Cybersecurity 101:

Malware

Malware is a catch-all phrase that is a shortened version of "malicious software," which means it is any type of software that can damage devices, steal data, and cause chaos. This differs from a bug in software because while a bug is an accident, attackers create malware to intentionally cause harm.

While malware won't most usually damage physical hardware or systems, it can steal information, encrypt data and demand a ransom, delete files, spy on you to capture personal data, or hijack your system to use for free processing resources.

There are many motives behind malware, including making money, sabotaging your ability to work, making a political statement, or just wreaking havoc.

How Does Malware Work?

Malware has to be on your computer to work. The two most common routes malware take is through the Internet and email. So whenever you are online, there is a potential for a malware attack.

Phishing schemes are one-way attacks that deliver malware using email. Clicking on a link in a malicious email can trigger malware to install itself on your system.

Hacked websites are another source of malware infection, triggering you to install malicious software that seems legitimate but then steals all your data.

Social engineering is the manipulation of users into performing certain actions or giving personal information. This can also play a part in the delivery of malware.

Types of Malware

Malware is a very general term. It applies to every kind of software that can harm your devices or steal data. Therefore, it helps to know about the types of malware to better understand what you are dealing with and how to fix it.

Viruses

A virus is malware that is attached to some other type of software. Whenever the user runs the virus, usually accidentally by running the software it is attached to, the virus will replicate itself by adding itself to other programs on the user's system.

Ransomware

Ransomware is a common type of malware that encrypts a user's system or locks them out of their device. It then forces the user to pay a ransom to access their device or data again. Using this type of malware is on the rise because attackers can demand payment in cryptocurrency, which is relatively untraceable. This kind of attack makes ransomware an almost perfect crime.

Hackers have increasingly started targeting businesses with ransomware attacks, while ransomware incidents on personal computers have slowed down. Attackers have found that enterprises are a much more lucrative target. Also, an enterprise network gives ransomware a chance to spread and infect more than just the original device.

Worms

Computer worms are malware that are like viruses in that they can self-replicate. But instead of only infecting software on a specific device, they can spread across a network to other systems with no user action to activate them.

Spyware

Spyware is any type of malicious software that spies on the user of a system. They can do this by using a keylogger to capture all the user's keystrokes or by similar methods to steal the user's data from the file system. The spyware then sends this data remotely to the author of the software.

Trojans

Trojans are software that masquerades as legitimate software, but behind the scenes are doing malicious things. Once a trojan horse is on your device, the attackers using it can gain unauthorized access to your system. Once this happens, the attackers can use the trojan to do multiple things, such as stealing personal and financial data to installing one of the other forms of malware.

Adware

Adware is unwanted software that displays advertisements. Often this type of malware will infect a browser. The adware will usually masquerade as some useful type of software but will serve ads to make money for the software's author. Adware, while usually not malicious, can be frustrating, annoying, and slow down your work.

Exploits

Exploits take advantage of vulnerabilities or bugs in well-known software and allow attackers to infiltrate systems they wouldn't normally have access to. Patches and updates to software usually fix these vulnerabilities, but it takes time to develop a patch. Until patches are applied, systems are vulnerable and malware developers will take advantage of this.

How Can I Tell If I'm Infected with Malware?

It can be challenging to tell if your system is infected with malware. The symptoms of malware can mask it as problems caused by other system issues. Some common signs of malware infection include:

  • Your device is running slower
  • You are getting inundated with advertisements
  • Your system crashes more frequently
  • You are missing disk space
  • There is an increase in Internet activity that you can't account for
  • The settings in your browser change
  • You lose access to your device or files on your device

Malware Prevention and Detection

You can protect your system from malware, but it requires vigilance. Here are a few of the things you can do to detect and prevent malware.

  • Patch and update all systems and software regularly to fix vulnerabilities that attackers can use to access a system and install malware
  • Use email and endpoint security tools to detect and remove malicious attachments before they can infect a user's device
  • Give users a security training course that teaches them about malware and phishing emails, so they know better than to download attachments from unknown sources
  • Take regular backups and store them in a separate location, so systems can be restored to a previous state, in case malware infects a system
  • Segment your network and the devices on it. This segmentation will help keep the device that’s infected from spreading the infection across the network to other devices, thereby limiting or eliminating damage to more critical systems.
  • Add endpoint detection and response (EDR) to monitor endpoints for indicators of compromise and suspicious activity and respond to security incidents before malware can spread the devices on your network

You Have to Do More Than Just Prevent Malware

Detention and prevention will work most of the time, but sometimes malware will get through. So, you need to plan for that eventuality. The first thing to do is remove the infected device from the network as soon as you can. This will prevent the malware from damaging more systems connected to the network.

Even if you have already implemented micro-segmentation on your network, you should still remove the device. Micro-segmentation isolates devices and any malware that the device may be infected with and prevents the infection from spreading.

Once the infected device is off the network, check to make sure you have been making regular backups. Next, you can restore the device's data to roll it back to a point before it was infected and put it back into use.

Conclusion

Malware is any type of software that causes damage to a system or allows access to unauthorized data from viruses that replicate themselves throughout a system. You can prevent malware with anti-virus software, email security software, and training. Micro-segmentation provides even more malware protection by segmenting endpoints and preventing the lateral movement of malware from the infected system.

Learn More

Discover how the Illumio Zero Trust Segmentation Platform stops malware and ransomware from spreading.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?