Malware is a malicious type of code or scripting that remains one of the most prominent cyber security threats in the digital landscape. In a typical scenario, a malware infection occurs when the victim is tricked into opening a suspicious document or link that executes the malicious program.
Provided the infection is successful, the malware can then:
- Delete, corrupt, or encrypt your files
- Download additional payload
- Steal data
- Grant backdoor system access to an unauthorized third-party
- Spy on you
- Crash the operating system
There are several types of malware that generally falls into the following categories:
Trojans are one of the sneakiest computer security threats because this type of malware is usually bundled as part of another program or software with useful functionality. In other words, the victim doesn’t need much convincing to execute it. A key differentiating characteristic from viruses is that trojans don’t have the tendency to replicate themselves.
Spyware is the type of malware that is specifically designed to spy on its victim and their activities. It can also extract information about their operating system and software, analyze their browsing habits, and send sensitive data back to its creator. In certain situations, this can lead to blackmailing, extortion, etc.
Unlike typical malware, these utilize a “shotgun approach”, meaning they rarely target any particular victim. The objective of a worm is to replicate and propagate itself across networks. Commonly distributed via infected email attachments, once being able to affect the target device, worms will attempt to scan the victim’s contact list to send emails with infected attachments to whoever they can.
In some instances, worms are the IT security weapon of choice when it comes to launching a DDoS attack or overloading an email server.
Viruses are one of the most traditional forms of malware. After infecting the device, viruses will attempt to replicate themselves to infect others. They can also attach themselves to another file.
Whenever the recipient of the infected file launches it, the malicious code gets executed and infects their machine.
Out of every type of malware listed, ransomware is arguably one of the most fearsome cyber security threats in existence because it takes file access away from the rightful owner. Once the infection has taken place, instead of the regular file, the victim is met with an encrypted version that’s inaccessible without the proper decryption key.
Typically, the attackers are looking to extort a ransom in Bitcoin or other untraceable cryptocurrencies in exchange for the key. The problem is, nothing binds them to honor the deal even if they manage to get paid, so it’s NOT recommended to comply.
Commonly used as part of a DDoS attack, botnets are a fleet of infected devices an attacker controls from the outside. The larger the number of devices under a hacker’s control, the more powerful of an attack they can mount against their target. In concrete numbers, these could be millions of devices that all participate in a coordinated cyber attack.
A botnet can be used for a variety of different types of attacks:
DDoS attacks are most commonly initiated by a cluster of infected devices that are part of a botnet, usually without their webmaster’s knowledge. As the attack is executed, the target website or network is flooded with massive waves of meaningless traffic so it gets overloaded to the point of no longer being able to serve legitimate users.
DDoS attacks may have personal or political motives or they can be launched by a company-sponsored hacker in the corporate space to gain an advantage over the competition.
Botnets can also be used to send out waves of email spam. Typically, these messages would either contain unsolicited advertising or they could even resort to more underhanded tactics such as phishing and malware distribution.
If they go the malware route, the underlying purpose is likely to expand the botnet – any device that gets infected is then added to the botnet.
As already mentioned, botnets are sometimes used in the corporate space to target high-value systems belonging to a company or an organization. Once capitalized, the targeted device then allows the hackers to make their way deeper into the organization’s cyber IT network.
Once inside, the hackers can steal valuable information such as sensitive data of their customers, research, financial data, intellectual property, and other sensitive data.
Enterprise financial theft
A sophisticated botnet can be used for the purpose of high-profile financial crime. For instance, they may be programmed to go after credit card information specifically and a swiftly executed attack can cause billions of dollars in damages in a rather short window of time. An example would be the infamous ZeuS botnet.