Malware is something to always be aware of for users who have daily activities that are inseparable from computers or internet networks.

Moreover, at this time every job always requires a computer and internet that can be accessed by everyone. It can be dangerous if all important data that is on a computer device or connected to the internet.

Before we discuss how to handle malware, we will discuss what malware is and the types of malware that are common and often encountered.

What is Malware?

Malware, or malicious software, is software that is written or designed with the intention of harming data, devices, or people.

Systems infected by malware have symptoms such as running slowly, sending emails by itself without any action from the email user, re-booting randomly, and starting an unknown process.

Malware infects a computer or network device in the following ways.

Social engineering

Malware is often used by irresponsible individuals or groups through phishing, vishing, or smishing, which are all forms of social engineering attacks.

In fact, social engineering attacks with malware are often carried out via email. To summarize, the threat actor will try to take sensitive information by manipulating the targeted person to click on the link in the email to accuse an attachment that has been attached to the email. If successful, the malicious payload will be delivered to the target.

Leveraging Vulnerability

One of the easiest ways for threat actors to break into a system or network is to apply a series of exploits that are known to be successful.

For companies, such attacks can threaten their business operating systems and companies can also lose money due to obstructed business processes caused by attacks on vulnerabilities in their systems.

Common Types of Malware

Malware comes in many forms to attack users who use computer devices and internet networks. However, there are several types of malware that are most common and often encountered.

Virus

Viruses are the most common type of malware attack used to infect systems. The user must click or copy the virus onto a medium or host in order for the virus to infect the system.

Most viruses self-replicate without the user's knowledge and spread from one system to another through email, instant messaging, downloads from websites, removable media (USB) and network connections.

Viruses usually remain dormant until they spread to a network or a number of devices before delivering their payload.

Keyloggers

Keylogging, or keyboard recording, is an attack that attempts to record a user's keystrokes and send the data to a threat actor.

Users are often unaware that their actions are being monitored. While there are cases where keyloggers are used to track the activities of employees of a company, they are mostly used to steal passwords or sensitive data.

Keyloggers can be physical cables that are secretly connected to peripherals such as keyboards, or installed by Trojans.

Worms

Worms are similar to viruses in that they can self-replicate and spread complete copies and segments of themselves through network connections, email attachments, and instant messaging.

The difference between a worm and a virus is that a worm does not require a host to start, self-replicate and spread. Worms are commonly used against email servers, web servers, and database servers.

Once a device or system is infected, worms spread quickly through internet connections and computer networks.

Trojan Horse

A Trojan Horse is malware that disguises itself as software by hiding on the user's computer until it is activated.

When activated, the Trojan can carry out threats by spying on the target user, stealing sensitive data, and gaining backdoor access to the target system.

Trojans are usually downloaded through email attachments, website downloads, and instant messaging.

Social engineering tactics are also commonly used to trick users into loading and executing Trojans on their systems. Unlike computer viruses and worms, Trojans cannot replicate themselves.

Ransomware / Crypto-Malware

Ransomware is a type of malware designed to lock users out of their systems or deny data access until a ransom is paid.

Crypto-Malware is a type of ransomware that encrypts the user's files and requires payment within a certain period of time, often using the Bitcoin currency.

Logic Bomb

A Logic Bomb is a type of malware that will only activate when triggered, such as on a specific date/time or on a set date.

Logic bombs usually come in a package with Viruses and Worms and often deliver a malicious payload at a predetermined time or when a condition is met. The damage caused can vary from altering bytes of data to making hard drives unreadable.

Antiviruses can detect most common logic bombs at run time. However, until they carry out an attack, logic bombs will lie dormant in the target system for weeks, months, or years.

Bot/Botnet

A botnet or robot network is a group of bots that are all types of computer systems connected to a network whose security has been compromised.

Mirai botnet that can control IoT-connected devices or other smart appliances.

Threat actors will deploy DDoS (Distributed Denial of Service) attacks by sending large amounts of data to website hosting companies that can cause many websites to go offline.

Adware & Spyware

Adware & spyware are unwanted software. Why? Because adware is designed to deliver advertisements that are silently installed in the background of the browser without the user's knowledge or permission.

Although harmless, adware can be annoying to users.

