Different types of malware have the following unique traits and characteristics:

1.   Adware

Adware — commonly called “spam” — is unwanted or malicious advertising installed on an endpoint. While relatively harmless, it can be irritating, as adware can hamper your computer’s performance. In addition, these ads may lead users to download more harmful types of malware inadvertently through clicking on links in the malicious ads. To defend against adware, make sure you keep your operating system, web browser, and email client updated so they can block known adware attacks before they are able to download and install.

2. Fileless Malware

Unlike traditional malware, which uses executable files to infect devices, fileless malware doesn’t directly impact files or the file system. Instead, this type of malware uses non-file objects like Microsoft Office macros, PowerShell, WMI, and other system tools. And this type is on the rise. According to recent research, there was a 1,400% increase in fileless malware attacks in 2023 over the previous year.

Because there’s no executable file, it is difficult for antivirus software to protect against fileless malware. The best way to limit what fileless malware can do is to limit users’ credentials. Employing multi-factor Authentication (MFA) on all devices and utilizing the principle of zero trust— where every user is held to the same scrutiny when trying to access a system, program, or asset — are two other strong ways to limit the possible attack surface.

3. Viruses

A virus infects other programs and can spread to other systems, in addition to performing its own malicious acts. A virus is attached to a file and is executed once the file is launched. The virus will then encrypt, corrupt, delete, or move your data and files.

Viruses will often be attached to phishing emails and lead to larger attacks like business email compromise (BEC).

An enterprise-level antivirus solution can help you protect all your devices from viruses from a single location while maintaining central control and visibility. Make sure that you run full scans frequently and keep your antivirus definitions up to date. In addition, utilizing security awareness training can help users identify malicious-looking files, especially if they arrive through phishing emails.

A Brief History of  the Computer Virus The idea of self-replicating computer viruses was first posited by computer scientist John von Neumann in 1966. It would take only five years for the prediction to come true. Dubbed “Creeper”, the world’s first computer virus was developed by Bob Thomas. It was designed to, well, creep along the ARPANET, an early form of computer network that was one of the foundational technologies that would give rise to the Internet. “Creeper” was benign, something it doesn’t have in common with its malicious offspring.

4. Worms

Like a virus, a worm can duplicate itself in other devices or systems. Unlike viruses, worms do not need human action to spread once they are in a network or system. Worms often attack a computer’s memory or hard drive. Vulnerability management is the key to protecting yourself against worms, so a priority should be ensuring that every device is updated with the latest available patches. Technology like firewalls and email filtering can also help you detect files or links that may contain a worm.

5. Trojans

A Trojan program — like its namesake horse found in Greek mythology — pretends to be innocuous, but it is in fact malicious. A Trojan can’t spread by itself like a virus or worm, but instead must be executed by its victim, often through social engineering tactics such as phishing. Trojans rely on social engineering to spread, which puts the burden of

defense on users. Unfortunately, in 2023, 74% of all breaches involved the human element, making Trojans especially dangerous to organizations.

The King of Malware? Emotet — a Trojan spread primarily through phishing — first appeared in 2014. Since then, it has surged in and out of prominence multiple times, thanks to its modular structure and ability to serve as a delivery program for other forms of malware. According to CISA, “Emotet is difficult to combat because of its ‘worm-like’ features that enable network-wide infections.” This is likely why it’s gained a reputation in cybersecurity circles as the “king of malware.”

6. Bots

A bot is a software program that performs an automated task without requiring any interaction. Bots can execute attacks much faster than humans ever could.

A computer with a bot infection can spread the bot to other devices, creating what’s known as a botnet. This network of bot-compromised machines can then be controlled and used to launch massive attacks — such as DDoS attacks or brute force attacks — often without the device owner being aware of its role in the attack. One way to control bots is to use tools that help determine if traffic is coming from a human user or a bot.

For example, you can add CAPTCHAs to your forms to prevent bots from overwhelming your site with requests. This can help you identify and separate good traffic from bad. Site traffic should always be monitored, and organizations should make sure they’re using updated browsers and user agents.

7. Ransomware

Arguably the most common form of malware, ransomware attacks encrypt a device’s data and hold it for ransom. If the ransom isn’t paid by a certain deadline, the threat actor threatens to permanently delete the data or — in double extortion models — release the valuable data on the dark web.

