05/26/2021
Industry News

Management, Awareness and Compliance

Targeting the enemy: All about malware and how to combat it effectively

As soon as Internet users go online, numerous malicious programs in the form of various malware types are waiting with weapons drawn. With defense strategies and software, you can adequately defend computer systems.

Written by Thomas Philipp Haas

The Internet offers its users a lot of freedom and a lot of new information and aspects to discover. However, this liberality is accompanied by numerous dangers. Malware can be found at every digital corner and infects unprotected or poorly secured computers.

1. Malware: Definition 2. Dangerous malware: These are the most common types of malware

3. Always on guard - where does malware danger lurk?

4. Malware - tips and tricks to avoid malicious software

5. Is your device infected? How you can recognize malware

6. Effective against rootkit & co. - protect your devices with these anti-malware solutions

Loading component...

1. Malware: Definition

Malware is one of those terms that every computer user has heard. However, many ask themselves the question: What is malware? Malware is an umbrella term and a fusion of the two words "malicious" and "software".

These are malicious programmes. Their aim is to damage, encrypt or otherwise manipulate files. The motivations and goals of the programmers of such malware can be of different natures:

Financial reasons
Cyber attacks supported and sponsored by nations
Corporate espionage
Political activism
Theft of sensitive data and resourcesen

According to the Federal Office for Information Security (BSI), the number of new malware variants fell to 6 million in 2020. Trotzdem ist das noch lange kein Grund zur Entspannung. Quite the opposite. Malware continues to be an acute threat to private internet users, the economy and the public.

Loading component...

2. Dangerous malware: These are the most common types of malware

Malware takes many forms, attacking computer users in different ways. Moreover, along with technological progress, attack methods also evolve. These are the most common types of malware:

Ransomware
Rootkit
Spyware
Viruses
Computer worms
Exploit
Rogueware
Fileless Malware
Botnets
Cryptocurrency Miner Malware

Ransomware

Ransomwareencrypts important files or entire networks in order to lock out legitimate administrators. The term was composed of the English words "ransom" and "software". Cyber criminals use these malware programs to demand a ransom from the victims.

The victims must pay hundreds or even thousands of euros or dollars within a specified period of time. To obtain the decryption key, they are required to follow specific instructions. Often, a transfer of money in the form of cryptocurrency is necessary. If the money is not paid, the blackmailers destroy, publish or lock the data forever. Read this article to find out which are the five most common gateways into the company network. In the whitepaper, you will also learn how companies can protect themselves against the constant threat of ransomware.

A relatively new variant sucks sensitive data out of attacked systems before holding them digitally hostage. This means that even if victims make backup copies of the files, the blackmailers can simply publish the data after the payment deadline has expired if payment is not made.

Rootkit

Rootkits include tools that give the user access to the administrator level of computers and networks. They hide their existence from legitimate users for a long time. An unauthorised person gains control of the computer, can remotely open files and change system configurations. Programmers of such malware also gain access to a system's log files, tracking every user activity. Rootkits are even able to hijack and infiltrate security systems, making them extremely difficult to detect.

Spyware

Spyware is software that infiltrates a computer system, usually unnoticed. These programmes steal data and forward it to unauthorised third parties. These can be, for example, advertising or data companies or other questionable parties. Theft of identities, bank account or credit card data is within the realm of possibility. The most common variants of this type of malware include:

Adware: Programmes that spy on the browser history of the infected person after downloading. On this basis, the interests of those affected in products and services are inferred. The adware finally displays similar offers to encourage clicks and purchases. In addition to violating privacy, this type of malware can extremely impair the performance of a computer.
Trojan: In the style of the famous Trojan horse in Homer's Iliad, this spyware appears as legitimate software. Attack victims therefore download it onto their computer without suspicion. In this way, unauthorised persons gain access to sensitive data and information without legitimate users noticing for a long time.
System monitor: This spyware often poses as freeware, i.e. free software. It can monitor everything that happens on a computer, from keystrokes to e-mails, chat dialogues and websites visited to all programmes run.
Keyloggers: This malware watches everything users type on their computer. They accomplish this type of spying by recording keystrokes. This includes passwords and other important information that should not fall into the hands of unauthorised persons.

Viruses

Similar to their biological relatives, computer viruses attach themselves to healthy files or clean code. Often it is an executable EXE file. As soon as the computer owner activates it, the infection begins to spread. It infects other healthy files in order to damage or delete them. This uncontrolled spread can eventually disrupt or damage the core functions of a system if left untreated.

Computer worms

The computer worm does not need to attach itself to clean code or healthy files. Instead, it reproduces itself over and over again without any human help. In this way, spreading quickly takes place on several computers.
Worms also modify or delete files. They can take up so many resources of a computer that system overloads occur. They are also able to steal data or create an entrance to a system for hackers. Thus, these cybercriminals take control of the computer and its system settings.

Exploit

Exploits specifically exploit software vulnerabilities to break into a network. Here they gain more access rights to penetrate deeper into the system. An exploit can be part of a multi-faceted attack strategy and place another malware, e.g. a Trojan.

