APTs (Advanced Persistent Threats) get all the press, but generally the most common types of malware cause the most damage when considered in the aggregate. Broad-based attacker techniques are effective because they benefit from the reuse and recycling of the same basic sets of malicious code when targeting organizations. That's why it's important to drive awareness regarding these common types of malware.
Although the official Cyber Security Awareness Month ended in October, the awareness campaign continues as a yearlong program at AlienVault. That’s why we continuously strive to 'arm' our users with the latest information about new attack methods and techniques so that you can be ready to make informed decisions about how to protect your environment.
According to Verizon’s 2013 Data Breach Investigations Report, “Malware and hacking still rank as the most common [threat] actions”. In general, malware can range from being simple annoyances like pop-up advertising to causing serious damage like stealing passwords and data or infecting other machines on the network. And with malware accounting for at least 40% of all breaches*, knowing how to defend against infection can be very valuable – especially for the incident responder. Some of your best basic defenses to protect against malware infection include:
- Installing anti-virus tools
- Disabling auto-run applications
- Conducting traffic analysis
- Securing email usage
Malware is as old as software itself and although there are new types of malware constantly under development, they generally fall into a few broad categories. Check out this video to find out what we believe are the most common types of malware you should be prepared for…
Probably the most well-known and most common type of malware, viruses, consist of harmful programs designed to infect legitimate software programs. Once a person installs and runs the infected program, the virus activates and spreads itself to other programs installed on the computer before taking further action such as deleting critical files within the operating system. Similarly, worms are stand-alone programs that are able to transmit themselves across a network directly. Unlike a computer virus, worms do not need to attach themselves to an existing program. However both types of malware can cause severe damage by exploiting shared files and databases.
Another common type of malware is a Trojan Horse. Similar to Greek mythology, Trojans present themselves as harmless, useful gifts, in order to persuade victims to install them on your computer. Thus, Trojans typically appear as regular software. The catch is that the Trojan comes bundled with other software that often includes a backdoor allowing unauthorized access to your computer. Trojans do not attempt to inject themselves into other files or applications like computer viruses instead, they use tactics such as drive-by downloads or installing via online games in order to reach their targets.
The last types of malware that we’re going to talk about are adware and spyware. Though not technically fitting into the virus category, at times these programs may invade your privacy, contain malicious code and at the very least become a nuisance. Adware is a form of financially supported malware that usually presents itself as unwanted advertisements to the user. The Internet is filled with these types of programs that can hijack your PC for profit, most are hidden inside so-called “free” downloads and pop-up ads that forcibly install software on systems with active vulnerabilities.
Similarly, spyware is a type of malware that surreptitiously gathers information and transmits it to interested parties. Information gathered includes the websites visited, browser and system information and IP address. Spyware does not have any infection mechanisms and is usually dropped by Trojans. Once dropped, it installs itself on the victim’s computer and will begin collecting information silently as to avoid detection.
A zombie works in a similar way to spyware. The difference is that a zombie does not usually collect information from the computer. Instead, it just sits there waiting for commands from a command-and-control server controlled by the attacker. Attackers infect tens of thousands of computers, turning them into zombies and then issuing commands so that all of them instantaneously send network requests to a target host, overwhelming it with traffic also known as a DDoS attack or distributed denial of service.
So, what can you do? First, make sure you’re following basic security protocols like keeping your firewall turned on and not opening spam email messages or clicking on suspicious website links. But this type of security can only go so far. With all the threats to address, risks to calculate and systems to rectify, dealing with them all at once is an insurmountable job. The only effective approach to handling threats is in a just-in-time manner: discovering when things are becoming an issue and then rectifying them at that time.
By using built-in security capabilities like asset discovery, inventory, vulnerability assessment and more, AlienVault USM provides accurate and timely detection of malware infection and system compromise so you can focus on the threats that matter. Additionally, AlienVault's Open Threat Exchange (OTX) is the largest collaborative threat intelligence system. OTX provides real-time, actionable information and tools to learn about the latest threats and defensive tactics. Test drive AlienVault for yourself today!
And in the meantime, stay focused on the essentials.
*Source: Verizon 2013 Data Breach Investigations Report (http://www.verizonenterprise.com/DBIR/2013/)