Malware, short for malicious software, is any firmware or software that’s designed to infect or steal information from one or multiple computer systems.
Malware enables a malicious actor to inflict serious damage on a user’s or organization’s information systems, and can be one of the most detrimental cyberattacks when successfully orchestrated.
Common types of malware
Ransomware: Malware that prevents organizations and users from accessing data or systems in exchange for a ransom. The financial costs of ransomware go far beyond paying the ransom. Victims face financial and reputational harm resulting from downtime, data loss, compliance issues, customer churn, and in some cases legal consequences.
Polymorphic malware: Malware that constantly changes its code to evade detection but maintains its essential function. To evade detection, polymorphic malware may execute only when it reaches a target environment, or it may continually morph after each victim.
Spyware: Malware that installs itself on a computer before secretly monitoring user activity. It collects information and relays it to other parties, including malicious actors and advertisers.
Trojans: Malware that appears to be safe and legitimate but performs malicious functions. Once an infected email attachment or file is downloaded, the malicious code executes and performs its intended function, which may include creating a backdoor for hackers, stealing sensitive data, monitoring user activity, or more.
Keyloggers: Spyware that records every keystroke made on a computer to capture account credentials and sensitive information like credit card numbers and PIN codes.
- Adware: Unwanted software that generates advertisement pop-up windows. While adware can serve legitimate purposes, it can also pose threats to cybersecurity, such as creating a backdoor for malicious programs.
Common malware delivery methods
- Phishing emails
- Spear-phishing emails
- Compromised accounts
- Server vulnerabilities
- Remote desk protocol (RDP) brute force attacks
While there are numerous high-profile examples of malware, two examples that made headlines in recent years include Emotet and WannaCry. Emotet arrived on the scene in 2014 as a banking Trojan before becoming one of the world’s most feared botnets. The malware spreads via malicious email links or attachments and then leverages compromised accounts to proliferate across networks. WannaCry, an example of crypto ransomware, first launched as a worldwide cyberattack in May 2017. The ransomware targeted computers using Microsoft Windows operating systems, spread across computers and networks, encrypted data, and demanded payment in Bitcoin for ransom.
Protecting yourself from malware
Just as many variants of malware exist, so do your defenses against them. To prevent malware attacks, you should consider adopting a comprehensive approach to cybersecurity. That means practicing good cyber hygiene, as well as adopting solutions that strengthen your cybersecurity posture. They include:
- Anti-virus program
- Anti-malware solution
- Anti-phishing solution
- Anti-spear-phishing solution
- User awareness training