Types of Malware
Malware? Viruses? What’s the difference?
Today we often hear the terms malware and virus thrown around interchangeably. Cybersecurity companies like Kaspersky and Norton are marketing their consumer products as “antiviruses”, while recent “ransomware attacks” and “malware data leaks” are dominating global headlines. Contrary to popular usage, these two terms are different, and we need to separate them before going deeper into different types of malware threats.
Malware is the umbrella term – it is a contraction for malicious software and describes any piece of code that is designed with some malicious intent. Malware can be designed to do things like stealing sensitive data to encrypting a victim’s computer.
Viruses are a subset of malware. They are characterized by the intent of the program: to spread and replicate itself as much as possible.
In addition to viruses, there are many other type of malware. First, let’s discuss the most prevalent in these types of malware in recent times – ransomware.
Ransomware is a type of malware that encrypts files on a victim’s computer. The attacker would demand a ransom payment to be made for the release of the decryption key.
This type of cyberattack has seen a rise in popularity recently because it is difficult to trace and immediately profitable for cyberattackers.
When businesses or governments without proper backup measures are hit by ransomware, the resulting hit to productivity is often devastating. Entire organizations have been forced to continue daily tasks with pen-and-paper due to system files being inaccessible.
Victims of ransomware have no guarantee that the encrypted data can be recovered. Often, the cyberattackers themselves do not have the encryption key, meaning that
However, the victim, faced with no other choice, must take the gamble on paying the ransom even without guaranteed safe return.
Ransomware is often accompanied by data theft, even in the cases that the attackers do not specifically state it.
Phishing and spear phishing
Phishing is a type of social engineering that involves sending emails pretending to be a reputable sender and tricking victims into downloading malicious files or sharing personal information.
Typically phishing campaigns rely on high volumes of sent emails – if 10 000 emails are sent out it would only take 0.1% of the scam to work for 10 people to be infected. Spearphishing takes a different approach – small volume, but with high-stakes targets. Spearphishing attempts to fool high profile targets using highly tailored fraudulent emails.
Cryptomining is using computer processing power to generate cryptocurrencies such as bitcoin and ethereum.
Cryptojacking is a type of cyberattack that, after installed, remains undetected and uses the victim’s computer’s resources for cryptomining without their permission, sending the earned currency back to the cyberattacker.
The danger of cryptojacking software is that it can slow down normal computer functions because of the background processing power required for the mining, and it can also cause overheating and damage to components from overuse.
One of the biggest dangers of cryptojacking malware is the fact that it can be extremely difficult to detect by antivirus software. This is because one of its primary objectives is to remain undetected.
In a man-in-the-middle attack, a cyberattacker positions herself in-between a victim and a second party, posing as the second party to trick the victim into giving information or downloading malware. Because the victim is already expecting communication from the second party, it becomes easier for a cyberattacker to fool them through phishing.
Zero day exploits
Computer software is often released with bugs and vulnerabilities that were not discovered during their testing phases. Only after cybersecurity companies audit software or a cyberattacker exploits one are they discovered and promptly patched. However, an attack that occurs during this period of vulnerability is known as a zero-day attack. The danger of this is that it is almost impossible to predict and prevent because the exploits themselves have not yet been discovered.
Therefore, to counter these attacks it is essential that restorative protocols are efficient.