan virus behaves on a computer system. It is presented to a user as a harmless file, attractive even in some cases. Once the user downloads the file and clicks it, the threat starts acting on the system by attacking it or establishing a backdoor to leak information about the device/system which the attacker can use.
As the name suggests, this type of malware spreads through digital advertising. By showing users pop-ups or displaying ads that prompt victims to take certain action. Some adware is used for marketing purposes and has harmless intentions, but if deployed by an attacker, adware can be clicked to download spyware, steal user’s data for identity theft purposes or to sell it to third parties. One increasingly common type of adware nowadays is mobile adware, where ads are shown on mobile devices to lure users into malicious websites. In 2017, Fireball was an adware that infected around 250 million device by hijacking the browser and tracking the victims’ web activity.
Rootkits grant access to a user’s device and resources while staying hidden. This is why rootkit attacks usually stay in systems for a long time and cause significant damage. Since they are designed to operate in a hidden way, they can hijack and disable security software and keep the user unknowingly compromised. Attackers use rootkits to gain admin access over a victim’s device, take remote control of said device and spy on their activity.
This is not to be confused with adware. While both rely on advertising to cause damage, Adware is device-based while malvertising runs on websites that seem legitimate and safe. You can only fall victim to a malvertising malware if you click on the ad. Cybercriminals who deploy such attacks can go as far as paying to show such ads on legitimate websites. When you click on one of those ads, you can be redirected to a website where a drive-by-download can take place, ultimately helping criminals with Ransomware attacks,