While ransomware dominated the security headlines in the first half of 2021, it was not the only malware threat on the landscape. Zeus infections continue to be an ongoing and growing threat. Mirai botnets received an upgrade and are on the rise as well. New versions of Agent Tesla RAT surfaced near the beginning of 2021, and Metasploit Meterpreter and Cobalt Strike continue to be heavily leveraged in several different kinds of attacks. Even long-time data skimmers Magecart activity surged.
The activities of other threat actors may garner less attention than ransomware because their attack methods may not be as destructive, have the same financial impact, or be as apparent. However, such groups are still active and thriving. In this post, we will take a closer look at malware and why it is so much more than ransomware attacks alone so your team can better understand the risks at hand and how they work together.
Malware, or malicious software, is essentially any software program used by threat actors to damage, infect or otherwise compromise targeted systems. Targets can include online devices, servers, networks and more. Threat actors can write their own malware applications or purchase kits and other ready-made malware programs on illicit marketplaces. After configuring the payload, threat actors then leverage phishing campaigns, impersonation attacks, malvertising and other methods to trick victims into downloading the malware program.
In most cases, malware programs cannot damage physical hardware devices. However, malware programs exist that can take control of target devices, run hidden processes, exfiltrate or destroy data, spy on user activities, hijack computer functions, steal access credentials and more. All of this takes place without the victim’s permission, and in some cases, without them even being aware of the attack.
Common Malware Types You Should Know
Viruses are among the most common and well-known types of malware. A virus is a malicious computer program that self-replicates, allowing it to spread through and between networks by inserting itself into other programs and files. In addition to producing copies of themselves, viruses often do other harmful things that may or may not be evident to the victim.
Spyware is a type of malware that is designed to spy on user activity. A spyware program can steal the victim’s personal information, monitor their browsing history, record which files and data they access and even log keystrokes on the victim’s device. Cybercriminals can use this information to commit identity theft, steal money or gain deeper access to secure networks and systems.
A scareware attack is designed to scare the victim into believing their device has been infected with a harmful program that will steal or destroy their data if they don’t take immediate action. The victim might see a fraudulent advertisement that says, “Virus Detected on Your PC – Click Now to Remove the Infection.” These advertisements often use gimmicks like a fake countdown timer to invoke a sense of urgency. When the victim clicks the ad, it typically leads to a malicious domain that could infect their device.
Ransomware attacks are among the most frequently seen cybersecurity threat types, according to Cisco’s 2021 Cybersecurity Trends Report. In a ransomware attack, digital threat actors use a malicious software program to seize control of a target device or system, remove the victim’s access, then demand a ransom to restore the system. As part of ZeroFox’s ongoing tracking of ransomware groups on underground networks, we have observed fluctuating ransomware infection rates weekly. The bar chart below illustrates the number of ransomware victims and digital extortion by week from April to July 2021.
A Trojan is a malware application disguised as a legitimate piece of software, making victims more likely to download and install it. Once installed, a Trojan can spy on user activity, exfiltrate data or damage systems.
Adware is any malware program that shows unwanted advertisements on the victim’s computer desktop, browser windows or within other applications. Clicking the advertisements may lead the victim to a malicious domain or generate fraudulent ad revenue for cybercriminals.
A worm is a type of malware that spreads from computer to computer by exploiting software vulnerabilities. Worms are challenging to defend against because they don’t require human interaction to spread. Worms can inject other malware programs, steal data, spy on user activity and execute other processes that deplete system resources.
A rootkit is a software package that modifies the operating system of a malware-infected device to conceal the presence of a malicious program. Rootkits help threat actors avoid identification and removal by cybersecurity teams.
A backdoor is a malware application that allows a threat actor to bypass standard authentication protocols when accessing a secure network. Once a malware attack has compromised a network, a threat actor may install a backdoor to help secure long-term access to the network.
Threat actors are increasingly using malware attacks to install hidden cryptocurrency mining applications on target systems. Unsolicited cryptocurrency mining generates passive income for cybercriminals while depleting the victim’s network bandwidth and computing resources.
Executing a Malware Attack
Threat actors use many techniques to manipulate and deceive their victims into installing malware programs. Three of the top ways attacks can work are through exploit kits, the use of malicious domains and even malvertising. An exploit kit is a package of malicious software that searches for vulnerabilities on a target’s computer and uses them to inject a malware payload. Threat actors can easily download exploit kits on the dark web and use them to infect target devices with malware.
A malicious domain is a domain that hosts an exploit kit. When an unsuspecting victim visits the malicious domain, the exploit kit scans their browser for security vulnerabilities and attempts to exploit them by injecting malicious code. Threat actors circulate links to their malicious domains via phishing campaigns that target email platforms, business collaboration tools, social media, public forums and other channels.
As for malvertising, threat actors can insert malicious programs into advertisements that appear on legitimate websites. When the advertisement loads in the victim’s browser window, the malware will attempt to infect their browser by exploiting a security vulnerability.
The threat landscape is constantly evolving and so are malicious attacks and tactics. It’s essential to understand the basics behind malware, but it is even more critical that your security team stays abreast of the latest evolutions to adequately prepare.
Protect Your Organization from Malware Attacks
The evolving nature of cyber threats and malware trends pose a significant enough challenge alone. While security researchers are hard at work to uncover new vulnerabilities, security teams must routinely patch, update and strategize regarding additional ways to defend against new risks. Taking the minimum amount of recommended security precautions is insufficient in today’s threat landscape, and defenders must ensure they are well-equipped to handle what’s on the horizon. The good news is there are tools and resources available that are also constantly evolving to properly equip overworked security teams. The ZeroFox Platform delivers protection, intelligence and disruption to identify phishing emails, dismantle malicious domains and remove the digital infrastructure used to carry out malware attacks against enterprises.
If you need a refresher on just a few of the costs and impacts both malware and ransomware attacks can have, click on the infographic below. Included in the infographic are top recommendations to get a leg up on establishing a security plan to ensure your enterprise is prepared and protected. In tandem, the ZeroFox Threat Research team has also released a more detailed report on ransomware trends and ways you can start preparing for what’s to come.