In this case study on computer malware, let us first begin by understanding what computer malware is. Software that intends to damage the computer network, server, or computer in any capacity is malware. Malware comes to us in many forms. They include viruses, Trojan horses, worms, spyware, and ransomware.
There are multiple methodologies via which these programs could spread. Some of the top among them include website downloads and email attachments.
Technically, malware intends to damage through exploitation of any of the vulnerabilities in computer software or operating systems.
What happens after malware is installed on a computer system?
Upon being installed on a computer system, malware can undertake a host of damaging actions. The top among them include:
- stealing personal information
- encrypting data
- deleting files
- launching an attack on other computers using the infected computer
Top ways to steer clear of malware
- On your computer, install endpoint protection.
- Bear caution whenever you download files from the computer open email attachments. These methodologies are commonly used by malware to spread.
- Do not click on unknown links or visit suspicious websites. Steer clear of the risk of them containing malware.
- When you enable a firewall on your computer, unauthorized access is blocked. This is sound protection against malware attacks.
- All software including the operating system is to be kept up to date. Using the latest security patches will act as a sound safeguard against the exploitation of vulnerabilities.
- Using a reputable security suite will ensure multi-level protection against malware. Anti-phishing capabilities, web filtering, and real-time scanning will herein be available.
- Public Wi-Fi networks are to be avoided for the poor security that they offer. Using them makes one more vulnerable to malware attacks.
- Try and make sure that each of your online accounts has a unique and strong password. When you change your password frequently, it acts as a robust safeguard against unauthorized access.
- Regularly backing up important files and data is a sound safeguard against data loss.
8 of the most common types of Malware Attacks
As malicious programs, viruses attach themselves to other programs or legitimate files. Then, when these files are accessed or shared, viruses spread to other computers.
As independent programs, worms spread across networks upon replicating themselves. Worms work without needing host programs or files.
A Trojan is a program that disguises itself as legitimate software. However, a malicious code is contained in a Trojan. So, a Trojan could steal sensitive information or damage a computer.
Upon encrypting user files, ransomware accepts payment for unlocking them.
An adware will display undesirable ads on a user’s computer, which could be banners or popups.
A spyware will first collect and then transmit information from a victim’s computer, without informing him and taking his consent.
Rootkits are programs and they gain unauthorized access to a computer’s system files. Now, the attacker can control your computer, remotely.
Bots automate programs like sending spam mail or participating in DDoS attacks.
Identifying if malware has infected your system
- Your computer runs slower than it generally runs or crashes frequently.
- Unwanted messages like popup ads are visible on your screen.
- Weird programs or files are available on your computer, that you had not installed.
- Your web browser takes you to suspicious websites.
- Your computer opens and closes programs at random.
- Your antivirus blocks access to certain websites or reports malware infections.
- Unknown sources share threatening messages with you.
- Your friends have begun to receive spam messages from your account.
If indeed there is malware on your computer, instant action is called for. This protects personal information and is a safeguard against further damage.
So, use antivirus software to do a full system scan. To remove the infections, just follow the instructions.
Updating the OS may be required in some cases. In case the malware has exploited any vulnerability, patch them.
How many malware are available in the market?
Knowing the exact number of malware is not possible. Variants are being created all the time. As per Symantec, in 2019, there were 357 million new malware variants. This was an 11% increase from the prior year.
So, malware is a threat that evolves rapidly. Vigilance on behalf of organizations is the most important way to counter these threats.
Who Creates Computer Malware?
A host of organizations and individuals can create malware. Amateur hackers could do this, and so could national-state actors and cybercriminals.
Profit-oriented malware is commonly found in today’s world which works purely by the intention of generating profit. One of the common examples of the same is ransomware, which will accept payment when it is going to unlock your infected files.
Then, there are cases when for ideological or political reasons, spyware is formulated. Their purpose is to disrupt critical infrastructure or gather intelligence.
At times, security experts or researchers create malware. They do so as a means to improve cyber security defenses as this gives us a demonstration of the dangers certain types of potential attacks have. So the last category is different from malware in general because it works for the benefit of internet users and works towards keeping us safe from cyber threats.
Are we ever going to find a solution to the problem of cybersecurity malware?
The complete resolution of the cyber security malware problem is unlikely to be ever achieved. This is primary because malware adapts quickly and takes over new dimensions as made possible by the use of new technology. Since a complete resolution is not visible on the horizon as of now, safeguarding against these threats becomes the only method to steer clear of malware.
Another noteworthy point in this regard is that in the world today, the prominence of connected devices and IoT is increasing at an unprecedented rate. This puts forth new vulnerabilities for malware to exploit. Protection against malware is hence indispensable.
