Understanding how malware works and what vulnerabilities it attempts to manipulate is an important part of cyber security. We asked our Director of IT to shed some light on what malware is, and how organizations can defend against it.
What is Malware?
Malware, short for malicious software, is any software that is deliberately harmful. Malware is one type, of many, cybersecurity threat. There are different types of malware, typically categorized by how it is spread, and what damage or harm it causes.
Types of Malware
The oldest type of malware is a “virus.” They are called viruses because of their similarity to animal viruses. Animal viruses need a host to infect and spread. Similarly, a computer virus also needs a human to cause the infection, by opening a file, and to spread it by transferring the file to others via email, USB, shared storage etc. The type of damage a virus can do ranges from a small nuisance to catastrophic.
“Worms” are another type of malware. Unlike viruses, worms do not require any human interaction to spread. Worms look for vulnerabilities in systems and software that they can exploit to install themselves and spread further. Their ability to spread without humans makes worms very dangerous.
“Trojans” are another common type of malware. You may have heard of the story of the Trojan War, where a large wooden horse was gifted to the Trojans by the Greeks. The Trojans accepted the gift and brought the horse within the gates of the city of Troy. Unknown to the Trojans, the horse was filled with Greek soldiers who later opened the gates for additional soldiers to attack the city. Trojan malware is similar. Trojans are software that advertises its purpose as one thing but does another. A good example of this might be a weather application. It might give you valid weather information, but what else is it doing? Trojans can do a wide range of things like download other malware, steal data, or encrypt files.
“Ransomware” is another common type of malware, maybe the most devastating type of malware. It is designed to hold critical data hostage for a ransom payment. Attackers encrypt an organization’s data using strong encryption and then promise the decryption key if an organization pays the ransom. Organizations typically need to restore from backup in the event of ransomware.
“Spyware” and “Adware” are additional types of malware. The purpose of Spyware is to spy on you by recording your computer and web activity. The purpose of Adware is to display targeted advertisements to you to get you to click or buy.
How can organizations protect themselves against malware?
Good cybersecurity requires Defense in Depth. Malware is just one of the tools an attacker has. This means you need a multipronged approach to protecting your digital assets. There are three key components to preventing malware on your organization’s computer systems.
The first is to limit the use of administrative rights. Strong security follows the principle of least privilege. Employees should only be granted the minimum level of access required to do their jobs. No more, no less. Limiting the use of administrative rights can prevent some malware from being installed, and it can also help limit the damage it does if it gets installed. If an employee with admin rights accidentally installed malware, that malware will also have administrative rights giving it the power to do unlimited damage. If that same employee has admin rights to other computers, this can make it much easier for the malware to spread.
The second is to ensure up to date anti-malware or anti-virus software is installed on all workstations and servers. It is important to ensure that the anti-virus software is up to date so that it can recognize and detect the latest types of malware. Routine scans should also be performed and results monitored to ensure any infections get cleaned up properly. Organizations can also utilize Enhanced Detection and Response (EDR) software or Extended Detection and Response (XDR) software to add another layer of protection. Adding Managed Detection and Response (MDR) services is also a good option to ensure that the appropriate actions are being taken when something is detected.
The third is to keep all software like firmware, applications, operating systems and hypervisors up to date. Installing the manufacturer’s latest updates or patches helps plug any holes that attackers or malware may use to install itself, take advantage of to cause damage, or to spread itself.
To learn more about malware and how to defend against it, contact us today!