To recognize which malicious applications we should protect ourselves from is an important step to define a security plan and to choose the right protection controls.
So, do you know what is a malware?
Malware are software specifically designed to perform harmful actions and malicious activities on a device or network.
Note that the functions of each malicious software can be very different. While ransomware hijacks data and devices, adware hinders productivity with persistent ads. Therefore, each type of malware requires a type of corrective action. In other words, knowing what type of malware poses the greatest risk, you can choose the best controls to protect your environment and devices.
So let’s look at the most common types of malware below:
Everyone has wondered what is a virus or what is the difference between a virus and a malware. This question is among the most popular in the cybersecurity universe.
Every virus is a malware. But not all malware are viruses.
Viruses modify other legitimate operating system files so that malicious code runs along with the host.
Like the biological virus, the cyber virus has no action if it is isolated. Therefore, this type of application needs to create a copy of their code in the host file. Only then it can infect other files and resources on your system.
Worms have a very peculiar and relevant tactic for cybercrime: they deliver the malicious codes and are able to replicate themselves in systems. They have been around for as long as viruses, but they do not need to be hosted on a system file to run. As a consequence, worms do not require user action (click link, for example) to work.
Therefore, if you identify an application that spreads across different devices or network resources, it may have worm functions.
Have you noticed that each type of malware above has a peculiar name. So does the Trojan, a type of malicious application inspired by Greek mythology.
How sophisticated, right?!
A little bit of mythology: after several years of battle against Troy, unable to enter the fortified city to recover Helen, Greek soldiers built a giant hollow-wood horse, hid inside it and left it at the city gates. The Trojans confided that this was a gift and represented that the Greeks gave up the war. Then they let the horse cross the wall. Thus, the Greek soldiers were able to enter Troy and continue the war.
What is a trojan? It is a file with malicious code embedded, but disguised as legitimate application with the purpose of deceiving the user. This type of application uses the greek strategy to attack devices and network environments.
To fight trojans, it is important to be aware of frequent social engineering tactics, since this type of application needs user action to infect a system.
Among currently popular malware, this type of application takes over a device, preventing users from accessing the data or the entire operating system. To restore access, the cybercriminal demands ransom.
Identifying a ransomware application is may be a great difficulty. When most users realize the infection, is too late: their system or data is already blocked.
As we detailed in the blog How to detect bot traffic, there are applications designed to perform recurring actions in an automated way. Of course this tactic can be used to perform non-malicious repetitive actions. However, bots are widely known for their application in malicious tactics.
An exploit can be software, a sequence of data or commands used to explore a system’s potential vulnerabilities. Like bots, exploits can be used as a tool for IT (aiming to stress possible breaches in a given system or application), but are often used by cybercriminals to cause some unexpected behavior in the execution of software or hardware.
Used with a malicious intent, it can be especially dangerous because type of application will combine different malware tactics to exploit the target resource or system.
ADWARE AND SPYWARE
Do you recall that pushy ad or toolbars that appear in the web browser without apparent user request? They are also malware. They are not among the most dangerous, but it is still important to avoid them. Adware and Spyware are the most frequent.
What is Adware? It is a category of malware that will expose the user to unwanted or potentially malicious advertising. An application can contaminate the device and, for example, display repetitive ads or redirect a user’s search to cloned pages with product offerings.
What is Spyware? It is a spy program, that is, malware designed to track a user’s activities on the device. In general, such malware seeks to gather information to promote some sort of social engineering scam. However, adopted as a targeted tactic, they may be related to the theft of confidential information, such as intellectual property.
Knowing how each type of malware behaves makes it easier to establish a strategy, right?
However, cybercriminals also know this and develop malware with hybrid functions, in order to make identification difficult. The episode with WannaCry is a good example: a software that blocks access to the system (ransomware) with the ability to replicate itself to other devices in the network (worm).
WHAT IS A BACKDOOR?
Creating undocumented ports to return to the system, even after a previous incident was solved, is a frequent malware tactic, called backdoor.
But then, what is a backdoor? Is it a threat (malware) or vulnerability (the breach of the system)? That’s a tricky question. We can say that the two scenarios are true.
- Backdoor may be the tactic of a malware attack – that is, one of the steps of the attack is to open a backdoor for a cybercriminal’s next actions (the backdoor is only the vulnerability created by malware, which has other goals); or
- Backdoor can be the goal – that is, malware is meant to create the “backdoor” (the backdoor is the malware itself as well as the vulnerability created in the system).
What is the best protection against malware?
Most malware are distributed through frequently-used channels, such as e-mail files, URLs with executable files or malicious websites and advertising.
Also consider that most malware need a user’s action to activate their malicious load and contaminate private environments.
Therefore, one of the first prevention measures is to educate business users so that they are careful when activating resources online.
Equally relevant, every company should adopt cybersecurity controls. Most products have malware and virus signatures, which helps identify known threats more quickly. But we’ve put together a few tips on controls that can further enhance the protection of your environment:
- Advanced Threat Protection (ATP) has the ability to identify unknown threats, bringing together technologies to detect malicious traffic and targeted attacks caused by malware (Antivirus, Network Analysis, Static Analysis and File Heuristics etc.);
- Secure Web Gateway allows you to manage the types of pages the corporate user can access, controlling for categories that potentially pose more security risks. In addition, it associates SSL inspection capability, which thoroughly evaluates encrypted content.
- Finally, Sandbox allows you to isolate suspicious application samples to study their behavior and determine whether or not they are malicious. This type of solution implements technologies capable of detecting and identifying unknown malware (Zero Day) based on malware analysis in a controlled environment.
Finally, it is important to defend your network environment against all types of malware, but this can be done more efficiently.
Understanding the most feasible risks to the environment, IT management can decide to adopt targeted controls. But for this, it is important to map the environment to find vulnerabilities or security policy breaches. A final tip is to adopt a vulnerability management solution to help prevent malware, that is, by identifying breaches that can be exploited, based on a cybersecurity intelligence library.
Want to know how BLOCKBIT can help your business detect and block malware? Consult our experts.