What Is Malware? Definition, Types and Protection
Fewer words are more used in cybersecurity than malware.
The one that gives IT specialists nightmares, makes companies ramp up security tools, and constantly challenges software creators, malware targets every aspect of our daily used technologies and devices. Being so omnipresent, malicious software can bring a lot of damage and chaos into your life or your organization’s activity.
This article will explain what malware is, how it works and how to protect your assets from it so, having all this data, you will be able to take the best cybersecurity decisions.
What Is Malware?
Malware or malicious software is any program or file that is intentionally designed to harm a computer, network, server, or mobile device. It compromises the user’s PC security and privacy by leaking and encrypting data, obtaining unauthorized access to systems, and destroying information, among other disruptive activities.
There are multiple types of malware, like worms, trojans, spyware, keyloggers, etc. designed by cybercriminals for different malicious purposes.
Types of Malware
Here are the most common types of malware that lurk out there:
Adware – this type of malware will flood your screen with unwanted advertisements.
Spyware – this malware will spay without permission every move made on a device and report back to a threat actor.
Virus – a type of malware that, once executed by a user, will replicate itself by infecting other programs with malicious code.
Worm – this type of malware is similar to a virus, but it is self-replicating into a device without a host program. And a worm does not need any action from the user to initiate the infection and spread across the systems.
Trojan (horse) – this is a program or file that is designed to seem harmless, but, once it enters your computer, it will spread the malware it was carrying.
Ransomware – this type of malware will lock you out of your device or data by encrypting them. To regain access, users usually have to pay a ransom in exchange for the decryption key.
Rootkit – this type of malware is harder to detect and will grant the cybercriminal administrator writes on the infected computer, or root access.
Keylogger – this malware records every keystroke made on a device with the purpose of finding out important data like credentials, credit card information and so on.
Backdoor malware – this malware will allow a cybercriminal to remotely access a device, multiple times, without being detected by the security systems.
How Can You Get Infected with Malware
Threat actors become more and more creative when it comes to ways to infect a device. Basically, every time you are connected to the Internet you can get malware by: downloading a malicious file, installing a malicious app, opening a malicious attachment (malspam), and clicking a link from a phishing email. And mobile devices can also be infected through a Bluetooth or Wi-Fi connection.
And even if you restrain yourself from clicking on anything suspicious, you can get infected even by visiting an infected site. Add to this the fact that sometimes malware can very well hide under a legitimate application and you will understand the magnitude of the threat. Cybercriminals can also use physical methods to spread malware like USB drivers.
More sophisticated malware can use a command and control server (C&C) to receive additional instructions from its creator, can change code to avoid detection like polymorphic malware, or show anti-sandbox techniques (the malware knows when it is analyzed and executes only after the sandboxing is over).
How to Detect a Malware Attack
Once a system, network or device has been infected with malware, if you are lucky, some abnormal things can give away the attack. That means that more evolved malware goes undetected by users, leaving no trace, and only a good antimalware program can identify it.
Here are a few signs that should raise concerns:
Your computer is slower than usual
You will notice that, out of a sudden, your device is operating slower than usual. Whether you are surfing the Internet or just opening apps, your PC seems to struggle to do it.
Unwanted pop-up ads
An unexpected flow of pop-up ads is another sign of a malware attack. They are usually associated with adware, but such ads can deploy other hidden threats.
Your computer has crashed
The operating system (OS) of your computer can crash completely. This may cam under the form of BSOD (Blue Screen of Death), meaning that the OS encountered a critical issue that’s forcing a reboot.
Less disk space
Malware can maliciously occupy space on your device’s disk, leaving you less space to operate with.
Higher Internet activity
Some types of malware, like trojans, download additional malicious software on your computer. To do so, the threat actors need to use your Internet connection in order to communicate with the command and control server (C&C). Which is why you may see a spike in your Internet activity.
Changed browser settings
A new homepage, unexpected toolbars, or applications on your device can tell you that there is somebody else, usually a cybercriminal, that also has access to your computer.
If your cybersecurity tools don’t work anymore and you don’t seem to be able to turn them back on, a malware attack may have left you and your data unprotected.
If you suffer a ransomware attack, you can lose access to your important data or to the entire device. A cybercriminal can encrypt everything and then demand a ransom for the decryption key.
What to Do If You Get Infected with Malware?
If you realize that you or your company have been the victim of a malware attack, there are a few things you can do to remove the malware from PC and from mobile devices:
- Choose a good cybersecurity software that can keep all your devices safe (including mobile ones).
- Run a security scan using this protection software to detect the malware that infected your systems and remove it.
- Change all your passwords so you will be safe if the threat actors managed to exfiltrate some data and try to use them in a future attack (like a passwoord spraying attack). Reset passwords for PC, mobile devices, mail, online banking, social platforms etc.
- If your phone is infected by malware you will have to do a factory reset. This means that you will have to restore all your data from a previously made backup.
How to Stay Safe from Malware
These are the basic things you can do – as a user or as an organization – to protect yourself from malware:
- Visit only top-level domain sites (like .com, .org, .net, .edu, .biz) so you would avoid malicious sites or drive by malware (the kind of malware that will infect your system only by visiting a site).
- Use a good password policy with strong passwords, multi-factor authentication, and never reuse passwords.
- Do not click on pop-up ads, they can deliver malware.
- Don’t open unknown attachments or click on unknown links from emails, messages, or texts, these can be part of a phishing attack.
- Download all your apps only from official stores – Google Play and App Store -, choosing the software with plenty of reviews and a good score from users.
- Always update your Operating System, your applications and any other software that you use to avoid vulnerabilities.
- Back up your data at a certain period of time in multiple locations that are not connected to each other or to the Internet. This way you will not lose all your data if it is stolen, encrypted, destroyed or you need to wipe your systems.
- Use a strong cybersecurity software that will scan your systems, blocking any malware.
- Use network segmentation to reduce your attack surface. By dividing your network into smaller subnetworks, you can stop an infection at just a few endpoints.
- Implement the principle of least privilege (PoLP) giving employees access only to the resources they need for their jobs. This way, if a user is compromised, a cybercriminal will be able to reach only a limited amount of data, diminishing the impact of an attack.
- Educate your company’s staff about malware threats and how to spot and avoid them in day-by-day activities.
How Can Heimdal® Help?
Heimdal’s Endpoint Detection and Response offers unrivaled prevention, threat-hunting, and remediation capabilities, combining six solutions in a single easy-to-deploy and compact agent that will not delay your systems and will help you save significant time.
The Network Detection and Response solution from Heimdal will provide A-Z protection regardless of device or operating system by utilizing machine learning on device-to-infrastructure interaction. It detects and prevents attacks that firewalls are unable to detect, as well as blocking malicious web content, preventing data leakage, and filters traffic locally in any environment.
Heimdal® DNS Security Solution
- Machine learning powered scans for all incoming online traffic;
- Stops data breaches before sensitive info can be exposed to the outside;
- Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
- Protection against data leakage, APTs, ransomware and exploits;
Knowing the types of malware that are out there and what they can do will help you to choose the best cybersecurity solution for you and your organization. Combining good security software with best practices and employees’ security training is a good strategy to prevent a malware infection or to stop a malware attack.