Cyber Attack Guide – Malware
Over the years, we’ve seen far too many malware attacks that have had a genuinely devastating worldwide impact. For example, the ILOVEYOU worm in the early 2000s reportedly registered over fifty million infections in a matter of ten days, disrupting the operation of an estimated 10% of the internet-connected computers at the time.
More recently, in 2017, the WannaCry ransomware hit over 300,000 computers in around 150 countries, causing billions of dollars worth of damage.
Despite all this, many people continue to underestimate this threat. Today, we’ll try to fix that and learn how to build our defenses against malware attacks.
Table of Contents:
The State of Cybersecurity
Part of the reason for users’ negligent attitude toward malware lies in their lack of perspective when it comes to the modern cybersecurity landscape. Many people wrongly assume they don’t pose a valuable enough target for hackers and that the likelihood of cybercriminals targeting them is slim at best.
Even business organizations neglect malware protection, often citing the lack of budget to excuse their poorly configured networks.
While people and businesses continue to have a rather nonchalant attitude toward the problem, AV-TEST, an independent cybersecurity organization, registers over 350,000 new malicious and potentially unwanted programs every day. According to Statista, in 2019, there were around 10 billion malware attacks worldwide, and Accenture says very nearly half of them targeted small businesses.
Malware isn’t something you should take lightly, regardless of whether you want to protect your home computer, your website, or the network that hosts your online properties. To defeat the threat, you should first understand its nature.
What is Malware?
Malware is short for malicious software. The term refers to any software application intentionally designed to disrupt a computer system’s normal operation and/or result in unauthorized access to your personal data.
Malware can target both individual users and large computer networks. It facilitates a broad scope of criminal activities, including data and identity theft, extortion, denial of service, etc.
For example, hackers can choose from hundreds of password-stealing tools if they want to get a hold of your login and personal information. If they’re after cold hard cash – they can either enroll the victim’s hardware resources in an illegal cryptocurrency mining or encrypt the victim’s data and then ask for a ransom to decrypt it (known as Ransomware).
Some sophisticated attackers even use malware in complex sabotage operations and can even aim it at national governments.
Many people misconstrue malware as a Windows-exclusive problem. The truth is, although attacks against Microsoft’s operating system are far more frequent and successful, users of macOS, Linux, and other operating systems are not exempt from the hackers’ hit list.
Types of Malware
Malware comes in all shapes and sizes, and to protect yourself, you need to distinguish the different types of threats and their characteristics.
Based on their behavior after they’ve infected the target, malware strains can be classified into the following categories:
- Viruses – Many people use the terms “computer virus” and “malware” interchangeably, but in reality, viruses are a sub-set of malicious software. They usually come in the form of executable files or scripts embedded in Word documents, relying on user interaction to start their illegal operation. They can be used for a variety of nefarious purposes, and like real-world viruses, they try to replicate themselves, affecting as many users as possible.
- Worms – Worms are pretty similar to viruses in the sense that they replicate themselves across a network, hitting multiple systems at the same time. The main difference is the user doesn’t need to double-click a file or open a document to execute them. They are almost completely autonomous.
- Adware – Many people argue that adware doesn’t fit with the definition of malware. Sure, compared to what some other types of malware do, displaying annoying unsolicited adverts doesn’t seem like the most dangerous activity. Still, hackers often use adware in combination with other, more serious threats. What’s more, adware is often an essential part of lucrative click fraud campaigns that fuel other criminal operations.
- Trojan horses – Trojan horses are disguised as legitimate files and usually act as a delivery vehicle for other malicious payloads. A trojan horse establishes a firm foothold on the targeted network and defeats some of its security systems before deploying the malicious program.
- Ransomware – Ransomware is a relatively new form of malware and getting quite a lot of attention lately. The operation relies on a malicious program that encrypts the files on the targeted computer, effectively cutting the owner’s access to the data.
Then, the hackers contact the victim and demand a ransom in exchange for restoring the files. To add salt to the wound, there is no guarantee the attackers will give you back your data even after you pay the ransom. That’s why it’s always important to perform regular backups and keep the information in a secure, offsite location.
- Spyware – Spyware is a general term describing all applications that enter a targeted computer and collect information about the victim. The stolen data could include everything from passwords to contact lists, instant messaging logs, files, and browsing habits.
- Botnet malware – This type of malware aims to enroll a computer into a botnet – a vast network of devices (known as zombies). Hackers later use those to launch spam campaigns and Distributed Denial of Service (DDoS) attacks.
How Does Malware Work?
There are many different types of malware, and the range of techniques hackers use to carry out their schemes is practically endless. If all cyber attacks followed the same pattern, defending against them would have been very easy.
