May 12, 2016 • Published by Steve Robb
Malware • Network Security • Social Engineering
Malware, the abbreviated term for “malicious software,” is a common tool cyber criminals use to steal sensitive data from businesses. Computer viruses, computer worms, Trojan horses, spyware and adware are all various categories of malware. Once a computer is infected, malware programs can hijack the user’s email, capture passwords, steal sensitive data and even launch denial of service (DoS) attacks.
To be most effective, malware must enter a system and remain undetected for an extended period of time. It appears that for most breached businesses, this goal is being met; each year, Verizon’s annual Data Breach Investigations Report (DBIR) continues to show that malware takes weeks and even months to discover.
Internet connectivity drives the way today’s businesses operate. From communicating via email, to processing electronic payment transactions, to managing employee payrolls, nearly everything we do touches the Internet in some way. Unfortunately, the same technology that serves as our business backbone also empowers criminal activity.
The following is a list of the primary ways malware enters the business environment:
Phishing Emails: An attacker sends a legitimate-looking email (which is really a phishing email) with a malicious attachment or a link to a website containing the malware. The malware typically launches as soon as the attachment is opened or the link is clicked.
Social Engineering: An employee is drawn to malware through enticing videos or photos within their favorite social media site. Again, clicking the link will result in malware infection.
Malicious Websites: A website that is seemingly legitimate and harmless can serve up malware when an employee interacts with it:
What appears to be a legitimate download can actually be a malware delivery system.
For example, sophisticated artwork and front-and-center placement can trick visitors into downloading a special media player or an Adobe Reader or Flash player update. These may contain legitimate software, but will be bundled with a malware. Google blacklists roughly 6,000 websites every day because they carry some sort of malicious software that is dangerous to visitors.
Adware is another means of tricking visitors into clicking advertisements that appear on websites.
Even if nothing appears to be happening when they click, malware is often being actively installed behind the scenes. Adware becomes spyware when it monitors the user's Internet activity and transmits the information to a third party.
Malware can be hidden inside a website, too, such as in iFrames or JavaScript code.
When the page loads, the malware infects the visitor's computer using vulnerabilities in the user's operating system, browser or plug-ins. This method of delivering malware, known as “drive-by download," doesn't require user interaction as the malicious code can download in the background simply by visiting the web page.
Now that you know how malware infections happen, let’s take a look at three important prevention methods:
1. Security Awareness Training - Ensure that all employees at every level of the organization understand the role they play in protecting the business from outside threats. This includes remaining alert and aware of the common malware delivery methods discussed above.
2. Timely Updates and Upgrades - Install patches and software updates as soon as they become available. Quickly replace software and hardware that is no longer supported.
3. Unified Threat Management (UTM) - The all-in-one nature of UTM technology delivers a single security appliance that can detect and subsequently prevent a vast array of threats, including malware and viruses, from entering your business network.
If your organization is like most, malware is just one of many IT security challenges it faces. Want additional tips and tricks for addressing these security challenges? Check out our free white paper, "5 Critical IT Challenges You Can Solve Today."
Subscribe to this blog for additional tips and webinar announcements.