A guide to cyber attacks: Malware – Part 1As part of a three part guide on cyber attacks, we begin by exploring existing types of malware.
Malware, short for malicious software, refers to any malicious coding that can infiltrate a computer. There are many types of malware, with the list of types growing rapidly as new and manipulated versions of existing forms are discovered.
A recent study by Kroll found that of the 292 cyber attack cases reported to the Information Commissioner within the last year. Of this number, 53 were cited as malware-related, the second most common cause behind ‘Unauthorised Access (Cyber)’.
Of the every-growing array of malware varieties, this instalment of Information Age’s guide to cyber attacks will examine what six prominent types entail.
The media frequently describe most malware as a form of ‘virus’, but this isn’t always correct.
Pure computer viruses constitute pieces of malicious code or an entire program attaching itself to files. This causes the affected file to duplicate itself, in much the same way as a physical virus duplicates itself inside a living cell.
What a living cell is to a medical virus, a computer file or program is to a computer virus – it provides it with life.
A virus is activated once the file or program that it inhabits is opened or begins running. Once this happens, the virus’s home will duplicate itself. This can go on to affect other computers on the same network to potentially devastating effect.
This can include file corruption, the theft of passwords and email spam sent out to colleagues without the user’s knowledge.
>Read more on securing your business against disaster
In its pre-activation state, however, computer viruses are undetectable, leading users to believe that nothing is wrong with their device.
Viruses usually make use of one or more of the other malware forms listed below.
Today, there is a variety of anti-virus software available, some being available for free, although they can be basic compared to paid-for programs.
A notable and recent example is the virus that impacted the business of Taiwan-based iPhone and iPad chip manufacturer, TSMC, last month. According to TSMC, the virus affected the machinery used to make Apple’s chips and processors after initially infiltrating the company’s computer network.
Affecting approximately 80% of fabrication tools and causing shares to fall by over 1%, the virus was cited by TSMC as a variant of 2017’s WannaCry attack.
One of many varieties of virus, trojans, or Trojan Horses, are pieces of malware that masquerade as a harmless program. Its name is derived from the Trojan Horse described by Homer during his account of fall of Troy.
>Read more on the Trojan Horse
Once activated, trojans are capable of copying, manipulating, blocking and deleting data, as well as slowing down the device they occupy.
Trojans can take plenty of forms, including:
-Backdoor: This involves the creation of a ‘backdoor’ that cyber attackers can use to upload and delete data and download more malware. Attackers using backdoor trojans can also work together to manipulate an entire network.
-Downloader: Downloader trojans can download and install new versions of malicious programs that are infested with malware.
-Infostealer: This type of trojan can be implemented in order to steal personal information from a computer.
-Remote Access: Like a backdoor but with more capabilities, this gives attackers full control over the computer.
-Trojanised Apps: Usually operating on pirate app markets, these masquerade as legitimate apps that, when downloaded, will upload malware onto the user’s mobile device.
Kaspersky Labs revealed in a recent study that trojan horse cyber attacks that are designed to steal money reached an all-time high when used in online banking during the second quarter of 2018.
Worms are a type of malware virus that can replicate without any user intervention. These copies can then spread throughout the user’s network, including emails and instant messages, without the user knowing. This can cause the network to slow down and malfunction.
This type of malware exploits vulnerabilities within network protocols. Before the Internet had mainstream usage, worms could infiltrate computer hard drives. Additionally, worms could (and still can) be transported via a USB drive.
In addition to the pure computer worm, hybrids of worms and viruses that can modify program code like a virus, are common.
Worms can also operate as part of a botnet with other worms in order to take complete control of a network.
Back in April, researchers at Symantec found a “polymorphic worm” that used Kwampir backdoor Trojans to infiltrate the networks of healthcare corporations across the world. What made this attack, carried out by the cyber crime group Orangeworm, qualify as a worm was the implementation of random strings of code into payloads, which ensured that the attacks could not essentially be detected.
Ransomware is a type of malware that involves access to a computer’s data being encrypted, and the attacker responsible demanding money, usually in the form of cryptocurrency in order to conceal the culprit’s identity, to unlock the data again.
Initially, ransomware attackers used to make use of software for sale on the deep web to implement this kind of malware, but this is now possible with little to no technical background and at a lower cost thanks to the increasing availability of ransomware-as-a-service (RaaS).
Ransomware can be spread via emails, infiltrated apps and websites, or even through remote desktop protocols.
The approaches that ransomware attackers utilise include:
-pop-up messages threatening to destroy encryption keys to data unless victims pay them money,
-scam emails regarding ‘illegal’ software on the victim’s computer along with an electronic fine,
-the sale of software that the attacker promises will unlock encryption that’s locking a victim’s data, which the attacker placed on it in the first place.
A notable recent example of ransomware is the WannaCry outbreak that began in May 2017 and was found to have lasted into June, with one suspected case occurring in March 2018 on Boeing. This strain of malware managed to affect the networks of Britain’s NHS, FedEx and Hitachi, among many other organisations. The attack was attributed by many to the Lazarus group, a group who have been accused of being associated with the North Korean government.
Malvertising is malware that can be found within online advertisements. They can be found on most popular websites that have third-party advertising.
Cyber attackers using this method will either implement pop-up ads straight onto a site, commonly with messages referring to faux awards that the user has ‘won’ and similar varieties, or insert malware into legitimate adverts after a few months of those adverts being on there.
Because this only affects ads from third parties, host websites have little to no power over preventing this from happening.
Sometimes, the malware within these ads can affect a user’s device as soon as they have gained access to the web page.
Back in January 2018, a strain of malware titled ‘AdultSwine’ caused the Google Play Store to be infiltrated with pornographic adverts on up to 60 apps, the majority of which were aimed at children.
Drive-by downloads are small pieces of malware that are hidden by attackers within websites that will probably seem completely innocent. Usually, these are many kinds of malware present on one site, implemented in the hope of exploiting a weakness in the user’s computer.
Culprits of this type of cyber attack usually make use of an exploit kit that can find websites that are vulnerable.
As soon as these sites are visited, these pieces of malware are secretly downloaded onto the user’s device, hence the ‘drive-by’ aspect of the attack’s name.
These pieces of malware contact another computer in order to introduce the rest of the coding they need to access the rest of the computer or mobile device.
Click here to see part 2 of Information Age’s guide to cyber attacks, which will feature the various types of phishing within the cyberspace.