The most famous malware in the world
When we discuss popular Malware we should mention ransomware that was discovered in May 2017. This ransomware was known as WannaCry ransomware. WannaCry ransomware was notorious for infecting a few hundred thousand computers from across over 150 countries. The ransomware would first infect the files of the victims. Then the ransomware would seek a payment for unlocking these files.
Widespread disruption was caused by the ransomware. Hospitals and businesses were affected, and so were the government agencies. The cumulative losses were as high as billions of dollars.
To put the ransomware to an end, a security researcher’s aid was required. The individual discovered a kill switch in the code of the ransomware. This episode should serve as an important reminder to us regarding the value of robust cybersecurity measures.
It is interesting to note that within a matter of just 24 hours, WannaCry infected over 230 thousand computers across 150 Nations. From a technical viewpoint, WannaCry was not all that sophisticated. But during those days, cyber security measures were also not all that strong. So for 91 days, WannaCry kept on exploiting the vulnerability in the computers. Then Microsoft came up with a patch for the same. But before that took place, it is estimated that 1.3 billion endpoints were infected.
These effects laid repercussions on our everyday lives. UK’s National Health Service was required to cancel over 20K appointments and operations as a direct outcome of WannaCry ransomware.
After the WannaCry episode, briefly, ransomware was unheard of, but the menace did continue across the years that followed with the attackers reworking their techniques and demands.
If we discuss the techniques concerned, the attackers who harbored intentions of different natures would be combining PowerShell, file-less, and phishing techniques to let their malware reach victims’ systems. There were cases wherein they would use platforms like TrickBot and Emotet for infecting victims with several stages of malware, such that would simultaneously meet multiple outcomes.
The top methodologies applied by the hackers for the purpose would include:
- Hackers would use PowerPoint to run malicious code
- They would occasionally run Microsoft Word for the same
- They’d use trojans that would mine cryptocurrency by using your computer’s resources
- Email spam was sometimes leveraged to trick users
There were cases wherein hackers would come up with a dual strategy for implementing ransomware attacks. The first attack of the two would be mass and indiscriminate. It would target a large number of users.
The second attack would be more precise and implemented only on the chosen targets from the first wave. Many targets among them were public services and the organizations that ran a vital infrastructure.
These targets were chosen down upon because they were frequently short of expertise and budget for maintaining effective security operations. Furthermore, the nature of services of these organizations was critical so they would have little tolerance for long outages.
It was then that ransomware operators began to understand that they could derive the maximum value from their illicit activities if they were to first steal users’ data before encrypting it. At this time, the ransom notes began to contain a demand for payment. They would also threaten the users of selling the data in case the victims failed to pay. This was an important matter because in this case, the offline backups would lose their significance.
The writer of the first malware
When we dwell on the history of cybersecurity, we see that it began with a research project. Bob Thomas was the first person to realize that a computer program could move across a network. When doing so, the program would leave behind a trail at all the places that it visited.
Thomas created malware and called his program Creeper. Creeper would travel between Tenex terminals on the early ARPANET. It would print the message ‘I’M THE CREEPER: CATCH ME IF YOU CAN.’.
Ray Tomlinson, also the inventor of email came across this idea and appreciated it. He tinkered with the program such that it would become self-replicating, and in the process created the first computer worm.
Tomlinson later wrote Reaper, a program that was the world’s first antivirus software that would chase Creeper and delete it.
So the initial ransomware caused no harm to us than displaying a simple graffiti. It will be interesting to consider how ransomware and malware have become problems of the magnitude that they currently are.
The beginnings of ransomware were academic but took a sharp turn toward criminality
In the ’70s and the ’80s, threats associated with ransomware were no more critical than insiders going through the documents that they shouldn’t be going through. For this specific reason, the history of computer security software and the practice of computer security largely concerned with governance risk and compliance (GRC) have had two disparate development paths.
Nevertheless, the early history of computers also tells us about the existence of malware and network breaches. Russians, just as an instance would use cyber power as a weapon.
Now from the mid-1980s, malware came by as a serious threat and was no longer limited to being just an academic prank. Morris worm is a mentionable virus here, which once wiped out nearly the entire internet. Such initial computer viruses fuelled the efforts towards coming up with the first antivirus software.
Knowing more about the Morris Worm
It was in late 1988 that Robert Morris decided that he wanted to gauge the internet’s size. He came up with a program that would infiltrate UNIX terminals using a known bug, and then copy itself.
However, the replication of the Morris Worm was so aggressive that the early internet slowed down tremendously.
It is interesting to note that Morris was the first man to be charged under the Computer Fraud and Abuse Act. Things never turned too bad for him, though. Morris is currently a tenured professor at MIT.
How to steer clear of malware?
It becomes clear that no business is immune against cyberattacks and one has to put in efforts to safeguard ones sensitive and confidential information.