Software developed to cause harm to a system is known as malware. While a bug or flaw can cause harm, those mistakes are unintentional, usually because of errors in the design or coding of a program. There are many types of malware, and as security researchers get better at identifying and defeating old malware, the malware authors are forced to develop new malware strains and infection vectors.
The security manager should be aware of some of the characteristics of various forms of malware and know how to prevent, detect, and recover from an infection. Malware can take many shapes and forms. The following are some of the more common varieties:
- A virus typically requires a host to infect and cannot spread on its own like a worm. There have been many types of viruses developed over the years, from boot sector infectors and rootkits to file infectors to ones that spread via macro scripts in Microsoft Office tools. Many types of viruses will attempt to hide their presence or even change their structure to avoid detection.
- A worm usually spreads on its own as a self-contained program that exploits a vulnerability in an operating system or other software. Quite often a worm can spread quickly around the world, taking advantage of unpatched systems.
- A logic bomb is a patient form of malware that can exist on a system for an extended time period waiting for a certain condition to be met before it executes. Some logic bombs have been triggered by a date, others by an event. The challenge with a logic bomb is that it can be difficult to detect, and it may have also infected all the backups while awaiting a time to execute.
- A Trojan horse is a type of malware that appears to be innocent or desirable, such as a picture, movie, or game, but contains a piece of malicious code that will infect the victim’s machine when the victim downloads/executes the file.
- Keyloggers may be software tools or pieces of physical They capture all the keystrokes being entered by the victim, which may include login credentials, passwords, and other sensitive data. Keyloggers are a good example of a type of malware that can be obtained at low cost, often less than USD100. This makes them available to criminals around the world who are interested in breaking into other organizations’ systems and networks.
- Zero-day malware takes advantage of previously unidentified vulnerabilities in operational systems/devices/programs. A significant problem with malware is the short time between the identification of a vulnerability and the development of an attack to exploit that vulnerability. In a worst-case scenario, these may even be a zero-day attack, where the time between identification and the exploit is Criminals love to find and exploit opportunities for zero-day attacks, and they can be quite dangerous and effective. This makes the job of the IT operations group much more challenging in keeping up with, and deploying, patches rapidly.
- Ransomware is one of the most talked-about forms of malware in use today. Ransomware encrypts files, data, and drives, allowing the attacker to extort the victim in return for access to the keys. Most ransomware can be purchased at low cost and is easily spread through email phishing attacks and infected websites. The challenge is that ransomware can be expensive and difficult to eradicate. If the victim decides not to pay the ransom to obtain the encryption key that was used to encrypt their files (hold them for ransom), they are forced to rebuild their systems from backups—if they have them. Unfortunately, in some cases the criminal does not even provide the key once the ransom is paid, and many organizations that have been victims of ransomware are re-victimized a short time later.
Regardless of the type of malware, its creator needs to use some means to deliver it to devices to attack them. Criminals know that many people will not patch their systems in a timely manner, so they write attacks against problems that should already have been fixed. Infections frequently come from attachments in emails that the recipient opens because they believe it to be a legitimate email from a courier company (for example) notifying them to arrange for delivery of a package.
Related Product : ISO 27701 Lead Auditor Training & Certification
Some of the most prolific types of attacks are based on robotically controlled networks (botnets, for short). These botnets are composed of dozens, hundreds, or even thousands of infected machines that are controlled through a command-and-control server and can be used by the botnet owner in perpetrating various crimes, such as spam, phishing, DDoS attacks, and click fraud. Botnets are often based on installing malware onto a vulnerable machine that will accept orders from the command-and-control server; we often refer to an infected machine used in a botnet as a zombie device. These machines may be desktops, laptops, or many Internet of Things (IoT) devices, such as IP cameras or televisions. Botnets have been controlled from Internet Relay Chat (IRC) channels, HTTP bots, and social media accounts.
These botnets have accentuated the ability of amateur attackers to perpetrate larger, more influential attacks without need for personal expertise or capabilities. Some of these botnets may be leased/rented by attackers on a payment-per-attack or time basis, allowing unskilled attackers to decrease the cost per attack, increasing the frequency of attacks, and enhancing the magnitude of attacks.
Malware-type attacks do not have to be technically sophisticated—or even, in fact, malware at all—to be effective. A hoax spreads through social engineering and convinces people that their machine is infected, demanding that they quickly delete a system- critical file or open access for a person masquerading as a technician, who will then proceed to infect their device.
The security manager must take a multifaceted approach to tackling the problem of malware. This will consist of both technical and nontechnical controls that will weave a strong defense against malware-based attacks.
There are a lot of technical controls available to address the threat of malware. Some tools are targeted at a specific problem, such as spam, whereas others will attempt to address many problems through a broad set of controls that may provide both network and host-based defense.
Some malware controls will actively monitor and block suspicious traffic, while other controls will scan systems, hard drives, and networks for resident malware. The security manager should ensure that any technical tools are being implemented correctly and maintained by a skillful and knowledgeable staff who can leverage the benefits of the technology and provide effective protection against attacks.
Technical anti-malware tools often depend on signature files and indicators of known attacks to identify malware. Like firewalls and IDS/IPS solutions, many anti-malware systems can interpret abnormal behavior from a baseline or use rulesets and heuristics to detect attacks.
Configuration management tools should also be utilized to check that every live system in the environment has the current version of all security software, including anti- malware programs.
Beyond the technical tools that the security manager can use, the human factor must also be considered. The administrators who look after the anti-malware system need to be trained, but so does everyone else. There is no better control for malware than security awareness training. Each person must be on the lookout for malware and not become a victim. Teaching people how to detect and prevent social engineering attempts that are often used to deliver malware is an extremely valuable control. Attack detection and avoidance should always be a topic included in regular security awareness and training sessions.
Follow Us
https://www.facebook.com/INF0SAVVY
https://www.linkedin.com/company/14639279/admin/