Spyware, on the other hand, is a type of malware designed to gain access to and damage a user's computer. Spyware will collect user information such as habits, browsing history, and personal identification information. Then the attacker who installed the Spyware on the target user's computer will sell the obtained data to advertising or data companies, expose bank accounts, or steal the user's personal identity.

Spyware is often downloaded by users in software bundles or on file sharing sites.

Rootkit

Rootkits are backdoor programs that allow threat actors to maintain command and control over a computer without the user's knowledge.

This access can potentially result in complete control over the targeted system. The controller can then log files, spy on the owner's usage, run files, and remotely change system configurations.

Some antivirus software can detect rootkits, but they are difficult to remove from the system. For most cases, the best way to remove a rootkit is to rebuild the compromised system.

How to prevent Malware attacks?

While it is impossible to fully protect a system from cybercriminals, there are a number of steps that can be taken and considered to prevent malware attacks which are as follows.

Develop an Information Security Policy

Security policies provide companies with a roadmap for employees on what to do and when to do it, and who gets access to systems or information. They are also necessary to establish compliance, regulations, or laws regarding information security.

Examples of security policies that might prevent malware attacks are as follows.

• Social Engineering Awareness Policy - Defines guidelines for providing awareness around social engineering threats and defines procedures when dealing with social engineering threats.
• Server Protection Policy - The purpose of the Server Protection Policy is to outline which server systems are required to have anti-virus and/or anti-spyware applications.
• Software Installation Policy - The purpose of the Software Installation Policy is to outline the requirements surrounding the installation of software on corporate computing devices. To minimize the risk of loss of program functionality, exposure to sensitive information contained within the Company's computing network, risk of malware introduction, and legal risk of running unlicensed software.
• Removable Media Policy - The purpose of the Removable Media Policy is to minimize the risk of loss or exposure of sensitive information maintained by the company and to reduce the risk of contracting malware infections on company-operated computers.

Implementing Security Awareness Training

Security Awareness Training is a company's investment into information technology security-related training for all parts/device within the company. This training can save a significant amount of money potentially lost from cyber attacks.

Awareness training involves basic development, user training, phishing campaigns and reporting on training results.

• Baseline Testing - Provides baseline testing to assess the likelihood of users being exposed to phishing attacks.
• User Training - interactive modules, videos, games, posters and newsletters designed to educate users on the latest social engineering attacks. This training is often automated with scheduled email reminders.
• Phishing Campaigns - Perform simulated phishing attacks from the organization's side and are fully automated.
• Reporting Results - Statistics and graphs for training and phishing activities to show ROI.

The ideal way for companies to conduct security awareness is to include it in a security training module oriented for new employees and make it a requirement for access to critical systems.

Training should be conducted and completed at least annually and training should relate to not only identifying attacks, but also appropriate actions/responses and reporting flows to the incident response team for proactive action.

Training should be conducted for caregivers to understand what is considered unsafe behavior and know when to take action to protect themselves and the company.

Install Anti-Malware & Spam Filters

Email is often used to deliver malware and socially engineered attacks. While employees have anti-virus and anti-malware software installed on their workstations, it is recommended that companies add it to email servers as part of a defense-in-depth approach.

Setting up spam filters is a balancing act because on the one hand, network admins want to block all malicious traffic. But if the blocking applied is too aggressive then legitimate traffic will be blocked and users will start complaining about it.

After 2-3 weeks of usage, a baseline for the network can be established and further adjustments made.

Routine Vulnerability Assessment

Regular network vulnerability scanning can help companies identify known vulnerabilities, lack of security controls, and common configuration errors.

Companies can use a tool or software designed to scan for system vulnerabilities. Most scanners will display the collected information on a dashboard that lists each vulnerability found and its severity. The scanner will provide raw scan results, in addition most vulnerability scanning services include an assessment report consisting of a remediation plan to resolve the systems at risk.

Companies may have to consider implementing a patch management program. The main purpose of such a program is to continuously identify, prioritize, remediate, and report on security vulnerabilities in the system.

Reference:

https://www.niagahoster.co.id/blog/apa-itu-malware/

https://purplesec.us/common-malware-types/

Want to know more information, please visit our website at:

https://agus-hermanto.com/

Don't forget to follow our other social media

Instagram          : hdnmetatech

linkedin              : https://www.linkedin.com/company/herdina-metatech-sinergi-corp

Facebook           : Herdina Metatech Sinergi Corp