Malware is one of the most common cyber security threats that organisations and individuals face. Whenever someone talks about their computer being infected, encountering =bots or even falling victim to a scam email, malware is normally involved.
It’s why anti-malware software is usually considered a top priority for staying safe online. However, those tools are not flawless. For example, they can only spot known types of malware, and according to the AV-Test Institute, almost half a million new types of malware are detected each day.
But how exactly does malware work? In this blog, we explain everything you need to know about it, including our top 8 tips for preventing malware attacks.
What is malware?
Malware, or malicious software, is a broad term that refers to any type of code that intends to harm a computer.
It can do this in a number of ways, such as:
- Stealing, encrypting or deleting sensitive information;
- Hijacking or altering core system functions;
- Monitoring user activity; and
- Spamming the device with adverts.
Types of malware
There are many different types of malware, but there are seven types that are extremely common:
- Adware displays ads on your computer – typically in the form of popups and windows that can’t be closed.
- Spyware monitors Internet activity and gathers information, which can either be sold to a third party or used to target you with adware.
- Bots run automatic and often repetitive tasks over the Internet. This might not necessarily be for criminal purposes (think, for example, of Twitterbots, which tweet or follow other accounts), but bots can be used to harness multiple computers in a botnet and create a more powerful threat.
- Ransomware spreads through a target’s systems, encrypting files as it goes. The criminals behind the attack then demands a payment in exchange for the decryption key.
- Trojan horses masquerade as something useful in an attempt to trick people into downloading a malicious file.
- Viruses copy themselves and spread, undetected, to other victims. They can do this by attaching themselves to programs, script files, documents and cross-site scripting vulnerabilities in web apps.
- Worms are self-contained and self-propagating viruses. They usually show up via email and instant messages, and spread over networks by exploiting operating system vulnerabilities.
How is malware distributed?
Malware is delivered in one of several ways, but the most common method by far is phishing. This is a type of fraud in which bogus messages appear as though they have come from a genuine source and encourage the user to follow a link or download an attachment.
For instance, an email might look as though it is from Amazon with an order confirmation for a product the individual hasn’t made. Or perhaps the email contains an invoice attached and is sent to an employee’s work address.
Whatever form the message takes, it’s almost always designed to create a sense of urgency and pressure the recipient into acting immediately.
If the email contains an attachment, there will be malware hidden within it – often contained in a macro on a Word file – which is unleashed as soon as the user opens the file or approves the macro.
By contrast, phishing emails that direct users to another website are typically designed to capture login credentials, but the bogus website might also use another method of malware delivery: drive-by downloads.
Compromised websites can be laced with malware, which infect users’ devices after they inadvertently click a pop-up window that gives the site permission to download an attachment. The windows usually mask as something genuine, such as an error message that looks as though it’s part of the computer’s operating system.
A subset of this is social network spam. Cyber criminals include bogus links on these platforms that direct visitors to a compromised website. For example, a video link might ask you to install a bogus video player plugin, which contains malware.
How to prevent malware attacks in 2023
As we’ve explained, malware can attack you in many different ways, so there’s no one way to prevent infections. However, there are certain measures you can take to protect you from an array of threats.
Here are eight things you can do to get started:
- Install anti-malware software: These tools help protect your computer from viruses and other malicious software.
- Update software and operating systems: Keeping software and operating systems updated is essential, because updates often include security patches that address vulnerabilities.
- Disable macro scripts in Microsoft Office files: Macro scripts can be used to execute malicious code, so it’s a good idea to disable them in Microsoft Office files unless you know that they are safe.
- Back up important data: Backing up valuable files ensures that you have copies of information in case the data is compromised in a cyber attack.
- Use a VPN: These tools give you secure remote connections between servers that are held in separate places.
- Provide staff awareness training: Educating employees about cyber security best practices can help them understands the threats they face, such as phishing, and ensure that they prevent avoidable mistakes.
- Implement access controls: These protections ensure that only authorised personnel can view sensitive information.
- Use email filters: These identify known malware hidden within emails and block those messages from employees’ inboxes.
Covering the essentials
If you want more advice on preventing malware attacks, we recommend Cyber Essentials. It’s a UK government-backed scheme that outlines the basic measures that organisations can take to secure their systems.
It contains five controls, one of which focuses on malware protection, and when they’re implemented correctly they can prevent 80% of common cyber attacks.
IT Governance offers a range of solutions to help you understand and implement the framework. We’re one of the founding Cyber Essentials certification bodies and remain one of the largest in the UK.
We also offer a free guide that provides more detail on Cyber Essentials and the way it helps organisations.
Cyber Essentials: A guide to the scheme is a perfect introduction to framework, explaining the five controls and the ways they work to keep organisations safe.
The guide also explains how to obtain certification and the things you should know before getting started.
The post How to Prevent Malware Attacks: 8 Tips for 2023 appeared first on IT Governance UK Blog.