The term “malware” defines programs that are infiltrated onto other people’s computers in order to harm their users. This malware is developed by cyber criminals and threatens Internet users and companies’ IT infrastructures.
What is malware? A definition
Everyone is familiar with malware – probably every private individual and every company has come into contact with malware in some form or another. The development and use of malware by cyber criminals is increasing rapidly every year. This is forcing more and more companies to consider what measures, both technical and organizational, can be taken to counteract this development.
The term malware is very broad: Malware includes any form of attack vector on IT systems, be it simple worms or highly aggressive viruses that paralyze the entire system. The effects on the affected devices and even the entire IT infrastructure can be devastating.
Ransomware, viruses, Trojans: different types of malware
In order to be able to decide how efficient prevention can be, it makes sense to look at the existing types of malware. Let’s take a look at the categories and modes of operation:
Virus
Viruses are codes that insert themselves into applications and then become active in order to reproduce themselves when the application is executed.
Worm
Worms reproduce themselves: They spread on their own through communication interfaces in the system.
Trojan
Trojans are codes that trick users into installing them. This often happens through games, software patches or email attachments.
Keylogger
Keyloggers record the use of keystrokes on the computer keyboard.
Grayware
Grayware is divided into two subcategories – spyware, which collects data undetected, and adware, which compiles a personal profile based on collected data and is used for advertising.
Ransomware
Ransomware encrypts data and cybercriminals demand a ransom for decryption.
Rootkit
Rootkit is software that takes over the entire system control with administrator rights.
How does malware work?
Regardless of the type, malware aims to destroy, deliberately change or steal data or cause physical damage. The principle of all these types of malware is similar: users inadvertently download the malware, for example by clicking on an email link or opening software. Emails containing malware are the most common source of detected attacks.
Once the malware has been downloaded and installed, it does what it was made for – it infects the system and works its way into the hands of the hackers.
How dangerous is malware?
According to the research institute for IT security “AV-Test“, a member of the Swiss IT Security Group, more than 131 million new types of malware were registered in 2019. The potential threat posed by malware and possible attacks is very high and continues to increase from year to year.
In the simplest case, malware only causes annoyance for the person affected, as they have to reset their systems. However, the consequences can also be much more serious. The infection of the entire system, enormously high ransom demands, reputational damage or the loss of personal and financial data that is used for purposes other than intended are the greatest dangers for companies.
Advancing digitalization and increasing networking through IoT and Industry 4.0 are making the attack surface even larger for cyber criminals – especially if protective mechanisms are not implemented at all or are inadequate. These effects no longer only affect certain sectors of the economy. Whereas in the early days of malware “only” traditional office areas were affected, the attack surface now extends across all industries and productive areas of the economy. And the major factor of “uncertainty” is an excellent driver for the spread of malware.
A new factor in this development is the global coronavirus pandemic. Very rarely has everyone been affected by an issue so intensely. Many companies were or are being forced to digitize their previous working models within a very short space of time. This has almost automatically created a broad target audience for attackers.
Detecting malware – a real challenge
Malware often works undetected in the background and remains undetected for an indefinite period of time. It is therefore important to pay attention to minor and major changes in the IT infrastructure. An infected infrastructure can most often be recognized by the following changes:
- Unexpected system or program interruptions
- Reduced storage space
- a massively slowed-down system
- Functions can no longer be executed as usual
- Intensive display of pop-ups or advertising
- new programs, some of which start even if they have not been selected
Prevention is the best antidote
All companies should be aware that the best defense against malware is prevention. However, this is not easy and requires a good combination of technical and organizational measures. The following tips can help:
- Create awareness: Employees who are sensitized to the prevailing malware attacks are less vulnerable to attack. This reduces the business risk.
- Invest in the protection of your IT infrastructures: monitor network access, get expert support to identify weak points in your IT infrastructure and set the guard rails for the protection of your data, networks and applications in good time.
- Define measures: Rely on standards, frameworks and certifications such as CIS Controls, NIST Framework, BSI Compendium or ISO 27001/2. These are a good way to detect and remove malware using standardized processes and concrete recommendations for action and implementation.
Continuous further development for more cyber security
As mentioned at the beginning, malware is developing at a rapid pace. Keeping up with this is an athletic feat and vulnerabilities that are exploited by attackers are unfortunately the norm. Malware remains a constant threat. With appropriate measures, however, it can be reduced to a manageable evil. So stay on the ball & let our consulting team advise you!