Cybersecurity: Types of Malware
What is a Malware?
A malware is any malicious code crafted by a threat actor to take control, steal valuable data, or damage a target system. There a several types of malware. Malware have evolved over the years; going from just displaying annoying and harmless messages to be a strategic digital weapon in cyber warfare. Malware used to be independent agent infecting individual endpoints but now with the internet, modern malware are stealth, self-replicating, connected in realtime, and centrally coordinated. Malware of the same type can work together in tandem toward a common goal, with each infected host expanding the attack foothold and increasing the potential damage to the organization.
Common Types of Malware
Viruses
A virus is malware that is self-replicating but must first infect a host program and be executed by a user or process.
Worms
A worm is malware that typically targets a computer network by replicating itself to spread rapidly. Unlike viruses, worms do not need to infect other programs and do not need to be executed by a user or process.
Trojan horses
A Trojan horse is malware that is disguised as a harmless program but actually gives an attacker full control and elevated privileges of an endpoint when installed. Unlike other types of malware, Trojan horses are typically not self-replicating.
Ransomware
A ransomware locks devices (locker ransomware) or encrypts data (crypto ransomware), making it inaccessible until the victim pays a ransom, typically in cryptocurrency. Reveton and LockeR are two examples of locker ransomware, while Locky, TeslaCrypt/EccKrypt, Cryptolocker, and Cryptowall are examples of crypto ransomware.
For a ransomware attack to be successful, attackers must execute the following five steps:
Compromise and control a systemusing techniques like social engineering to deliver the malwarePrevent access to the databy identifying and encrypting the victim's dataNotify the victimabout the compromise, demand payment, and explain steps for making the payment in order to regain access of their dataAccept ransom paymentin an obfuscated way using cryptocurrencies for exampleRestore accessby decrypting the victim's. The attacker provider the decryption key and instructions on how to decrypt the data. 20-30% of victims get their data back after payment of a ransom.
Anti AV
An anti-AV is malware that disables legitimately installed antivirus software on the compromised endpoint, thereby preventing automatic detection and removal of other malware.
Logic bombs
A logic bomb is malware that is triggered by a specified condition, such as a given date or a particular user account being disabled.
Backdoors
A backdoor is malware that allows an attacker to bypass authentication to gain access to a compromised system.
Rootkits
A rootkit is malware that provides privileged (root-level) access to a computer. Rootkits are installed in the BIOS of a machine, which means operating system-level security tools cannot detect them.
Bootkits
A bootkit is malware that is a kernel-mode variant of a rootkit, commonly used to attack computers that are protected by full-disk encryption.
Spyware
A spyware is malware that collect information, such as internet surfing behavior, login credentials, and financial account information on an infected endpoint. Spyware often changes browser and other software settings, and slows computer and internet speeds on an infected endpoint.
AdWare
An adware is spyware that displays annoying advertisements on an infected device, often as pop-up banners.
Conclusion
Modern malware are distributed, fault-tolerant, multifunctional, polymorphic, metamorphic, and stealth. Cryptographic ransomware attacks have surged over the past five years warrants additional consideration. Ransomware criminals often decrypt victim's data but their is no guaranty that they would. Additionally, many threat actors are now exfiltrating a copy of their victims’ valuable data before encrypting it, then selling the data on the dark web after the ransom is paid.
Interesting articles bout the same topic: