Meritshot Tutorials

  1. Home
  2. »
  3. Malware Threats in Cyber Security

Cyber Security Tutorial

Malware Threats

Malware is any malicious code, software, or script deployed by a threat actor to wreak havoc on an organization or individual. Malware is usually found attached to emails, embedded in fraudulent links, hidden in ads, or lying in wait on various sites that you (or your employees) might visit. The end goal of malware is to harm or exploit computers and networks, often to steal data or money.

All it takes is one wrong click by one employee for the malware to install itself and begin to execute its program. The rate of malware attacks continues to increase, the costs associated continue to climb, and the threat vectors and attack types continue to grow in variety and complexity. For example,ransomware-as-a-service has opened new malware attack avenues to cybercriminals who lack the technical expertise of seasoned professionals. Not to mention, more organizations are utilizing IoT devices and increasing digitization, which means supply chain attacks are bound to increase.

What does malware do?

Malware can infect networks and devices and is designed to harm those devices, networks and their users in some way. Depending on the type of malware and its goal, this harm might present itself differently to the user or endpoint. In some cases, the effect of malware is relatively mild and benign, and in others, it can be disastrous.

Malware can typically perform the following harmful actions:

  • Data exfiltration. Data exfiltration is a common objective of During data exfiltration, once a system is infected with malware, threat actors can steal sensitive information stored on the system, such as emails, passwords,

intellectual property, financial information and login credentials. Data exfiltration can result in monetary or reputational damage to individuals and organizations.

  • Service disruption. Malware can disrupt services in several ways. For example, it can lock up computers and make them unusable or hold them hostage for financial gain by performing a ransomware attack. Malware can also target critical infrastructure, such as power grids, healthcare facilities or transportation systems to cause service disruptions.
  • Data espionage. A type of malware known as spyware performs data espionage by spying on users. Typically, hackers use keyloggers to record keystrokes, access web cameras and microphones and capture screenshots.
  • Identity theft. Malware can be used to steal personal data which can be used to impersonate victims, commit fraud or gain access to additional resources. According to the IBM X-Force Threat Intelligence Index 2024, there was a 71% rise in cyberattacks using stolen identities in 2023 compared to the previous year.
  • Stealing resources. Malware can use stolen system resources to send spam emails, operate botnets and run crypto mining software, also known as
  • System damage. Certain types of malware, such as computer worms, can damage devices by corrupting the system files, deleting data or changing system settings. This damage can lead to an unstable or unusable system.

No matter the method, all types of malware are designed to exploit devices at the user’s expense and to benefit the hacker — the person who has designed or deployed the malware.

Types of malware

Different types of malware have the following unique traits and characteristics:

1.   Adware

Adware — commonly called “spam” — is unwanted or malicious advertising installed on an endpoint. While relatively harmless, it can be irritating, as adware can hamper your computer’s performance. In addition, these ads may lead users to download more harmful types of malware inadvertently through clicking on links in the malicious ads. To defend against adware, make sure you keep your operating system, web browser, and email client updated so they can block known adware attacks before they are able to download and install.

2. Fileless Malware

Unlike traditional malware, which uses executable files to infect devices, fileless malware doesn’t directly impact files or the file system. Instead, this type of malware uses non-file objects like Microsoft Office macros, PowerShell, WMI, and other system tools. And this type is on the rise. According to recent research, there was a 1,400% increase in fileless malware attacks in 2023 over the previous year.

Because there’s no executable file, it is difficult for antivirus software to protect against fileless malware. The best way to limit what fileless malware can do is to limit users’ credentials. Employing multi-factor Authentication (MFA) on all devices and utilizing the principle of zero trust— where every user is held to the same scrutiny when trying to access a system, program, or asset — are two other strong ways to limit the possible attack surface.

3. Viruses

A virus infects other programs and can spread to other systems, in addition to performing its own malicious acts. A virus is attached to a file and is executed once the file is launched. The virus will then encrypt, corrupt, delete, or move your data and files.

Viruses will often be attached to phishing emails and lead to larger attacks like business email compromise (BEC).

An enterprise-level antivirus solution can help you protect all your devices from viruses from a single location while maintaining central control and visibility. Make sure that you run full scans frequently and keep your antivirus definitions up to date. In addition, utilizing security awareness training can help users identify malicious-looking files, especially if they arrive through phishing emails.

A Brief History of  the Computer Virus The idea of self-replicating computer viruses was first posited by computer scientist John von Neumann in 1966. It would take only five years for the prediction to come true. Dubbed “Creeper”, the world’s first computer virus was developed by Bob Thomas. It was designed to, well, creep along the ARPANET, an early form of computer network that was one of the foundational technologies that would give rise to the Internet. “Creeper” was benign, something it doesn’t have in common with its malicious offspring.

4. Worms

Like a virus, a worm can duplicate itself in other devices or systems. Unlike viruses, worms do not need human action to spread once they are in a network or system. Worms often attack a computer’s memory or hard drive. Vulnerability management is the key to protecting yourself against worms, so a priority should be ensuring that every device is updated with the latest available patches. Technology like firewalls and email filtering can also help you detect files or links that may contain a worm.

5. Trojans

A Trojan program — like its namesake horse found in Greek mythology — pretends to be innocuous, but it is in fact malicious. A Trojan can’t spread by itself like a virus or worm, but instead must be executed by its victim, often through social engineering tactics such as phishing. Trojans rely on social engineering to spread, which puts the burden of

defense on users. Unfortunately, in 2023, 74% of all breaches involved the human element, making Trojans especially dangerous to organizations.

