365 days a year: solutions, knowledge and networking.
Find and offer innovative IT security solutions, take part in our diverse action program and make and maintain contacts.
Become part of the it-sa 365 community!
So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.
So that you can make an onsite appointment, the appointment request will open in a new tab.
3. Always on guard - where does malware danger lurk?
4. Malware - tips and tricks to avoid malicious software
5. Is your device infected? How you can recognize malware
6. Effective against rootkit & co. - protect your devices with these anti-malware solutions
Malware is one of those terms that every computer user has heard. However, many ask themselves the question: What is malware? Malware is an umbrella term and a fusion of the two words "malicious" and "software".
These are malicious programmes. Their aim is to damage, encrypt or otherwise manipulate files. The motivations and goals of the programmers of such malware can be of different natures:
According to the Federal Office for Information Security (BSI), the number of new malware variants fell to 6 million in 2020. Trotzdem ist das noch lange kein Grund zur Entspannung. Quite the opposite. Malware continues to be an acute threat to private internet users, the economy and the public.
Malware takes many forms, attacking computer users in different ways. Moreover, along with technological progress, attack methods also evolve. These are the most common types of malware:
Ransomware encrypts important files or entire networks in order to lock out legitimate administrators. The term was composed of the English words "ransom" and "software". Cyber criminals use these malware programs to demand a ransom from the victims.
The victims must pay hundreds or even thousands of euros or dollars within a specified period of time. To obtain the decryption key, they are required to follow specific instructions. Often, a transfer of money in the form of cryptocurrency is necessary. If the money is not paid, the blackmailers destroy, publish or lock the data forever. Read this article to find out which are the five most common gateways into the company network. In the whitepaper, you will also learn how companies can protect themselves against the constant threat of ransomware.
A relatively new variant sucks sensitive data out of attacked systems before holding them digitally hostage. This means that even if victims make backup copies of the files, the blackmailers can simply publish the data after the payment deadline has expired if payment is not made.
Rootkits include tools that give the user access to the administrator level of computers and networks. They hide their existence from legitimate users for a long time. An unauthorised person gains control of the computer, can remotely open files and change system configurations. Programmers of such malware also gain access to a system's log files, tracking every user activity. Rootkits are even able to hijack and infiltrate security systems, making them extremely difficult to detect.
Spyware is software that infiltrates a computer system, usually unnoticed. These programmes steal data and forward it to unauthorised third parties. These can be, for example, advertising or data companies or other questionable parties. Theft of identities, bank account or credit card data is within the realm of possibility. The most common variants of this type of malware include:
Similar to their biological relatives, computer viruses attach themselves to healthy files or clean code. Often it is an executable EXE file. As soon as the computer owner activates it, the infection begins to spread. It infects other healthy files in order to damage or delete them. This uncontrolled spread can eventually disrupt or damage the core functions of a system if left untreated.
The computer worm does not need to attach itself to clean code or healthy files. Instead, it reproduces itself over and over again without any human help. In this way, spreading quickly takes place on several computers.
Worms also modify or delete files. They can take up so many resources of a computer that system overloads occur. They are also able to steal data or create an entrance to a system for hackers. Thus, these cybercriminals take control of the computer and its system settings.
Exploits specifically exploit software vulnerabilities to break into a network. Here they gain more access rights to penetrate deeper into the system. An exploit can be part of a multi-faceted attack strategy and place another malware, e.g. a Trojan.
Rogueware pretends that there is a problem or malware infection on the computer. The problem is usually supposed to be solved by a click or a download of dubious software. The victims are supposed to either spend money on it or install additional malware if they believe in the authenticity of these warnings.
Typically, a warning window appears that looks like a legitimate programme - for example in the form of a malware scanner. The programme then demands the installation of additional software or payment for a full version.
The fileless malware, as the name already suggests, does not need any files to spread. It is neither stored in a file nor installed directly on the computer. This species is difficult to detect because it leaves no traces. Instead, it runs software that is already on a computer to cause damage via its scripts.
The combination of the words "robot" and "network" describes a network of hijacked computers. An attacking entity, also called a bot-herder, uses such a network for fraudulent activities and cyber attacks. With the help of this majority of bots, a large-scale attack can be carried out that would not be possible with simple malware. Users of such a botnet can even rent out components of the network on the black market to earn money.
A lot of computer power is needed to create cryptocurrency. The corresponding malware uses the resources of other people's smartphones or computers to generate crypto revenue for cybercriminals. Meanwhile, these resources are lacking for the legitimate users of this system.
In addition to these well-known malware programmes, there are many other variations and malware that infect networks or computer systems. This is why great caution and thorough protection are always required when dealing with the Internet.