Rogueware

Rogueware pretends that there is a problem or malware infection on the computer. The problem is usually supposed to be solved by a click or a download of dubious software. The victims are supposed to either spend money on it or install additional malware if they believe in the authenticity of these warnings.

Typically, a warning window appears that looks like a legitimate programme - for example in the form of a malware scanner. The programme then demands the installation of additional software or payment for a full version.

Fileless Malware

The fileless malware, as the name already suggests, does not need any files to spread. It is neither stored in a file nor installed directly on the computer. This species is difficult to detect because it leaves no traces. Instead, it runs software that is already on a computer to cause damage via its scripts.

Botnets

The combination of the words "robot" and "network" describes a network of hijacked computers. An attacking entity, also called a bot-herder, uses such a network for fraudulent activities and cyber attacks. With the help of this majority of bots, a large-scale attack can be carried out that would not be possible with simple malware. Users of such a botnet can even rent out components of the network on the black market to earn money.

Cryptocurrency Miner Malware

A lot of computer power is needed to create cryptocurrency. The corresponding malware uses the resources of other people's smartphones or computers to generate crypto revenue for cybercriminals. Meanwhile, these resources are lacking for the legitimate users of this system.

In addition to these well-known malware programmes, there are many other variations and malware that infect networks or computer systems. This is why great caution and thorough protection are always required when dealing with the Internet.

Loading component...

3. Always on guard - where does the malware danger lurk?

In the end, the biggest vulnerabilities are mostly with the end-user, i.e. the human being, and not necessarily with the software. There are different ways in which consumers become infected with malware. It enters the computer when users:

Access compromised websites
Download infected files
Install programmes or apps from unknown providers on their end devices
Open suspicious email attachments from dubious accounts

Basically, users need to be suspicious of everything they download onto their computer or mobile device. Especially if apps or software want to access personal data as well as email contacts, they should be careful. Often, a system signals these access attempts with a warning message that users must not ignore.

However, the attack methods are now very sophisticated. Even cautious and especially inexperienced people fall into one trap or another. It is often difficult to distinguish between trustworthy and dubious software and app sources.

There have even been cases of mobile device users accidentally tapping invisible buttons on mobile websites. Without their knowledge, they activated direct payment options that were billed via the mobile phone number.

Malware also sneaks in via external data carriers. A USB stick or an external hard drive that is connected to the computer is already enough for an infection. If these come from dubious sources, it is better not to use them.

Loading component...

4. Malware - Tips and tricks for avoiding malware

Threats lurk everywhere. But that is no reason to fall into paranoia. There are many ways in which computer users can defend themselves against malware and avoid infections.

Avoid suspicious links

In order to install malware on the computer unawares, users usually have to click on something first. Often it is simply a suspicious link masquerading as a legitimate offer. However, there are some clues to identify malicious links:

System warnings that appear when a website is accessed, indicating a danger on the computer.
Advertisements for winning a prize that can be claimed simply by clicking on a link.
Pop-up windows often contain malware or attempt to lure Internet users to an unsafe website. However, most reputable sites do not use pop-up windows in the first place or modern browsers now block them by default.
Every person should immediately become sceptical if they are forced to download something - especially if it has nothing to do with the website they are currently visiting. This is most likely malware.
Ambiguous and lurid headlines often constitute so-called clickbait. As the name suggests, this method is intended to entice a click. Generally, malware is already lying in wait to be downloaded by such a click.
E-mails and messages via instant messenger from unknown sources that contain links must not be clicked on under any circumstances.

Identify suspicious pages

If there is any uncertainty about the seriousness of a source, Internet users should first close the website in question. Then an investigation is carried out before it is called up again. Even if this requires effort, work and time, the following procedures are recommended in such a case:

Ask acquaintances or colleagues who deal with similar issues whether they know the site or have had experience with it.
Search search engines or relevant professional forums for information and testimonials about the organisation running the site.
Check the address bar as soon as the page opens - occasionally users end up on a completely different page that just looks similar to the original page. A glance at the address bar is all it takes to identify this suspicious activity.
With Google Safe Browsing Diagnostic (https://transparencyreport.google.com/safe-browsing/search?hl=en) or Sucuri SiteCheck (https://sitecheck.sucuri.net), a malware scan can be carried out online. Internet users simply have to copy the URL into the search field provided and click on a scan button. The tool then scans the website for malware, viruses, blacklisting status, errors on the website, outdated software or other problems.
Also interesting: Read here how Duo and Umbrella prevent malware and phishing attacks at Texas A&M.

Installing a malware scanner

Anti-malware software minimises a computer's vulnerability to malware. These programmes are also known as malware cleaners or virus scanners.

Anti-malware programmes are able to block malware from entering a computer system in the first place. They also delete malware from the computer that has already entered the system.

Even if there is no sign of malware infection, an anti-malware programme will run regular scans. This is the only way to permanently guarantee security on an end device.
To check how effective the protective measures really are, there is also the option of hacking yourself with Breach and Attack Simulation (BAS) tools.

