Malware isn’t a new term in cybersecurity by any stretch of the imagination, but as with so many other things, the attacks continue to grow in pervasiveness and sophistication.
For example, cybercriminals can and often do use malware to attack your DNS. Around 100% of network connections are initiated with DNS services, meaning that having a protective DNS service provider is incredibly important. Having DNS protection can prevent malware from communicating with external servers or exfiltrating data.
In general, the following are some things to know about malware right now.
As was mentioned above, malware isn’t a new term. It’s a broad reference to any kind of software that’s intended to harm or exploit a device, network, or service.
A cybercriminal can use malware as a means of extracting data.
Then, with the use of that data, they have leverage and can gain financially from their victims as a result.
Data can include anything from personal login credentials to healthcare records or even financial data.
There’s no end to what can ultimately be compromised when it comes to malware.
Cybercriminals use it as a way to get their victims to disclose personal information so they can steal their identity, to steal consumer credit card information, and, as was touched on briefly above, to launch denial-of-service attacks against other networks. Malware can also be a way to mine bitcoin after infecting computers.
Types of Malware
There are a lot of different types of malware which include:
- Viruses: A computer virus can come as an attachment with an email, for example. You might download the attachment and open the file, infecting your device.
- Ransomware: This is one of the most profitable and popular types of attacks right now. With ransomware, the malware installs itself on the machine of the victim. Then, their files are encrypted, and the criminals can demand ransom to be paid, usually in Bitcoin.
- Scareware: In this scenario, a cybercriminal might scare you so that you believe your device has been infected. As a result, you could be convinced to buy a fake application.
- Worms: This type of malware allows for the copying of itself from machine to machine by exploiting a security weakness.
- Spyware: When a cybercriminal attacks you with spyware, it’s usually installed on your computer without your knowledge. Then, the attacker can transmit your personal information.
- Trojans: A trojan might look to you like a normal application, so then you download it and use it without knowing there’s a problem. However, once it’s running, it can steal your data, spy on what you’re doing on a device, or launch an attack.
- Adware: An adware program is a way to push advertisements on you or show popup windows, and then these programs are installed in exchange for some other type of service.
- Fileless malware: These software attacks use legitimate programs as a means of infecting a device. There aren’t any malware files left to scan, nor are there processes that can be detected. It’s tough to identify this type of attack and subsequently remove it since it doesn’t leave a footprint.
Relevant Malware Statistics
Some key statistics floating around right now about malware include:
- In 2020, 61% of surveyed organizations said they’d had a malware situation that spread among employees. That number’s gone up so far in 2021 to 74%. Phishing attacks are one reason for the increase, as is working from home where employers don’t have as much control over the cyber activities of employees.
- According to the State of Email Security Report in 2021, Mimecast reported more than 60% of organizations had gone through a ransomware attack leading to, at a minimum a partial disruption of their operations. The year before, that number was 51%, showing a significant uptick.
- S.-based organizations report the highest number of ransomware attacks, and the UK isn’t far behind.
- Around 60% of companies say they have understaffed cybersecurity teams. This might grow into an even more pervasive problem because employers are having a hard time filling empty spots across the board, but especially when it comes to skilled tech talent.
- Phishing is an extremely popular way to launch an attack right now, and employee training and awareness can go a long way to help to prevent this. PayPal and Amazon are two examples of companies that are often mimicked in these attacks.
Finally, overall malware attacks, in general, are down, but ransomware and then malware attacks on IoT are increasing.