Malware, short for malicious software, is any firmware or software that’s designed to infect or steal information from one or multiple computer systems.
Malware enables a malicious actor to inflict serious damage on a user’s or organization’s information systems, and can be one of the most detrimental cyberattacks when successfully orchestrated.
Common types of malware
There are a number of email security best practices that can help keep your organization safe from email threats. While technology plays an important role in defense, people are also critically important to email security and can be the last line of defense when a business is attacked.
Ransomware: Malware that prevents organizations and users from accessing data or systems in exchange for a ransom. The financial costs of ransomware go far beyond paying the ransom. Victims face financial and reputational harm resulting from downtime, data loss, compliance issues, customer churn, and in some cases legal consequences.
Polymorphic malware: Malware that constantly changes its code to evade detection but maintains its essential function. To evade detection, polymorphic malware may execute only when it reaches a target environment, or it may continually morph after each victim.
Spyware: Malware that installs itself on a computer before secretly monitoring user activity. It collects information and relays it to other parties, including malicious actors and advertisers.
Trojans: Malware that appears to be safe and legitimate but performs malicious functions. Once an infected email attachment or file is downloaded, the malicious code executes and performs its intended function, which may include creating a backdoor for hackers, stealing sensitive data, monitoring user activity, or more.
Keyloggers: Spyware that records every keystroke made on a computer to capture account credentials and sensitive information like credit card numbers and PIN codes.
Common malware delivery methods
- Phishing emails
- Spear-phishing emails
- Compromised accounts
- Server vulnerabilities
- Remote desk protocol (RDP) brute force attacks
While there are numerous high-profile examples of malware, two examples that made headlines in recent years include Emotet and WannaCry. Emotet arrived on the scene in 2014 as a banking Trojan before becoming one of the world’s most feared botnets. The malware spreads via malicious email links or attachments and then leverages compromised accounts to proliferate across networks. WannaCry, an example of crypto ransomware, first launched as a worldwide cyberattack in May 2017. The ransomware targeted computers using Microsoft Windows operating systems, spread across computers and networks, encrypted data, and demanded payment in Bitcoin for ransom.
Protecting yourself from malware
Just as many variants of malware exist, so do your defenses against them. To prevent malware attacks, you should consider adopting a comprehensive approach to cybersecurity. That means practicing good cyber hygiene, as well as adopting solutions that strengthen your cybersecurity posture. They include:
- Anti-virus program
- Anti-malware solution
- Anti-phishing solution
- Anti-spear-phishing solution
- User awareness training