Malicious software has persistently caused havoc in the UK in recent years and shows no sign of slowing. It’s not just businesses that are affected – in 2017, the WannaCry ransomware attack hit National Health Service systems. It led to delays in medical procedures and an inability to accept new patients at some facilities, including hospitals. A key point to highlight is that the NHS wasn’t specifically targeted – it had simply failed to patch software despite an update being flagged. As will be discussed at the end of this article, it’s always critical to update software as soon as the patch becomes available. Acknowledged weaknesses are open doors for hackers.
If you haven’t been a victim of a malware attack, it’s difficult to imagine the impact that such a thing can have. Recent UK government statistics indicate that most types of attack take more than a week to recover from, and the cost to the UK per attack can easily breach the £1 million mark.
The name malware can easily mislead people into thinking that it is a specific type of virus or hacking tool. It’s generally an umbrella term for any type of software that exists to interfere, disrupt, destroy or misappropriate files, data or computing power. There are many different types of malware. It’s unknown how many specific strands of malware exist, but it is possible to group them into approximate categories, based on what their intended outcome is. Understanding the different types of malware that are out there should help you to protect against them and identify them if needed.
Different types of malware
Contagious, or self-spreading malware
Viruses and worms are well known types of malware and for good reason. They were some of the earliest malware to be created as the internet was coming online. University students experimented with code to test their own skills, but inadvertently discovered ways to exploit end-user’s computers. As the internet developed and business and banking use cases were identified, financial motivation to create viruses and the like led to the consequences we see today.
Viruses
A computer virus can only be passed between computers hidden inside or attached to a file or program. It cannot spread on its own. A user must engage with the software in order to trigger the spread of the virus to other computers. Viruses have a range of effects. For example, some interrupt functionality, some cause damage to particular file types (so-called ‘payload’ attacks) and others can contribute to DDoS attacks on remote targets. Files can be deleted, modified or corrupted.
Worms
Worms cause similar types of damage as viruses, but they replicate themselves in a different way. Where a virus relies on a file to carry it onto the next victim, a worm can travel independently through by exploiting the same routes that regular files take when they sent between workstations.
Worms can use the existing file-transfer routes to spread to other computers, but they can also exploit known software vulnerabilities. They may arrive as hidden attachments in emails or even instant messaging apps. Alternately, fraudulent emails can include links to malicious websites that host the worm, which can trigger an automatic download.
Viruses and worms share common traits in terms of the outcomes of an infection. Along with the afore-mentioned effects, viruses can also self-replicate intensively leading to an overloaded system or network. These types of attacks can take down an entire network very quickly. Some worms can act as a simple backdoor, opening network access to hackers to do as they please.
Concealment malware
In elite sports, some drugs are banned not because they enhance performance, but because they mask the presence of other, more powerful substances. Similarly, when it comes to malware, there are two types of concealment-focussed techniques. They don’t cause damage themselves, but they do help different types of malware enter your system undetected.
Trojans
Named after the ancient wooden horse full of soldiers, trojan horse malware looks innocuous but conceals destructive files within. Often trojans masquerade as software or applications and are innocently downloaded by staff. Once it is on the system it allows the concealed malware to activate, causing a variety of problems for the business.
Rootkits
Rootkits work differently. They do not conceal malicious code within them. Instead they act more like an invisibility cloak. Rootkits obscure traces of malware from antivirus software so they are overlooked and left to continue stealing data or whichever task is left incomplete.
Detection
If you notice any of the following symptoms while using a networked computer, you may have malware operating behind the screen of a rootkit. Worms are particularly adept at causing problems, but these issues may be caused by different malware.
- Has your speed or performance decreased? Malware can use a lot of processing power, so if programs are crashing or lagging unusually, contact IT.
- Check your hard drive. When malware self-replicates it consumes the free space on your drive. If you notice a spike or unexplained full drives, you may have a problem.
- Have you noticed any strange new files? Malware can create, delete and replace files. Watch for unusual file names or data saved in unexpected places.
Secret-stealing malware
Some malware is designed to steal information from users, rather that disrupt or destroy. In these cases, the malware is intended to stay on a computer, undetected, for as long as possible.;
Spyware and keyloggers
Spyware is used to gain unauthorised access to personal and sensitive data. When such data is collected it can be used to drive identity theft and other related crimes. Keyloggers record every key press made on a keyboard. As soon as passwords are entered they are revealed to the hacker, which makes gaining illicit access to corporate and personal data extremely easy.