Install firewall

Firewalls fend off threats lurking on the internet or other networks, which includes malware. They can be installed on the computer. Internet routers may also have firewalls. These should be active to protect the entire network connected to them.

A firewall is a kind of checkpoint. This instance stands between the local computer or network and the Internet or another network. The firewall checks whether programmes installed on the computer are allowed to access the Internet and vice versa. It also controls the communication of the local computer with other end devices within the same network.

Carry out regular updates

Many malware variants exploit security gaps in operating systems or other software components. Therefore, regular updates are essential to guarantee the security of the system.

Tech companies can only guarantee protection if device users install the security patches contained in updates. The same applies to browser updates and important or even seemingly unimportant software that is on the computer or mobile devices.

Make regular backups

Regularly backing up important files to a trusted external storage device or cloud service is generally a good idea. Something unexpected can always happen to your own computer. It is not an all-purpose weapon, but private or economic damage can be minimised. Even if the files are taken hostage by ransomware, users of a regular backup system have a backup if they do not want to pay the ransom.

Loading component...

5. Is your device infected? How you can recognise malware

Of course, only with a malware scanner and regular checks can you really be sure whether your computer has been compromised. However, a sudden drop in computer performance, system crashes or a frozen screen can be the first signs of malware infestation. But there are plenty of other computer problems that cause these symptoms.

Some cleverly programmed malware does not even cause this kind of difficulty, but acts silently and secretly. A firewall that suddenly shuts down on its own, anti-malware software that no longer works and strange Internet activity also point to a malware infection. Furthermore, there may be unknown error messages, penetrating advertisements or mysterious memory loss. Sometimes files can no longer be opened or disappear completely - these are all typical symptoms by which users can recognise malware.

Loading component...

6. Effective against rootkit & co. - Protect your devices with these anti-malware solutions

The market for anti-malware solutions is large. Precisely because the various dangers seem very omnipresent, numerous service providers offer their protection. Consumers can easily lose track of this oversupply. Therefore, here is a list of ransomware protection, spyware scanners and other anti-malware software that is worthwhile.

Bitdefender

Bitdefender offers many different features for both Apple and Windows users. This also applies to Android and iOS. Included are, among others:

Manual scan
Real-time protection
Web protection

A Quick Scan, as the name promises, performs a quick check of the system. A full system scan can also be performed. These scans can be scheduled for each start of the computer or daily, weekly or monthly. Even incoming and outgoing e-mails can be checked.

Ransomware protection offers scanning of software as well as search results. This prevents contact with dangerous websites in the first place. A firewall is also part of the package. Independent test labs such as AV-Test give the anti-malware software 100 percent ratings in terms of protection and performance.

Kaspersky Internet Security

The malware protection, which is compatible with Windows, macOS, Android and iOS, can perform a quick and complete scan as well as an examination of external devices. A user-defined check of specific areas and folders is also executable. Scans can be scheduled, as with similar software. Users can tailor the malware protection specifically to their needs. Thus, these individual protection levels may be switched on and off individually:

File anti-virus that scans files individually
Web anti-virus that checks all Internet data traffic
Programme control of all software installed on the computer
Firewall that filters network activity

Malwarebyte

Malwarebyte is available free of charge and in a paid premium version. It is suitable for macOS and Windows as well as for Android mobile devices. For consumers who are still hesitating with their decision, the provider offers a 14-day free trial subscription. This enables them to test various functions.

After the Malwarebyte download, the free version grants its users manual scans of the entire computer. A quick scan only deals with the working memory. With the custom scan, the programme only focuses on certain drives and folders. Users can also schedule scans in advance.

However, those who want more comprehensive protection against malware must switch to the premium package. Only the paid version fends off viruses, adware, ransomware and more. Furthermore, the exploit protection examines the systems for vulnerabilities. Unfortunately, a firewall is missing.

SpyHunter 5

SpyHunter 5 is available for Windows and Mac. It is, as the name suggests, specifically a spyware scanner. Consumers should therefore not use this scanner as a replacement, but at best as an addition to an anti-malware programme.

SpyHunter 5 is available free of charge. However, this version is limited to scanning only and not to spyware removal. If you want to run an effective anti-spyware, you have to resort to the paid package. For this purpose, it can remove numerous variations of these malicious programmes. Furthermore, the programme detects and blocks any additional threats because it always operates in the background.

User-defined scans are possible as well as quick scans. In addition, specific areas of the computer system can be scanned. If the SpyHunter programme accidentally deletes a file, it can be restored.

These are just a few of the many anti-malware solutions available on the market. Whether individual packages are sufficient or complete solutions are the right choice is something each user must decide individually. The fact is: Anyone who wants to protect their software and hardware from malware should take the protective measures outlined in this article to heart.

Loading component...

it-sa 365 is available to you as a digital HOME OF IT SECURITY all year round

As a registered participant, you can use the platform free of charge and have the opportunity to network with experts 365 days a year, make appointments with each other and enter into direct dialogue via chat or video call. We will also keep you up to date with news about our digital programme.

Loading component...

Author

Thomas Philipp Haas

Director Marketing it-sa

NürnbergMesse