In 2023, there are more than 11 types of malware that you and your organization should be cognizant of when fortifying your cybersecurity.
But what are these top malware threats, and how can you best avoid them? Our ethical hackers cover everything you need to know in today’s blog.
In essence, malware is software specially designed to attack, control, and/or damage security and infrastructure systems. It can–and does–impact both programs and specific devices.
The most common sources of malware in 2023 are:
Phishing: Phishing most commonly consists of threat actors posing as reputable individuals or businesses in order to influence their target into revealing confidential information.
Social engineering: As a unique type of phishing, social engineering harnesses both human error and interactions in order to glean information from their target.
Drive-by downloads: Websites that host malware exploits can compromise your device or system with just one click.
Shared networks: When devices are connected to a shared network, malware-infected devices can spread the damage to other devices on the network.
And pop-ups: Both pop-ups and malicious advertisements can contain links or landing pages where malware can infiltrate a device or system instantaneously.
There are currently over 678 million types of malware.
Knowledge is power when it comes to strengthening your organization's security posture.
Here are some of the most common types of malware in 2023 to educate employees and key stakeholders on:
Ransomware is a frequently-deployed type of virus that encrypts all the files on an infected system or device. Once encrypted, the targeted device or system becomes obsolete, as stored data cannot be accessed or transferred.
Starting in 2021, 83% of organizations have had to pay ransom in an attempt to retrieve key data taken hostage by ransomware. The majority are not successful.
Varieties of ransomware to keep an eye out for include, but are not limited to:
Ransomware-as-a-service: RaaS is a sophisticated cloud-based service that enables threat actors to utilize ransomware with minimal technical knowledge.
Rogue security software: A type of ransomware that poses as a virus or security breach. It prompts for money to remove the fake virus or data breach.
Crypto-malware: A type of malware that specifically requests cryptocurrency as the form of payment.
Locker: A variety of malware that generally resides in the C:\Windows\SysWOW64 directory and installs additional services into the directories C:\ProgramData\Steg\ and C:\ProgramData\rkcl\, wreaking havoc on Windows.
Scareware: Scareware is a type of malware that enables fake security alerts to scare users into paying the ransom.
Leakware: A variety of ransomware that threatens to leak the confidential information of their target if payment isn’t handed over.
Double extortion: This type of malware prohibits the access to data while simultaneously threatening its eventual public release should the payment not be received.
Triple extortion: Triple extortion is an added layer to double extortion wherein threat actors threaten to publicly humiliate or expose the target online, alongside data infiltration and encryption.
Organizations in every industry can be targeted by at least one of these types of malware.
A botnet–composed of bots–is a software that is able to follow automated, remote commands. They are primarily used by threat actors to target central servers.
If botnets are used for flood attacks (such as DDOS attacks), they can incapacitate systems, servers, and critical devices. Since they include many technological devices, they can be near-impossible to altogether avoid if up-to-date cybersecurity isn’t in place.
Botnets can be enormous, with some estimates suggesting the existence of millions of infected machines around the globe. The largest known botnet in history was named Storm, which reportedly had over one million infected machines at its peak.
Spyware is an advanced form of malware that hides in plain sight on your device or system, monitors your activity, and steals sensitive information–like bank accounts, passwords, and even keystrokes.
Once installed, spyware collects and logs usage data like visited websites and commonly-used credentials. This information is periodically updated, permitting threat actors to read your passwords, steal financial data, and much more.
Here are some of the top types of spyware to be especially vigilant about:
RAM scrapers: RAM scrapers steal and store data from devices like company-provided laptops and cellphones.
Keyloggers: Keyloggers are a type of spyware that monitors the keystrokes on your keyboard. These can be used to steal password data, bank information, and other commonly-used sign-in details.
Grayware: While not a form of malware itself, grayware can affect the performance of a device as well as closely monitor its user’s behaviours–making them especially prone to future attacks.
Spyware is commonly installed through phishing or pop-ups.
Rootkits are malware that give hackers complete remote control of an infected device. Because this software provides attackers administrative privileges, they can conceal other malware attacks and affect different types of files–and, by extension, are capable are causing untold amounts of damage.
Although rootkits were not initially created as malware, their ability to work from a distance have made them a standard tool for threat actors. One of the most infamous cases of a rootkit attack in recent history was in Florida, where a threat actor attempted to take remote control of the city’s water supply to up its sodium hydroxide to toxic levels.
A worm is a virus designed to duplicate and rapidly spread to devices across shared networks. This means that infection on your home PC can spread to your laptop, phone, and any other systems connected to the same network... which, for organizations that work hybrid or remotely, can trigger a wake of cyber-related devastation.
While the infection may not necessarily damage or delete files, it can cause your devices and network to slow down or become unresponsive. This type of malware may also use your digital address book to email itself to other people you know, posing as you or key stakeholders and impacting other related organizations. As such, it poses both financial and reputation-related dangers.
Wiper malware is a type of malware with the sole purpose of erasing data and making it unrecoverable. Many wiper malware attackers use this type of attack to target private and public businesses, with healthcare being one of the top targets.
Dangers of wiper malware include:
Destroying data
Concealing related data breaches
Rendering devices unusable
Organizational recovery post-wiper attack is notoriously cumbersome for businesses of all sizes.
Last but certainly not least is mobile malware, a type specially crafted to target mobile devices. Mobile malware for smartphones, tablets, and other organization provided-devices can spy on user actions, steal credentials, overtake administrative privilege, and destroy irreplaceable data.
Mobile malware is frequently spread through SMS phishing (smishing) and text message scams. Trojans, ransomware, and adware targeting mobile devices can also be considered mobile malware.
Now that you know the most common types of malware, how can you best avoid them in 2023?
Here is what our ethical hackers advise to do:
Enable MFA on all devices: Multi-factor authentication adds an extra layer of security to accounts.
Don’t click suspicious links: Many attackers embed malware into email links or pop-ups. Don't click on suspicious links when in doubt, even if they supposedly come from an email or phone address you trust.
Adjust your team's email security settings: Keeping spam filters high and email security on can reduce the number of infected messages landing in your inbox, and will instead direct them to your spam folder.
Backup all vital files: Don't store valuable files or information on one device. Back up all crucial information regularly to avoid the circumstance where one corrupted device means organizational disarray.
Keep your devices updated: Updates for mobile or computers frequently include security updates to patch holes and potential backdoor entries.
With all this being said, accidents happen... and, with malware becoming increasingly sophisticated by the day, even the most careful of organizations are likely to find themselves the victim of malware.
The solution? Book your ransomware penetration test to evaluate the preparedness and risk of ransomware and other malware-related attacks. On top of a complete analysis of the security program against the Cybersecurity Framework Profile for Ransomware Risk Management (NISTIR 8374), and a technical assessment of security controls, a full penetration test is conducted to measure the robustness of your systems.
Ready to take your cybersecurity beyond the checkbox? Let's get started today.
October 24 - Blog
Packetlabs is thrilled to have been a part of SecTor 2024. Learn more about our top takeaway's from this year's Black Hat event.
September 27 - Blog
InfoStealer malware plays a key role in many cyber attacks, enabling extortion and lateral movement via stolen credentials. Learn the fundamentals about InfoStealers in this article.
September 26 - Blog
Blackwood APT uses AiTM attacks that are set to target software updates. Is your organization prepared? Learn more in today's blog.