Ransomware
Ransomware is a disruptive subtype of malware that interferes with a user’s ability to access data stored on a device. Generally, the computer becomes unusable. A single screen display outlines how and when the user can pay to have their data unlocked or returned. The payments are usually demanded in anonymous cryptocurrency such as bitcoin. Ransomware attacks are usually focussed on corporate networks, but they have also impacted public service systems such as the NHS.
There are different strains of ransomware, but they all have the same end effect of illegitimately withholding holding data for ransom. Encrypting ransomware blocks system files through encryption, while locker ransomware locks the computer, denying access to any files, but without interfering with them. Master Boot Record (MBR) ransomware overwrites the computers so they cannot be booted at all, which is particularly difficult to overcome without significant data loss.
How to protect against different types of malware
It’s clear that malware comes in many different shapes and sizes. Each type works to enact a specific outcome. Malware can act very quickly once it’s on your system, and it can be difficult to remove. Remember that a serious malware incursion can cost a business significant money in lost trade, lost trust and potential fines related to the GDPR. If you want to test your current cyber security levels, or believe you have malware on your business networks, contact an IT expert immediately.
The best outcome is to prevent malware accessing your systems in the first instance. A comprehensive cyber security plan should significantly reduce the risk of an incursion and may help to limit damage if it does happen.
Situational awareness
Business owners, IT managers and anyone else that is involved with IT management should be across the latest identified cyber security threats. If you are aware of major malware strikes or notice chatter about a string of common incidents you can act pre-emptively to protect your assets.
Maintain a firewall
Your business network connects to the internet in multiple ways each day. Emails, VOIP calls, browsing and transacting must all pass through a doorway of sorts out into the open internet. A firewall creates a digital fortress that stops malicious data from trying to come back through that door into your network. Having a functional firewall with proxy servers will help to prevent many malware attacks.
Diversify security software
Seek out expert opinions on the best anti-virus software, but don’t stop there. Programs are available that protect against specific threats like spyware or focus on detecting rootkits for example. An external audit can be conducted to test your levels of cyber security in a real-life scenario.
Data encryption
If you can encrypt your data within your network, it will be essentially useless to hackers that manage to access it. Different encryption solutions are available depending on the needs of your business.
Automatic updates are crucial
When a weakness in an application or software program is identified, a patch is created to fix the issue. Once a patch, or software update is released, it is crucial that it is applied immediately. Once the weakness is identified, hackers will seek out copies of the program that haven’t been patched. It’s something of an open door for malware attacks. Automatically apply updates to your operating system, applications and any other program that receives them.
Strict password management
Automatically force employees to change their passwords regularly. When common passwords are used between personal and business accounts it creates additional weaknesses in cyber security. Require combinations of upper case and lower-case letters, numbers and even symbols to make them difficult to break.
Employee training and policies
Provide ample opportunities for your staff to understand the significance of cyber security practices in the workplace. Their jobs may well depend on the business remaining secure. Training sessions and regular touchstone occasions will help to maintain secure behaviour as a habit. Particularly focus on phishing email threats, as most malware is now activated through employee engagement with fraudulent emails.
Secure workplace policies
As malware often replicates through shared files, make a strict policy of disallowing USBs or other devices to be used on company computers. Maintain a register of portable devices such as laptops and smartphones and ensure they can be reset to default remotely in case of theft. Depending on the layout of your workspace, you may consider access policies that restrict contractors or staff from accessing sensitive server storage or other locations on the premises.
Back everything up
Remote servers make data back up secure and reliable. Sending your data offsite to one or more secure locations ensures minimal losses in case of a ransomware or similar attack. It also reduces data loss in the event a device must be wiped remotely.
Prepare for the worst
Ensure you don’t front-load your cyber security policy. There are many different types of malware and it’s likely that one will slip through the net eventually. Don’t leave your business without a clearly defined action plan in case malware is detected. Limit the damage where possible, alert authorities promptly and meet your disclosure requirements as per GDPR regulations.
Malware has existed in various forms since the internet became more widely accessible. There’s no doubt that significant attacks will continue to occur. Malware attacks on businesses often feel unexpected, they tend to fall under the ‘it won’t happen to me’ line of thinking, which is dangerous. Remember that malicious actors often focus their efforts on small business as they are likely to have weaker defences than large corporations. Prove them wrong by understanding the threats and protecting against them.
About Mustard IT, your cyber security partner
Mustard IT provide the design, build, installation and maintenance of secure IT servers and networks, and assist businesses to develop strong protections against malware incursions. Our trusted team are experienced able to explain complex issues to you in a language you’ll understand. Contact us today to find out how we can help you.