In the end, the biggest vulnerabilities are mostly with the end-user, i.e. the human being, and not necessarily with the software. There are different ways in which consumers become infected with malware. It enters the computer when users:
Basically, users need to be suspicious of everything they download onto their computer or mobile device. Especially if apps or software want to access personal data as well as email contacts, they should be careful. Often, a system signals these access attempts with a warning message that users must not ignore.
However, the attack methods are now very sophisticated. Even cautious and especially inexperienced people fall into one trap or another. It is often difficult to distinguish between trustworthy and dubious software and app sources.
There have even been cases of mobile device users accidentally tapping invisible buttons on mobile websites. Without their knowledge, they activated direct payment options that were billed via the mobile phone number.
Malware also sneaks in via external data carriers. A USB stick or an external hard drive that is connected to the computer is already enough for an infection. If these come from dubious sources, it is better not to use them.
Threats lurk everywhere. But that is no reason to fall into paranoia. There are many ways in which computer users can defend themselves against malware and avoid infections.
In order to install malware on the computer unawares, users usually have to click on something first. Often it is simply a suspicious link masquerading as a legitimate offer. However, there are some clues to identify malicious links:
If there is any uncertainty about the seriousness of a source, Internet users should first close the website in question. Then an investigation is carried out before it is called up again. Even if this requires effort, work and time, the following procedures are recommended in such a case:
Anti-malware software minimises a computer's vulnerability to malware. These programmes are also known as malware cleaners or virus scanners.
Anti-malware programmes are able to block malware from entering a computer system in the first place. They also delete malware from the computer that has already entered the system.
Even if there is no sign of malware infection, an anti-malware programme will run regular scans. This is the only way to permanently guarantee security on an end device.
To check how effective the protective measures really are, there is also the option of hacking yourself with Breach and Attack Simulation (BAS) tools.
Firewalls fend off threats lurking on the internet or other networks, which includes malware. They can be installed on the computer. Internet routers may also have firewalls. These should be active to protect the entire network connected to them.
A firewall is a kind of checkpoint. This instance stands between the local computer or network and the Internet or another network. The firewall checks whether programmes installed on the computer are allowed to access the Internet and vice versa. It also controls the communication of the local computer with other end devices within the same network.
Many malware variants exploit security gaps in operating systems or other software components. Therefore, regular updates are essential to guarantee the security of the system.
Tech companies can only guarantee protection if device users install the security patches contained in updates. The same applies to browser updates and important or even seemingly unimportant software that is on the computer or mobile devices.
Regularly backing up important files to a trusted external storage device or cloud service is generally a good idea. Something unexpected can always happen to your own computer. It is not an all-purpose weapon, but private or economic damage can be minimised. Even if the files are taken hostage by ransomware, users of a regular backup system have a backup if they do not want to pay the ransom.
The market for anti-malware solutions is large. Precisely because the various dangers seem very omnipresent, numerous service providers offer their protection. Consumers can easily lose track of this oversupply. Therefore, here is a list of ransomware protection, spyware scanners and other anti-malware software that is worthwhile.
Bitdefender offers many different features for both Apple and Windows users. This also applies to Android and iOS. Included are, among others:
A Quick Scan, as the name promises, performs a quick check of the system. A full system scan can also be performed. These scans can be scheduled for each start of the computer or daily, weekly or monthly. Even incoming and outgoing e-mails can be checked.
Ransomware protection offers scanning of software as well as search results. This prevents contact with dangerous websites in the first place. A firewall is also part of the package. Independent test labs such as AV-Test give the anti-malware software 100 percent ratings in terms of protection and performance.
The malware protection, which is compatible with Windows, macOS, Android and iOS, can perform a quick and complete scan as well as an examination of external devices. A user-defined check of specific areas and folders is also executable. Scans can be scheduled, as with similar software. Users can tailor the malware protection specifically to their needs. Thus, these individual protection levels may be switched on and off individually:
Malwarebyte is available free of charge and in a paid premium version. It is suitable for macOS and Windows as well as for Android mobile devices. For consumers who are still hesitating with their decision, the provider offers a 14-day free trial subscription. This enables them to test various functions.
After the Malwarebyte download, the free version grants its users manual scans of the entire computer. A quick scan only deals with the working memory. With the custom scan, the programme only focuses on certain drives and folders. Users can also schedule scans in advance.
However, those who want more comprehensive protection against malware must switch to the premium package. Only the paid version fends off viruses, adware, ransomware and more. Furthermore, the exploit protection examines the systems for vulnerabilities. Unfortunately, a firewall is missing.
