Malware and spam are globally on the rise due to COVID-19. Barracuda researchers have seen a steady increase in the number of COVID-19-related email attacks since January 2020, but they have observed a recent spike in this type of attack – up 667% since the end of February. It is vital, especially during these vulnerable times, that companies can recognise and protect themselves from all the different forms Malware can take.
The term malware refers to software that damages devices, steals data and in general, causes chaos. Malware is an abbreviation of "malicious software," is a type of computer program whose purpose is to infect a computer. Targets often do not realise they are downloading something malicious as often, it will appear to be legitimate.
Malware today is almost entirely designed by criminals as a means of personal gain. Cyber criminals use a long list of ever growing tactics to evade detection while acquiring stolen, digital property.
The main risk that cyber criminals pose to people and companies is securing banking and credit card accounts and passwords, sensitive information related to business practices, or the personal information of users stored by a company. The people who acquire this information illegally often use it to empty bank accounts or max out credit cards. Often they’ll even sell the information to other criminals. These can be underground criminal organizations who want access to tools such as money or false personal information. Even some governments use these techniques in order to gather intelligence.
Types of Malware
There are many different types of Malware, below is a few common ones:
- Virus: Computer viruses attach themselves to clean files and then infect other clean files. They can spread quickly, and often damage a system’s core functionality by deleting or corrupting files.
- Trojans: This kind of malware disguises itself as legitimate software, or is included in legitimate software that has been altered. Trojans often stay under the radar, and exist to create backdoors in your computer security to allow for further infection.
- Spyware: Spyware is malware built to spy on you. It hides in the background and takes notes on what you do online, and uses this to gather sensitive information about you.
- Worms: Worms take over entire networks, both local or across the internet, by using network interfaces. The worm uses the network to travel from device to device, infecting as it goes.
- Ransomware: otherwise known as scareware, ransomware can lock down your computer and threaten to destroy your data unless a ransom is paid.
- Adware: While not always malicious, aggressive advertising software can diminish PC security in order to serve ads. Also, even if not directly dangerous, pop-ups destroy the quality of a user experience.
- Botnets: These are networks of computers already infected, made to work together by a remote attacker, often without users being aware of the hijacking.
How to Prevent Malware Infection
While it is possible to remove malware from a system, and return to an uninfected state, it will always be more beneficial to prevent contamination in the first place. The most effective methods for avoiding infection are:
- Install antivirus / anti-malware programs: These programs should be configured to automatically look for signs of activity in both downloads and active files. Many programs can also monitor suspicious websites or harmful email messages.
- Learn how to spot a scam: Bought to you by the Australian Government's ACCC, The Little Black Book of Scams is designed to protect Australian's against cybercrime through education.
- Adjust behavior: Start by avoiding untrustworthy emails and attachments from suspicious accounts. Malware sometimes spreads by sending copies of itself to everyone found in a contact list.
- Regularly update software: Not only anti-virus software, but also key programs on your computer, especially your web browser and local email client. This way, your computer is more likely to recognise newer threats.
- Practice safe browsing: Consider the websites you visit, and avoid clicking on links or downloading files that seem suspicious or disingenuous.
- Learn: Watch tutorials about how to spot a phishing email, or malicious software.
- Use strong passwords and a password manager: An effective password is complex, non personal, changed often, and unique to each website. This will greatly increase the security of your various web accounts.
- Check the strength of your secure connection: Look for the padlock icon to the left of the URL and check that the URL reads ‘https’ instead of ‘http’. If it’s there, then that means the information passed is secure.
- Set up a reliable firewall: This is extremely important. A firewall protects computers from a huge number of exploits and vulnerabilities. On its own, a software-based firewall isn't enough to protect systems from the constant automated attacks prevalent across all Internet-connected systems. Because of this, it is important that all high value PCs connected to the Internet should be protected by a hardware-based firewall.
How Malware Gets on Your Computer
- Phishing attacks, where emails, disguised as legitimate messages contain malicious links or attachments.
- Software downloads, that seem to be safe like a simple image, video, or audio file, but are actually harmful files that install malicious programs. “Drive-by downloads” automatically download malicious programs to computers without their approval or knowledge.
- Local storage devices, such as USB drives or other external storage, are plugged into a computer and spread infection
How Powernet Can Help
One of the most challenges things about Malware is that it is continually changing and updating new evasive measures and backdoor techniques to fool users and security services. The best way to keep your company safe is to prevent contamination in the first place.
Powernet provides sophisticated cyber security solutions, we understand that every business has different technical, regulatory and industry specific vulnerabilities. Our solutions work in combination to enable real time malware and cyber defense, blocking of malicious attacks, training of your staff to understand the different types of threats and analysis of your traffic to stop attacks before they happen.
Check out this free cloud app scanner to see where your cloud platforms might be vulnerable.