Malware Threats: Detecting, preventing, and recovering from a malware attack

·

8 min read

MALWARE THREATS 3.png

Malware is abbreviated from the term Malicious Software. It is a collective name used to denote a variety of potentially harmful and dangerous software. Malicious software also known as Malware are specifically designed to gain unauthorized access to targets' machines.

Any software with an ulterior motive can be considered as a Malware. The developer or attacker's intent is usually to cause damage, destroy, disable, or reduce the control of the original owner and gain control of the target system.

"Malwares are the most crucial, well-known emerging cyber threat according to recent cyber threat reports." They are classified into various types such as Viruses, Worms, Keyloggers, Spywares, Trojans, Ransomware and other malicious softwares.

Some of them are discussed briefly below:

  1. Logic Bomb: A Logic Bomb is a malicious code which has been written for the purpose of harming and damaging a computer system or network when triggered by a specific action or event.

  2. Botnet: A Botnet is a word gotten from the words robot and network. A botnet is a system of internet connected devices which have been endangered by an attacker and can be used for malicious purpose. It is a network of snatched computer devices which are later used for the purpose of performing various scams and cyberattacks. The devices that are compromised are called Zombies. A collection of these infected computers is called Botnet.

  3. Viruses: The virus is a self-replicating program; it is capable of producing copies of itself by attaching with another program of any format. Viruses can be executed as soon as they are downloaded, they may as well wait for the host to execute them as well as be in sleep for a predetermined time.

  4. Worm: This is a type of malware. Unlike viruses requiring a triggering event to perform intended tasks, Worms can replicate themselves but cannot attach themselves. They can propagate using file transport and spread across the infected network which virus is not capable of.

  5. Trojan Horse: This is a malicious program that misleads the user from its actual intentions. It provides the attacker access to personal information as well as unauthorized access to the victim's machine.

  6. Spyware: It is a malicious software designed to enter computer systems in order to gather data and information about a person or entity and send it to a third-party without the victim's knowledge or permission.

  7. Rootkit: Rootkit is a collection of malicious software created to give its developer control over a computer network or system. It gives an attacker remote access to a computer system or network.

  8. Ransomware: This is a malware program that restricts access to computer systems or system files and folders by encrypting them. Once the system is encrypted, it requires a key to decrypt it. Attacker demands a ransom payment in order to provide the decryption key to remove the restrictions.

Malware Propagation Methods

There are different methods in which malware can get into a system. System users/owners should be cautious while interacting with these methods. Some of the most popularly known and used methods for the propagation of Malware are:

Free Software: When a software is made available for free on the internet, most times it contains additional software and applications which may belong to the organization that provides such software. An attacker might use this medium to access such software to carry out their malicious intent.

File Sharing Services: File sharing services such as peer-to-peer and torrent service transfer the file from multiple computers. While transfer is going on, the file can get infected which will then pass the threats down to all the connected computers.

Email: Communication using email is widely used in many organizations nowadays. Malicious links, software, documents or files can be attached to messages and sent to victims. Clicking, opening or downloading any of these attachments will infect and give attacker access to the system.

Not using Firewalls and Anti-Virus: Most malicious software, documents, files or folders have the ability to download automatically on systems. When Security Firewalls and Anti-Virus are disabled or if peradventure, Internet security software is not available on the system or network; nothing will prevent them from downloading automatically and this will allow the developer of the malware gain easy access to the system/network.

Let’s not also forget that malware can be installed on a computer “manually” by the attackers themselves, either by gaining access to the computer physically or using the help of an insider. What do I mean by the word “insider”; An insider is anyone working within the target organization. He/she might perform the act purposely or out of ignorance.

How to Prevent a System from Malicious Attacks

There are numerous ways to prevent malware attack but the most important ones will be discussed below:

Install anti-virus and anti-spyware software: These programs scan systems/files to discover and remove malware. If perhaps after scanning, threats are discovered, be sure to remove such malware with immediate effect. Keep the anti-virus and anti-malware programs updated always. And lastly, after each scanning session make sure to audit your files for missing data, errors and unauthorized additions.

Use secure authentication method: Enable strong password with at least eight characters, which are Uppercase letter, lowercase letter, numbers and symbols in each password. Make sure to use multi-factor authentication provided the system/network (sites, applications, programs, etc.) permits. Use biometrics tools like voice and facial recognition, fingerprint and iris scan. Most importantly, never save password on a system or network.

Use administrator accounts only when totally necessary: Administrator accounts are accounts that have the ultimate access to the sensitive part of an organization. They access all system units in the network. Do not browse the web or check email using administrative account, use administrative account only to perform administrative tasks like changing configuration settings. Lastly, before installing software using this account, confirm that the software is legitimate and secure.

Keep software updated: Developers of every software often provide updates; this do happen because vulnerabilities might show up. Vulnerabilities are the weakness and loopholes in any system that can be exploited by attackers. To be on the safer side, its important to keep software updated.

Control access to systems: Install and implement firewall, intrusion detection system (IDS) and intrusion prevention system (IPS). These will protect the system/network from internet dangers. Do not insert a flash drive or any device that you are not familiar with into your system. However before installing any software, take the pain to read the terms and conditions, privacy policy and other licensing agreement.

Some other preventive measures:

  • Implementing email security and spam protection

  • Monitoring suspicious activities

  • Backing up important data and information

  • Educating your users, etc.

How to know if you’re under a malware attack

  • Popup Ads shows up everywhere

  • Browser is getting redirected

  • Device gets slower than usual

  • Unusual error messages

  • Files, devices or networks can be inaccessible

  • Increase in internet activity

  • It takes ages to power up or shut down your device, etc.

Recovery Measures

Isolate: This is the act of separating the infected computer or devices from other computers and networks. This will prevent the malware from spreading. The faster you detect a malware attack will determine the rate you combat the attacks before they spread across your devices/networks and encrypt your data. While isolating, do not assume that that’s the only infected device. This means that the malware could have spread before you detect it. So, all connected devices should be treated with suspicion.

Identify: It is of high priority to identify which malware attack you are under. Identifying the exact type of malware will help understand what the malware is capable of doing and know exactly which method to take to combat it. It also helps in reporting to the proper authorities.

Report: Reporting the malware attack to the administrative bodies of the organization and authorities will help in gaining support to counter the attack and find ways and methods to handle the risk.

Consider your options: Depending on the attack, you can choose the suitable risk management method which is either to accept the risk, avoid the risk, reduce the risk or transfer/share the risk

  1. Accept the risk — Risk acceptance is taking no action to reduce the likelihood of a risk occurring.

  2. Avoid the risk — Risk avoidance is the decision to attempt to eliminate the risk entirely.

  3. Reduce (mitigate) the risk — Risk mitigation is the most common type of risk management and includes taking actions to prevent or reduce the possibility of a risk event or its impact.

  4. Transfer or share the risk — Risk transference is the practice of passing the risk to another party, who will accept the financial impact of the harm resulting from a risk being realized in exchange for payment.

• Restore and refresh: Regardless of what you decide to do after a malware attack, you will have to rely on saved backups and program sources to revive the computer and create a new platform. Without backups, it will be difficult to start all over again from scratch so it’s very important for all users and organizations to have backups available at all times.

• Plan for prevention: The most efficient plan to prevent malware attack is to prevent it from getting into the system or computer in the first place.

Written By: Halimah Olaolohun Abdul-Azeez