If you use computers in your business or day-to-day life, it's likely you've either experienced a malware attack or heard of someone who has. But what is malware, and why is it such a major concern for many organizations?
Malware is malicious software designed to infect computers, phones or similar devices. The software may damage the device, collect information or be used to extort money from the victim. In the first three quarters of 2022, there were around 60 million new malware attacks discovered, of which over 95% targeted systems running Microsoft Windows. Malware infection can be a frustrating experience for end users and costly to businesses. Learning how malware works and how to avoid infection is the first step toward good cybersecurity.
How Does Malware Work?
Malware infects computers in a variety of ways. Some malware spreads by exploiting vulnerabilities in software that is already running on the machine. In other cases, attackers trick victims into installing malicious software on their computers either through phishing emails, pop-ups on websites or simple social engineering. Once the malicious software is installed on the victim's computer, it can do what it was designed for, which could be encrypting or deleting files, spying on the user or allowing the attacker to control the user's computer to launch other attacks.
Types of Malware
There are many types of malware, but some of the most common include:
Adware: this variety of malware is perhaps the least damaging on the list. Adware hides its presence on the user's device and shows advertisements. A user who has a computer infected with malware may see lots of pop-up advertisements and be unaware they're caused by a malware infection rather than a normal part of the websites they're visiting.
Botnets: hackers use malware to gain control of their victim's machines. A botnet is a network of machines that has been infected by malware and is under the control of a hacker. The hacker then uses those machines to launch denial of service attacks on other victims, perform CPU-intensive work or launch further attacks while using the victims' computers to obfuscate their identities.
Ransomware: this type of malware is frequently used by organized attackers who target large organizations. Hackers infect the organization's computers and encrypt important files on the computer. They then demand a substantial ransom from the victim to be paid in bitcoin or other cryptocurrency before they will decrypt the victim's files. Not all ransomware targets large organizations, however. Some ransomware spreads through phishing or infected websites, infecting private users' computers and carrying lower ransoms. Some well-known ransomware variants are covered in our ransomware glossary.
Trojans: in the context of malware, a trojan is a malicious application that is made to look like a legitimate program. A user might think they're downloading a game or an office application, but that application may actually be a piece of ransomware or some form of Remote Access Tool (RAT) used by a hacker to add their computer to a botnet.
Worms: a worm is a form of malware that attempts to replicate itself automatically by using known software vulnerabilities. Once a worm has infected one computer, it will scan that computer to see what network connections it has and try to infect other connected computers or network drives it can see. Some botnets grow using worms, and some ransomware spreads itself via worms.
Spyware: malware that monitors the user's computer and then reports back with information about the device and/or how it is being used is known as spyware. Some definitions of the term class legitimate software that gathers data about users as falling into this category. Other definitions only consider an application to be spyware if it attempts to install itself and collect data without the user being aware of the application.
Virus: a virus is a malicious application that lies dormant until the user executes the file or takes some other action to allow the malicious code to be run. It's this requirement for the user to take action that distinguishes viruses from worms.
How to Protect Against Malware
While highly targeted malware attacks do occur, such attacks tend to be aimed at large organizations that may be able to pay a substantial ransom to the attackers. It's far more common for malware infections to be opportunistic. Following good cybersecurity practices can reduce the risk of malware attacks and help mitigate them if they do occur. Some easy-to-implement precautions include:
Using antivirus software and firewalls. Windows Defender is shipped with modern versions of Windows and has regularly updated definition files to detect common malware attacks.
Choosing an email provider with robust spam filtering to prevent most phishing attacks from reaching end users.
Providing cybersecurity training that covers topics such as how to spot phishing emails and the importance of not installing unknown software.
Teaching employees not to plug in unknown devices or run personal media on their work machines.
Disabling autorun for CDs/DVDs and other mounted media.
Locking down employee machines so users don't have administrative rights.
Saving regular backups of important files and storing copies of those backups off-site and offline.
Considering using Desktop as a Service or similar technology to allow users to access important software or tools from their own devices.
How to Detect and Remove Malicious Software
The process for detecting and removing malicious software depends on the type of device the malware has been found on. Windows Defender ships with Windows devices and is capable of detecting and removing many threats. Another useful tool is Malwarebytes, which is free for personal use and offers commercial plans for businesses of various sizes.
Those who require multi-platform support or who need to perform more specialist tasks, such as scanning mail gateways, may find ClamAV useful. This open-source tool offers GUI and command-line antivirus scanning for Linux, Windows and Mac devices.
All of these tools can be used to scan for malware detection and offer features to sandbox or remove infected files.
Is malware a virus?
Viruses are a type of malware; however, not all malware is a virus. Spyware, trojans and ransomware are other common categories of malware.
What devices can malware affect?
Malware typically targets desktop or laptop computers running Windows. However, Mac OS computers, Linux servers and even Android phones are not immune to malware attacks.
What is the difference between malware and ransomware?
Malware's definition describes all kinds of malicious software, including botnets, adware and ransomware. In contrast, ransomware specifically refers to malicious software that infects a victim's device and charges a ransom (usually in cryptocurrency) to undo whatever damage the software has done.
How to Get Started
The software listed above can be useful for detecting and neutralizing ransomware threats. However, having efficient backup solutions in place is useful for mitigating incidents that do occur. Investing in cybersecurity training for your staff can greatly reduce the likelihood of accidental malware infection from phishing, malicious emails or drive-by downloads.
If you'd like to know more about how Veeam's backup and recovery tools can help mitigate malware infection and offer protection against ransomware, contact us today for a consultation or download a free trial to try the software for yourself.