What is malware?
Malware is short for ‘malicious software’ – it is a type of software designed to compromise computers and other devices for malicious purposes.
There are many different kinds of malware. Some forms of malware damage or destroy computer systems, while others allow hackers to gain access to computer systems and exfiltrate sensitive information or financial details.
Malware may infect a single device, or it may be designed to penetrate a network and infect as many devices as possible. The end results of a malware infection can range from minor inconvenience to disastrous consequences – for individuals and organizations alike.
There are many types of malware that are a threat to network security. Here are some of the most common ones.
A trojan horse is malicious software that disguises itself as something legitimate. Once the user downloads and installs it, the device is compromised. At this point, the device is vulnerable to attack from hackers who can spy on the device, steal data, and gain access to the network in order to launch a cyberattack.
Viruses are usually infected executable files, or similar. They are often sent as email attachments. Once activated, the virus can spread. For example, it can use applications to send out infected files to user contacts.
Once ransomware is installed on a device, it restricts access to files through encryption, demanding a payment in order to unlock them. This type of malware is one of the most profitable, increasing its popularity, especially when it comes to launching a cyberattack against bigger organizations that have enough funds to pay a large ransom.
Worms are designed to install themselves on a device, then move quickly to infect the entire device, and sometimes a whole network. Worms may modify or delete important files, inject other types of malware, steal data, or compromise a device so that cybercriminals can gain access.
This form of malware, also known as malvertising, presents users with unwanted advertisements, sometimes as a pop-up window, or injected into a compromised website. Adware may collect user data. This type of malware is one of the least dangerous, but it can definitely be a nuisance for end-users.
This type of malware monitors computer use, without consent, violating online privacy – it can collect information about browsing habits, or other personal details. By monitoring online activity and constant keylogging, spyware can allow hackers to perform identity theft. It may also be used by individuals and organizations wishing to spy on other people.
Malware can come from a variety of different sources.
Spam emails and phishing attempts are one of the most common ways through which malware is able to infect a device.
Spam emails may be easy to identify – they may feature poor spelling and grammar, or unlikely stories, and they may ask directly for money or to open a suspicious attachment.
A more sophisticated phishing attempt may be far harder to detect. Persuasive phishing emails will use social engineering to encourage a user to click on a malicious link, leading to the downloading of a piece of malware. The email may look legitimate or pretend to come from an individual or organization known to the recipient.
Malware such as worms often spread by infecting USB flash drives, or external hard drives. When the device is plugged into a computer, it is installed right away. This is easy to prevent – by avoiding the use of a USB flash drive that is not yours – such as one that was found, or thrown away.
When a user visits a website that has been hacked, or compromised, they may inadvertently download malware to their computer. Malware often uses browser vulnerabilities in order to infect a computer.
When a user chooses to download an untrusted application to their mobile device, they are risking malware infection.
When someone downloads and installs a program, there may be other, unwanted types of software bundled with it. To avoid this, users should pay careful attention during the install process and uncheck any boxes relating to the inclusion of bundles software, such as browser toolbars or the like.
Malware can be spread through file transfer protocol programs (FTP) and online file sharing applications. There is an increased risk of malware infection through peer-to-peer networks, which may be used for both legal and illegal purposes.
If users click on suspicious links, on compromised or malicious sites, malware may be installed on their device. To avoid this, organizations should monitor online activity on company devices, and also provide training to users in order to raise awareness of malware threats on the web.
Nowadays, with many users using their own devices to connect to the network, malicious links may even be sent through text messages, and this is something all users should be made aware of.
It’s important to implement a policy for passwords. Easily guessable passwords create an easy target for cybercriminals. Strong passwords should be used for every application and device. Security experts advise that multifactor authentication should be used wherever possible.
Using a public wi-fi network presents a significant security risk when compared to a secured home network, as anyone can connect at any time, with no password needed. Hackers can position themselves between an unsecured end-user device and the wi-fi connection point, allowing access to all information being sent through the network, and giving the opportunity to distribute malware.
If a public network needs to be used, users should ensure their firewall is active, and avoid activities that could expose sensitive personal data, such as logging into an online bank account. If possible, a VPN should be used.
If users are downloading software from a non-legitimate source, the software could be infected with malware, or have vulnerabilities which present a security risk. Any software that users download and install should be from a legitimate site.
If an organization gives access privileges beyond what is required, it increases the chance of cyber threats, including the spread of malware. In line with the concept of zero trust, organizations should block access to all applications and resources unless they are explicitly required by a specific user or named group of users, to reduce the available attack surface.
If all users use the same operating systems, malware can spread faster. For example, a Windows device infected by a worm or trojan horse can easily spread the infection across all Windows devices. If a piece of malware exploits a vulnerability in a popular operating system, such as Windows, it then has the potential to infect a very large number of systems.
Instead, if there are different devices using a different operating system, the risk of widespread infection is reduced.
Organizations may assume that traditional security software, such as anti virus and anti malware – is enough to combat malicious software, or at least prevent a computer virus from infecting a computer. However, advanced and zero day threat can often bypass antivirus software, so additional solutions are needed.
VPN stands for ‘virtual private network’. When using a virtual private network (VPN), internet traffic is routed through an encrypted VPN tunnel. This encrypted tunnel hides the end-user’s IP address, and shields online activity. It can also be used to mask a user’s location, so they can visit websites that are only available to users in other countries.
As all data sent through a VPN client is encrypted, it cannot be seen by others, which prevents cyber criminals from being able to steal data directly. Some VPN providers even include a VPN kill switch, which disconnects a device from the internet if the VPN connection drops out, preventing sensitive data from becoming visible.
Although there are obvious security benefits to using a VPN provider instead of a regular internet connection, even the most secure VPN system won’t actually stop an end-user from downloading malware onto their computer. Nor will a VPN protect users from opening links in a phishing email.
Many VPN providers include VPN services as add-ons that can prevent malware, such as adblocking or antivirus solutions.
ZTNA is the Secure Alternative to VPN
A user’s internet service provider (ISP) may provide subscriptions to security software solutions that can help keep data secure and protect against malware. This may include antivirus software, and/or a firewall. An ISP may also implement security solutions at the ISP level, ensuring that potentially malicious internet traffic is stopped before it reaches the end-user.