Still, there is light at the end of the tunnel.
Some elements are present in almost every malware attack. One of the first things hackers consider before starting a malware campaign is the attack vector. The method for distributing the malicious programs plays a crucial role in the attack’s success.
For years, emails with malicious links or attachments have been the preferred method for most attacks, and they still work well against many victims. However, as malware attacks grow more and more common, people learn to be a bit more suspicious of unexpected messages in their inbox, particularly those coming from unknown sources.
Increased awareness has also played a part in the decline of pirated and bundled software as a malware distribution method. In the past, hackers would take advantage of people’s reluctance to pay for software and hide their malware in cracked versions of genuine products. The practice hasn’t disappeared completely, but it’s less common now.
On the other hand, drive-by downloads are still in extensive use. Utilizing such a method, the attacker plants a malicious payload on a website the targeted user is likely to visit. Whenever the victim ends up there, their computer downloads the malware alongside the legitimate data, and the next stage of the attack can begin.
Brute force attacks are also quite popular with hackers. Too many users and organizations don’t do enough to set a secure enough network, and poor password management is even more common. To a large extent, this trivializes brute force attacks against a wide range of communication protocols and makes this particular vector rather popular. When the hackers get the correct access levels, launching the attack is not really a problem.
Usually, deploying the malware is only half the story.
Cyberattacks often have multiple stages, and hackers need to manage the process from start to finish. That’s why establishing a Command & Control (C&C) infrastructure before the attack begins is so crucial.
An attack’s C&C can consist of a single personal computer or an entire network of devices used as a proxy to hide the hackers’ leads. Attackers use the C&C infrastructure for storing the stolen information and sending new instructions. The means for relaying the commands range from old communication protocols like IRC to clever exploitation of public social networks like Twitter.
What Can You Do to Prevent a Malware Attack
You’ve probably heard that using only licensed, fully-patched software products significantly boosts your chances of withstanding a malware attack. A reputable security solution can also help you beef up your defenses. Still, keeping yourself safe may require a slight tuning of your daily habits as well.
For example, spam makes up more than half of all email traffic, according to Kaspersky. No matter how good your spam filters are, it’s essential to be careful with every single message that ends up in your inbox.
It’s important to ensure you don’t unwittingly become a part of a malware campaign. Website owners must remember that compromised sites often play an integral role in malware distribution operations, so they need to take careful steps to boost their projects’ security as much as possible. The same goes for the email addresses associated with their domains.
The Role of Your Hosting Provider
The web hosting industry plays a significant part in keeping malware distribution to a minimum.
During large-scale attacks, hackers usually need to process enormous volumes of data and control many attacks across the globe. Doing this from a personal computer is not really possible, so they often try to compromise hosting servers and use them as a C&C solution.
It’s up to hosting companies to make sure this doesn’t happen.
A good host is interested in keeping its clients’ sites malware-free. That’s why, at ScalaHosting, we have taken special care when developing our very own security solution – SShield. Тhis proprietary Scala product scans all incoming traffic and alerts you if it detects any suspicious activities. And it is already proven to catch 99.998% of all threats before they even hit the server.
SShield comes absolutely free of charge for ScalaHosting customers as part of the SPanel control panel bundle.
For users, malware is a modern-day plague. For cybercriminals – it’s a lucrative business that generates millions of dollars in profits every year.
Over the years, hackers have developed numerous techniques of distributing malware and using it for all sorts of nefarious purposes. Thankfully, security professionals have responded by releasing tools and defense mechanisms that can defeat most common attacks. It’s up to you to find the one that best suits the needs of your particular project.
Who creates malware?
Cybercriminals are most commonly associated with malware development and distribution, but malicious software can be used for more than just ruining the day for regular internet users. For example, covert government agencies develop and use malware for the purpose of cyberespionage.
The so-called white hat hackers also employ malware tools in their penetration testing exercises. Their goal is to help organizations beef up the security of their networks and protect them against real threats.
How do I get rid of malware?
Different types of malware work in different ways, and there is no universal step-by-step guide you can follow when dealing with an infection. In many cases, an anti-malware product can put a quick and relatively painless end to the attack. Sometimes, however, hackers activate persistence mechanisms that make removal a lot trickier. In such cases, a fresh re-install of the entire operating system might be the only option.
How do hackers install malware?
Cybercriminals use many different attack vectors to infect unsuspecting users with malware. Often, they employ social engineering to trick you into visiting a compromised or malicious website, clicking a link, or opening an email attachment. More sophisticated hackers employ advanced techniques to infiltrate the target’s network and deploy the malware manually.