Skip to main content

Why is Malware still a THREAT ?

Trojan Horse, Spyware, Viruses and Worms. All are likely familiar with some of the most common security threats in computing systems. Although they go by different names, they all fall under the same cyber security category — Malicious Software, aka, “Malware”. 

 Understanding the nature of this threat to your Computer's Security is the first step to preventing malware from infiltrating and taking down your business.


Let’s start with what is a Malware ?

“Malware” is short form for “Malicious software”. It is a computer programs that is designed to infiltrate and damage computers without the user’s consent. Malware encompasses any software program created to perform unauthorized actions on another user’s computer, tablet, or smartphone. “Malware” is the general term covering all the different types of threads to your computer safety such as  Viruses, Spyware, Worms, Trojans, Rootkits and so on.


 Individual malware programs often include several malicious functions and propagation routines.
For example, a specific malicious program may be capable of being spread via an email attachment and also as files via P2P networks. The program may also have the ability to harvest email addresses from an infected computer, without the consent of the user. With this range of functions, this program can be also called as an Email-Worm, a P2P-Worm or a Trojan-Mailfinder.


What are the types Malware out there today?

 Here are some of the most common type of malware impacting this days:

  • Trojan Horses: These are the most malicious malware programs. They are designed to make a user think they are using a safe program, such as an antivirus scan. However, they are actually programmed to steal personal and financial data. They not only infect the end-user’s device, but also break into websites and modify them to help infect more victims. 
  • Viruses: This is a contagious piece of code that infects software, replicates itself, and spreads within the computer and to other computers that share software. 
  • Worms: This is a malicious program that replicates itself throughout a computer network and destroys information, including operating and data files saved on the host PC. 
  • Adware: This is software that delivers advertisements to the target's computer, which is programmed to examine which Internet sites the user visits frequently, and to present and feature related advertisements on them. 
  • Spyware: This malicious software that infiltrates your device and spies on you by tracking your internet activities. This allows the hacker to gather information about your system without you knowing. 
  • Ransomware: This is an advanced type of malware that restricts access to a computer system until the user pays a fee. Typically, a pop-up appears on the screen warning that you have been locked out of your computer and can access it again only after paying the cyber-criminal a ransom for the restriction to be removed. 
  • Mobile Malware: This malicious software infiltrates computer systems through apps via email and social media.


How can we be protected from Malware attacks?


 Protecting your system from the destruction of malware requires a multi-layered defense that includes several ongoing IT security actions such as:
  • Security risk analysis
  • Proactive intrusion prevention
  • Anti-virus and anti-spyware installation
  • Managed firewall
  • Web filtering
  • Spam filtering

Coming to Why is Malware still a big Threat ?

A particularly interesting finding in a research of this year(2018) is that 90% of the malware analysed was labelled by AV solutions with generic labels, such as “trojan.generic”. This is malware for which the security controls that provide data to various virus submission portals have only AI based heuristic verdicts at time of submission. The recommended remediation for these files is to re-image the system or to restore from a known good backup.

The problem emerges when this is combined this with another finding of research - the most dangerous forms of malware, in terms of potential for significant loss of confidential or regulated data, have certain key characteristics and capabilities:

  • Packed: They can navigate through static analysis with the use of “packing” technology.
  • Evasive: They avoid detection by dynamic analysis with evasion behaviors.
  • Stealth: They compromise a host and use stealth behaviors on the victim’s system such as by masquerading as trusted system files to remain undetected.
  • Theft: They steal credentials by monitoring user activity or accessing credentials to gain subsequent access to protected data applications and systems.

The various research and analysis found that one in 12 malware submissions displayed all four of these behaviors.

Security tools simply provide a binary assessment (good vs. bad) combined with a generic label do not have the ability to determine what behavior is engineered into the malware and are unable to establish the specific malicious intent. 

This leads to incomplete remediation.


Comments

  1. Unknown8 September 2018 at 23:14

    Very helpful article for any lay man , a must read for anyone , shows your dedication and hard work on this .Keep up the great work!!

    ReplyDelete
    Replies
    1. Andy InfoSec8 September 2018 at 23:18

      Thanks alot for your kind words and appreciation.
      Will continue to do same kind of work in future too.

      Delete
  2. Sanket9 October 2018 at 10:24

    This Article is really very helpfull.
    As goin deep in malware it ensures us to deal with it safely.

    ReplyDelete

Post a Comment

Popular posts from this blog

Polymorphic Malware

Polymorphic Malware Polymorphic malware is a type of malware that constantly changes its identifiable features in order to evade detection. Many of the common forms of malware can be Polymorphic, including Viruses, Worms, Bots, Trojans, or Keyloggers . The malware is designed to be unrecognizable to detection methods. Commonly altered characteristics include the file’s Encryption Key, File Format, or simply its name. The malware is widespread . According to research and study, 97% of malware infections use polymorphic techniques. While this isn’t a new trend – the tactic has been used since the 90s – recently new, highly aggressive waves of the malware have emerged. One notorious example of polymorphic malware is CryptoWall , a type of strain that encrypts files on the victim’s computer and demands a ransom payment in exchange for their decryption. The polymorphic builder used in CryptoWall develops what is essentially a new variant for every potential vict
7 comments
Read more

What is Social Engineering ???

What is Social Engineering? Social Engineering is the psychological manipulation of people into performing actions or divulging confidential information for the attacker. Social engineering is exploiting flaws in human beings, making the victim do things that they wouldn’t otherwise have done. Social engineering is an attack vector, a means to an end. It is not the goal but a way to get there. Humans are the soft center within the hard shells of all modern security systems. Cracking the humans is often a lot easier than cracking these systems. Firewalls: Hardly any operating systems today come without a built-in firewall. You can find them in servers, in desktops and in routers. There are even dedicated firewall devices for protecting corporate networks. Security firms spend a huge amount of money on developing firewalls and for good reason. Firewalls form the first line of defense, the hard shell that a hacker must break through in order to gain access to a system.
Post a Comment
Read more