Ransomware gangs, as well as individual actors, are continuing to see the payoff in attacking high-value targets like supply chains and critical infrastructure. The ransomware-as-a-service (RaaS) model is becoming a preferred method for threat actors, with many cybercriminals relying on specialized services and offerings to conduct intrusions, and we expect those offerings to expand and evolve in 2024 to bypass security controls.

8.   Spyware

Cybercriminals use spyware to monitor the activities of users. Spyware often leads to credential theft, which in turn can lead to a devastating data breach. It often originates in corrupt files, or through downloading suspicious files.

Spyware is an umbrella category under which many of the other types of malware we’ve discussed can be collected — adware, rootkits, keyloggers and trojan horses are all kinds of spyware — however there are additional forms of spyware that allow threat actors to track your cookies and monitor your internet activity, monitor system usage or steal targeted info like conversations in messaging apps.

Spyware is often employed in the early stages of a breach — often called the “reconnaissance” or “investigation” stage — where the threat actor is exploring the system, looking for ways to increase access without being detected. While spyware can be inserted through vulnerability exploits, social engineering tactics are often used to launch spyware without a user even realizing it’s happened.

Identity access management (IAM) techniques, like MFA, can prevent the reconnaissance and data theft that often happens with spyware.

9. Mobile Malware

As the name suggests, mobile malware is designed to specifically target mobile devices. This kind of malware has become more common, not just with the proliferation of smart

phones, but with the increase of mobile and tablet use by organizations and employees as remote work models expand.

Mobile malware can employ several tactics, including spying on and recording texts and phone calls on your mobile devices (another form of spyware), impersonating common apps, stealing credentials, or accessing data on the device. Mobile malware often spreads through smishing, also known as SMS phishing, which is a form of phishing that comes through text messages.

Other forms of mobile malware include remote access tools and bank Trojans. As phones become a more valuable tool in the workplace, they become a larger target for threat actors.

10.   Rootkits

Rootkits were not originally designed as malware, but they have become a common attack vector for threat actors. A rootkit allows a user to maintain privileged access within a system without being detected. In short, rootkits give a user administrative-level access while concealing that access, allowing them to take over a given device. Rootkits are often the first stage in a breach, and after employing one, a threat actor can install more malware, launch a DDoS attack, or take other escalation actions. Rootkits can also install and hide keyloggers.

Rootkits are often installed through vulnerability exploits, highlighting the need for a robust vulnerability management program. Like all malware, they can also take hold through social engineering tactics, which reinforces the need for robust security awareness training.

11.   Keyloggers

Keyloggers are a common kind of spyware that monitors and records users’ keystrokes. Once this type of malware is installed onto an endpoint, hackers can monitor and record every single keystroke a user makes, giving them full access to a user’s movements in a

system and online, as well as giving them access to any and all credentials that may be entered into a system through typing.

While there are legitimate uses for keylogging software — parents wishing to monitor their children’s activity online or organizations wishing to monitor their employees — malicious keyloggers are used to gain information and steal credentials. This can allow users to access bank accounts, steal identities, or gain access to other systems and environments.

Once again, the solution to staying safe from keyloggers lies in effective security awareness training that educates users into the techniques and tactics threat actors use and shows them how to spot a social engineering attack.

12. Wiper Malware

Wiper malware stands apart from its malicious brethren, in that it’s not interested in observation or exfiltration — only deletion. Since it’s a tool of disruption and destruction, it’s most employed by either nation-state attackers looking to interrupt supply chains and military operations, or by so-called “hacktivists” seeking to right perceived wrongs through the interruption of an organization’s ability to conduct business.

Hermeti Wiper, identified in February of 2022, impacted Ukrainian organizations in the aviation, defense, financial, and IT services industries. Upon execution, the wiper malware gained read access control to any file. If allowed to continue, HeremeticWiper soon progressed to allowing the malware to load and unload device drivers and shut down a system entirely. Its arrival on the cybersecurity landscape heralded the dawn of a new class of destructive cyber attacks fueled by nation-states or experienced threat actors sympathetic to political causes and willing to sow destruction to achieve their ends.

13. Cryptojacking

Like wiper malware, cryptojacking separates itself from other forms of malware due to its goal: using an infected endpoint’s computing power to mine cryptocurrency like bitcoin.

Cryptojacking, a form of botnet, can live unnoticed in a system for a long time, as the goal is to mine as much cryptocurrency as possible from as many endpoints as a threat actor can infect.