The King of Malware? Emotet — a Trojan spread primarily through phishing — first appeared in 2014. Since then, it has surged in and out of prominence multiple times, thanks to its modular structure and ability to serve as a delivery program for other forms of malware. According to CISA, “Emotet is difficult to combat because of its ‘worm-like’ features that enable network-wide infections.” This is likely why it’s gained a reputation in cybersecurity circles as the “king of malware.”

6. Bots

A bot is a software program that performs an automated task without requiring any interaction. Bots can execute attacks much faster than humans ever could.

A computer with a bot infection can spread the bot to other devices, creating what’s known as a botnet. This network of bot-compromised machines can then be controlled and used to launch massive attacks — such as DDoS attacks or brute force attacks — often without the device owner being aware of its role in the attack. One way to control bots is to use tools that help determine if traffic is coming from a human user or a bot.

For example, you can add CAPTCHAs to your forms to prevent bots from overwhelming your site with requests. This can help you identify and separate good traffic from bad. Site traffic should always be monitored, and organizations should make sure they’re using updated browsers and user agents.

7. Ransomware

Arguably the most common form of malware, ransomware attacks encrypt a device’s data and hold it for ransom. If the ransom isn’t paid by a certain deadline, the threat actor threatens to permanently delete the data or — in double extortion models — release the valuable data on the dark web.

Ransomware gangs, as well as individual actors, are continuing to see the payoff in attacking high-value targets like supply chains and critical infrastructure. The ransomware-as-a-service (RaaS) model is becoming a preferred method for threat actors, with many cybercriminals relying on specialized services and offerings to conduct intrusions, and we expect those offerings to expand and evolve in 2024 to bypass security controls.

8.   Spyware

Cybercriminals use spyware to monitor the activities of users. Spyware often leads to credential theft, which in turn can lead to a devastating data breach. It often originates in corrupt files, or through downloading suspicious files.

Spyware is an umbrella category under which many of the other types of malware we’ve discussed can be collected — adware, rootkits, keyloggers and trojan horses are all kinds of spyware — however there are additional forms of spyware that allow threat actors to track your cookies and monitor your internet activity, monitor system usage or steal targeted info like conversations in messaging apps.

Spyware is often employed in the early stages of a breach — often called the “reconnaissance” or “investigation” stage — where the threat actor is exploring the system, looking for ways to increase access without being detected. While spyware can be inserted through vulnerability exploits, social engineering tactics are often used to launch spyware without a user even realizing it’s happened.

Identity access management (IAM) techniques, like MFA, can prevent the reconnaissance and data theft that often happens with spyware.

9. Mobile Malware

As the name suggests, mobile malware is designed to specifically target mobile devices. This kind of malware has become more common, not just with the proliferation of smart

phones, but with the increase of mobile and tablet use by organizations and employees as remote work models expand.

Mobile malware can employ several tactics, including spying on and recording texts and phone calls on your mobile devices (another form of spyware), impersonating common apps, stealing credentials, or accessing data on the device. Mobile malware often spreads through smishing, also known as SMS phishing, which is a form of phishing that comes through text messages.

Other forms of mobile malware include remote access tools and bank Trojans. As phones become a more valuable tool in the workplace, they become a larger target for threat actors.

10.   Rootkits

Rootkits were not originally designed as malware, but they have become a common attack vector for threat actors. A rootkit allows a user to maintain privileged access within a system without being detected. In short, rootkits give a user administrative-level access while concealing that access, allowing them to take over a given device. Rootkits are often the first stage in a breach, and after employing one, a threat actor can install more malware, launch a DDoS attack, or take other escalation actions. Rootkits can also install and hide keyloggers.

Rootkits are often installed through vulnerability exploits, highlighting the need for a robust vulnerability management program. Like all malware, they can also take hold through social engineering tactics, which reinforces the need for robust security awareness training.

11.   Keyloggers

Keyloggers are a common kind of spyware that monitors and records users’ keystrokes. Once this type of malware is installed onto an endpoint, hackers can monitor and record every single keystroke a user makes, giving them full access to a user’s movements in a

system and online, as well as giving them access to any and all credentials that may be entered into a system through typing.

While there are legitimate uses for keylogging software — parents wishing to monitor their children’s activity online or organizations wishing to monitor their employees — malicious keyloggers are used to gain information and steal credentials. This can allow users to access bank accounts, steal identities, or gain access to other systems and environments.

Once again, the solution to staying safe from keyloggers lies in effective security awareness training that educates users into the techniques and tactics threat actors use and shows them how to spot a social engineering attack.

12. Wiper Malware

Wiper malware stands apart from its malicious brethren, in that it’s not interested in observation or exfiltration — only deletion. Since it’s a tool of disruption and destruction, it’s most employed by either nation-state attackers looking to interrupt supply chains and military operations, or by so-called “hacktivists” seeking to right perceived wrongs through the interruption of an organization’s ability to conduct business.

Hermeti Wiper, identified in February of 2022, impacted Ukrainian organizations in the aviation, defense, financial, and IT services industries. Upon execution, the wiper malware gained read access control to any file. If allowed to continue, HeremeticWiper soon progressed to allowing the malware to load and unload device drivers and shut down a system entirely. Its arrival on the cybersecurity landscape heralded the dawn of a new class of destructive cyber attacks fueled by nation-states or experienced threat actors sympathetic to political causes and willing to sow destruction to achieve their ends.

13. Cryptojacking

Like wiper malware, cryptojacking separates itself from other forms of malware due to its goal: using an infected endpoint’s computing power to mine cryptocurrency like bitcoin.

Cryptojacking, a form of botnet, can live unnoticed in a system for a long time, as the goal is to mine as much cryptocurrency as possible from as many endpoints as a threat actor can infect.