In Latin, ‘mal’ is a prefix which means ‘bad’, ‘evil’, and ‘wrong’. Malware, also referred as malicious code, is harmful software and it is designed to create backdoor(s), which will lead to security breaches, information & data theft, and potential unauthorized access to critical information and computing systems. The malware family is comprised of different types of malicious software like Trojans, Spyware, Adware, Ransomware, Worms, and computer Viruses. There are multiple entry points for malware to gain access to the network in an organization.
Malware has gradually emerged to become the defacto choice of cybercriminals, because it helps them hide their identity and launch their attacks from anywhere over the internet. In recent years, the majority of malware based attacks have been carried out for financial gain (theft of sensitive data, industrial espionage, extortion or ransoming of files) and for destabilizing or getting access to critical infrastructures.
Malware is an auto-executable software application that can activate itself or luring the victim to click on it. It comes on various forms, including Java Applets, ActiveX controls, pushed content, plug-ins, scripting languages or other programming languages that are designed to enhance Web pages and email. Malware provides cybercriminals with unauthorized remote access to targeted systems. This is known as a back door, and is used in order to grant access to sensitive data. By doing so, cyber criminals can even wipe out a computer’s data or install spyware.
Scripts, worms and viruses can harm your computer, but they can also use your computer as an entry point to the network of the company, and find their way to the critical business information. Visiting infected websites or clicking on a malicious email link or attachment, could become major gateways for malicious code to sneak into your system.
Example of a Targeted Malware Attack in form of an Email Attachment
1. An email is sent to a specific group of employees in the organization
2. It includes a malicious attachment with malware embedded in it
3. Employees attempt to open the attachment, which infects their PCs
4. Cybercriminals take control over the PCs and using them as back doors to access critical information
Malware Propagation
Countermeasures to Protect Your Business
1. Know what kind of software is installed on your endpoints and maintain a whitelist of approved applications
2. Be informed about potentially vulnerable software and avoid using it
3. Regularly update your system along with all installed software such as browsers, pdf viewers etc.
4. Deploy fullproof anti-malware protection technology in your IT infrastructure and end-points
5. Educate the end users and make them aware of common protection practices. If a site you visit looks suspicious, avoid using it. If an unexpected email comes with an attachment, don’t open it, and instead report it to the right people
6. Avoid using Public Wi-Fi. If you connect to the internet via public Wi-Fi, you could be exposing your data to hackers using the same Wi-Fi
7. Use credentials with strong passwords. Create passwords that are a combination of lower and uppercase letters, numbers and special characters to prevent hackers from simply guessing the correct one.
8. Ensure your third-party contractors follow security best practices. One of the ways companies are most vulnerable to cyberattacks, is through an insecure third-party service provider. Cybercriminals can steal their credentials and gain access to the company’s infrastructure and information.
9. Assess Client Side (workstation) profile to evaluate the security stance of the client side software installed on end user’s workstations and further determine whether they follow security best practices. The assessment should evaluate the client systems and applications against known vulnerabilities, configuration flaws and provide advice on how to remediate the issues
In today’s fast emerging digital economy, the threat landscape grows exponentially. Both individuals and IT teams need to be on high alert and protect their endpoint devices from malware attacks. Understanding the nature of different types of attack vectors and techniques is critical in establishing a robust endpoint protection strategy. A robust and advanced endpoint protection solution is required to provide comprehensive protection to the infrastructure.
Blog by:
Pralhad Chaskar, Cyber Security Analyst, Help AG