What is Malware?
Malware, short for “malicious software,” refers to any intrusive software developed by cybercriminals to steal data and damage or destroy computers and computer systems. Examples of common malware include viruses, worms, Trojan viruses, spyware, adware, and ransomware. Recent malware attacks have exfiltrated data in mass amounts.
7 Types of malware
1-Virus
Viruses are a subgroup of malware. A virus is malicious software attached to a document or file that supports macros to execute its code and spread from host to host. Once downloaded, the virus will lay dormant until the file is opened and in use. Viruses are designed to disrupt a system’s ability to operate. As a result, viruses can cause significant operational issues and data loss.
2-Worms
Worms are a malicious software that rapidly replicates and spreads to any device within the network. Unlike viruses, worms do not need host programs to disseminate. A worm infects a device via a downloaded file or a network connection before it multiplies and disperses at an exponential rate. Like viruses, worms can severely disrupt the operations of a device and cause data loss.
3-Trojan virus
Trojan viruses are disguised as helpful software programs. But once the user downloads it, the Trojan virus can gain access to sensitive data and then modify, block, or delete the data. This can be extremely harmful to the performance of the device. Unlike normal viruses and worms, Trojan viruses are not designed to self-replicate.
4-Spyware
Spyware is malicious software that runs secretly on a computer and reports back to a remote user. Rather than simply disrupting a device’s operations, spyware targets sensitive information and can grant remote access to predators. Spyware is often used to steal financial or personal information. A specific type of spyware is a keylogger, which records your keystrokes to reveal passwords and personal information
5-Adware
Adware is malicious software used to collect data on your computer usage and provide appropriate advertisements to you. While adware is not always dangerous, in some cases adware can cause issues for your system. Adware can redirect your browser to unsafe sites, and it can even contain Trojan horses and spyware. Additionally, significant levels of adware can slow down your system noticeably. Because not all adware is malicious, it is important to have protection that constantly and intelligently scans these programs.
6-Ransomware
Ransomware is malicious software that gains access to sensitive information within a system, encrypts that information so that the user cannot access it, and then demands a financial pay-out for the data to be released. Ransomware is commonly part of a phishing scam. By clicking a disguised link, the user downloads the ransomware. The attacker proceeds to encrypt specific information that can only be opened by a mathematical key they know. When the attacker receives payment, the data is unlocked.
7-Fileless malware
File-less malware is a type of memory-resident malware. As the term suggests, it is malware that operates from a victim’s computer’s memory, not from files on the hard drive. Because there are no files to scan, it is harder to detect than traditional malware. It also makes forensics more difficult because the malware disappears when the victim computer is rebooted. In late 2017, the Cisco Telos threat intelligence team posted an example of file-less malware that they called DNS Messenger.
What is phishing?( Think Before You Click)
Phishing attacks are counterfeit communications that appear to come from a trustworthy source but which can compromise all types of data sources. Attacks can facilitate access to your online accounts and personal data, obtain permissions to modify and compromise connected systems–such as point of sale terminals and order processing systems–and in some cases hijack entire computer networks until a ransom fee is delivered. Sometimes hackers are satisfied with getting your personal data and credit card information for financial gain. In other cases, phishing emails are sent to gather employee login information or other details for use in more malicious attacks against a few individuals or a specific company. Phishing is a type of cyber attack that everyone should learn about in order to protect themselves and ensure email security throughout an organization.
How does phishing work?
Phishing starts with a fraudulent email or other communication designed to lure a victim. The message is made to look as though it comes from a trusted sender. If it fools the victim, he or she is coaxed into providing confidential information–often on a scam website. Sometimes malware is also downloaded onto the target’s computer.
Cybercriminals start by identifying a group of individuals they want to target. Then they create email and text messages that appear to be legitimate but actually contain dangerous links, attachments, or lures that trick their targets into taking an unknown, risky action. In brief:
- Phishers frequently use emotions like fear, curiosity, urgency, and greed to compel recipients to open attachments or click on links.
- Phishing attacks are designed to appear to come from legitimate companies and individuals.
- Cybercriminals are continuously innovating and becoming more and more sophisticated.
It only takes one successful phishing attack to compromise your network and steal your data, which is why it is always important to Think Before You Click
Type of Phishing
1-Email Phishing
An email sent with the intention of deceiving you to act, such as updating a password or clicking on an attachment. 96% of all phishing attacks come via email.
2-Vishing
Also known as voice phishing occurs via phone. The caller typically leaves an “urgent” message, making recipients believe they will be fined or miss out on a potential windfall if they don’t respond immediately.
3-Angler Phishing
Targets social media users. Bad actors will direct message disgruntled customers, pretending to be customer service agents, to obtain personal information or other account credentials.
4-Pop-up Phishing
Fraudulent messages that “pop up” on otherwise legitimate websites that have been infected with malicious code and entice you to click on them to corrupt your device or data
5-Evil Twin Hotspots
Fraudulent Wi-Fi access points designed to trick users to connect to them so they can steal sensitive information or redirect links to malicious sites
6-Spear phishing
Spear phishing targets specific individuals instead of a wide group of people. That way, the attackers can customize their communications and appear more authentic. Spear phishing is often the first step used to penetrate a company’s defences and carry out a targeted attack. According to the SANS Institute, 95 percent of all attacks on enterprise networks are the result of successful spear phishing.
7-Microsoft 365 phishing
The methods used by attackers to gain access to a Microsoft 365 email account are fairly simple and becoming the most common. These phishing campaigns usually take the form of a fake email from Microsoft. The email contains a request to log in, stating the user needs to reset their password, hasn’t logged in recently, or that there’s a problem with the account that needs their attention. A URL is included, enticing the user to click to remedy the issue
Leave a Reply