Although companies worldwide are being placed under immense pressure by an assault of cyber risks like DoS attacks, insider theft of critical information, unauthorized access, unlawful network intrusions etc., At present ‘”Malware” is one of the most common sources of security failures at present.
You may have heard of terms such as virus, worm, Trojan etc. when people discuss cybersecurity. These terms describe types of programs used by cybercriminals to infect and take over computers and mobile devices. Today all of these different terms are now simply called Malware.
Here in this article we will discuss some of the major malware types and their countermeasures to safeguard critical data against such attacks
To start with, we will have a brief introduction on Malware and then move to Malware Classification and countermeasures.
What is Malware?
Malware is a Malicious software which is used with the aim of attempting to breach a computer system’s security policy with respect to Confidentiality, Integrity or Availability which would appear in the form of executable code, scripts, active content or other software variants.
A malware is generally described by four attributes of its operation, which are:
Propagation: The mechanism that enables malware to be distributed to multiple systems.
Infection: The installation routine used by the malware and its ability to remain installed despite disinfection attempts.
Self-Defense: The method used to conceal its presence and resist analysis.
Capabilities: Software functionality available to malware operator.
Malware Infection vectors
Infection vector refers to the spreading mechanism used by the Malware, which includes:
- Instant Messenger Applications
- IRC: Internet Relay Chat
- Removable media: USB drives, Optical discs etc.
- Browser and Email software bugs
- Legitimate “shrink-wrapped” software package
- Untrusted sites and freeware software
- Web applications: Using cross-site scripting Vulnerabilities
- Vulnerabilities in Operating system, Network, Web browser & plugins etc
Malware is commonly divided into a number of classes, depending on the way in which it is injected into the host system and the sort of policy breach which it is intended to cause.
Here we will have a look at the three Major Malware classes: Virus and Worms, Trojans or Backdoors and Ransomware
1. Virus and Worms:
Perhaps the most famous form of malware, viruses contain destructive programs which can self-replicate and are intended to infect genuine software programs. The majority of viruses are attached to an executable file, which means that the viruses remain inactive on the host system and will not be spread until a user executes or initiate malicious file. Once the infected file has been executed or installed the virus is activated and starts to spread itself to other programs in the infected system. Which is followed by further damage like the deletion of critical files within OS, use of email services to facilitate distribution on other systems.
Worms is a variant on a parallel theme, the major difference is its ability to operate as a standalone program and transmit itself across a network.
- Install antivirus software that discovers and eliminates malicious content.
- Create an anti-virus policy rule for safeguarding computer systems and distribute it around the organization
- Provide attention to the instructions before downloading and installing any programs from the Internet.
- Update the antivirus software regularly, so that it is aware of the new malware signatures.
- Evade opening the attachments received from an unidentified source as it is much likely to spread viruses via email.
- After installing the antivirus software, schedule regular scans for all drives in the host system.
- Only accept media devices or files post-scanning with the updated antivirus program.
Trojan horse is a malicious program masquerade to trick an unsuspicious user into downloading and installing it. Once it is activated Trojans purposefully accomplishes actions that the user doesn’t expect. Which may often involve establishing remote access on the affected system and allowing intruders to steal information, install other malware or silently monitor user activity through key loggers.
Earlier Trojans were mainly used for execution of distributed denial-of-service (DDoS) attacks, an effort to make a server or a network resource unavailable to users, but Nowadays, Trojans are often focused on gaining backdoor entries to the host and contacting a controller/attacker, who can then benefit from unauthorized access to the infected systems called as bots.
- Unnecessary or Unused ports in the hosts and firewalls must be blocked.
- Unused functionalities including protocols and services must be deactivated.
- Need to monitor the internal network traffic for odd ports or encrypted traffic.
- Avoid downloading and executing applications from untrusted platforms.
- Regularly update the security patches for the operating systems and applications.
- Limit permissions within the desktop environment to avoid malicious applications installation.
- Achieve system file integrity through checksums, auditing, and port scanning.
- Run local versions of antivirus, firewall, and intrusion detection software on the desktop.
Ransomware is particularly a threatening form of malware that confines access to the system it infects. Once the restriction is placed, it demands a ransom to be paid either by currency or bitcoin to the attacker, post which the restriction will be removed. Some forms of ransomware encrypt all the files of system's hard drive, while others would simply lock the computer and display messages with details of the ransom
Ransomware normally enters a system through a downloaded file or a vulnerability in network services and spreads itself in a manner similar to a conventional computer worm. Once a machine is infected, the malware will then execute a payload that initiates file encryption on the hard drive, with the attacker being the only individual having access to the necessary decryption key.
- Implement a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location. Backup copies of sensitive data should not be readily accessible from local networks.
- Scrutinize links contained in emails, and do not open attachments included in unsolicited emails.
- Enable automated patches for your operating system and Web browser.
- Early identification through next-gen network security and anti-malware solutions
- Capability to stop spread and lateral movement at endpoints leveraging advanced endpoint threat detection and response
- An integrated, advanced SOC and analytics capability for early detection and faster incident response.
- Prepare & Practice an incident response playbook which can be followed in case of such major infection.
The evolution of malware signifies an ongoing race between cyber attackers and network defenders, with the constant emergence of new threats and techniques to escape current security measures. Whether you are an IT professional, entrepreneur, or individual user, defending against these new attacks requires everyone to improve their awareness of malware operations. The battle of cybersecurity will never end, but the application of best practices and the effective sharing of available knowledge would give every organization the best chance to defend against cyber attacks.
Authored By - Rajesh Rao
TCS Cyber Security Practice