WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
IT security pros often use common terms without defining what they mean. That may leave users wondering about basic questions such as what is malware? or what is the difference between malware and a virus? Is crimeware the same as malware? And what exactly is ransomware? Here we answer all that and more.
- Bots and botnets
- Browser hijacker
- Malicious mobile app
- RAM scraper
- Rogue security software
What is malware?
To begin, "malware" is short for "malicious software." Basically, malware is any software that you don't want to have on your computer or mobile device. Obviously, this is a broad category that includes many different types of malware. Examples of malware include viruses, worms, Trojans, adware and ransomware.
The sections below offers malware definitions for some of the most common types of malware.
Adware is a type of malware that downloads or displays advertisements to the device user. Usually, it doesn't steal any data from the system; it is more of an irritant in that it forces users to see ads that they would rather not have on their system. Some particularly irritating forms of adware generate browser pop-ups that cannot be closed. Users sometimes unknowingly infect themselves with adware that is installed by default when they download and install other applications.
How to defend against adware
Install an anti-malware solution that includes anti-adware capabilities. Disable pop-ups on your browsers, and pay attention to the installation process when installing new software, making sure to un-select any boxes that will install additional software by default.
A backdoor is a secret way to get into your device or network. Often, device or software manufacturers create backdoors into their products either intentionally so that company personnel or law enforcement will have a way to break into the system or unintentionally through sloppy coding practices. Backdoors can also be installed by other types of malware, such as viruses or rootkits.
How to defend against a backdoor
Backdoors are among the hardest types of threats to defend against. Experts say the best defense is a multi-pronged security strategy that includes a firewall, anti-malware software, network monitoring, intrusion prevention and detection, and data protection.
In general terms, a bot is software that performs an automated task, and many bots can be helpful. For example, bots crawl the Internet and index pages for search engines and chatbots sometimes answer customer service questions on corporate websites.
However, when discussing IT security, the word bot usually refers to a device that has been infected with malicious software that causes it to do something harmful, usually without the owner's knowledge or permission. A botnet is a large group of these bots all focused on the same task. Attackers often use botnets to send out spam or phishing campaigns or to carry out distributed denial of service (DDoS) attacks against websites. Recently, attackers have begun incorporating Internet of Things (IoT) devices into their botnet attacks.
How to defend against a botnet
Organizations can help prevent their computers from becoming part of a botnet by installing anti-malware software, using firewalls, keeping software up-to-date and forcing users to use strong passwords. In addition, network monitoring software can be helpful in determining when a system has become part of a botnet. Also, you should always change the default passwords for any IoT devices you install.
A browser hijacker, also sometimes called "hijackware," changes the behavior of your Web browser, for example, by sending you to a new search page, changing your home page, installing unwanted toolbars, directing you to sites you did not intend to visit and displaying unwanted ads. Attackers often make money from this type of malware through advertising fees. They may also use the hijacked browser to direct you to websites that download more malware onto your system.
How to defend against a browser hijacker
Be very careful when installing new software on your system, because many browser hijackers piggyback alongside wanted software, much like adware does. Also, install and run anti-malware software on your system, and set your browser's security settings to a high level.
Bug is a very generic term for a flaw in a piece of code. All software has bugs, and most are unnoticed or are only mildly irritating. Sometimes, however, a bug represents a serious security vulnerability, and using software with this type of bug can open your system up to attacks.
How to defend against bugs
The best way to prevent an attack that exploits a security vulnerability in your software is to keep all your software up-to-date. When they know about a vulnerability, software vendors usually release a patch very quickly in order to prevent damage to customers' systems.
Organizations that want to prevent security bugs in the software that they are writing should follow secure coding practices and patch any bugs as soon as possible. They may also want to offer bounties to researchers who find security flaws in their products.
Some vendors use the term "crimeware" to refer to malware that is used to commit a crime, usually a crime that results in financial gain for the attacker. Much like malware, it is a very broad category that encompasses a wide variety of malicious software.
How to defend against crimeware
To protect your systems from crimeware, you should follow security best practices, including using anti-malware, firewalls, intrusion prevention and detection, network and log monitoring, data protection and possibly security information and event management (SIEM) and security intelligence tools. You should also use strong passwords, never reuse passwords and update your passwords regularly.
A keylogger records all of the keys that a user touches, including emails and documents typed and passwords entered for authentication purposes. Usually, attackers use this type of malware to obtain passwords so that they can break into networks or user accounts. However, employers also sometimes use keyloggers to determine if their employees are engaged in any criminal or unethical behavior on company systems.
How to defend against a keylogger
Good password hygiene is one of the best ways to prevent or mitigate the damage caused by a keylogger. Using strong passwords that you update regularly can go a long way towards keeping you safe. In addition, you should also use a network firewall and an anti-malware solution.
Not all of the apps available through Apple's App Store and Google Play are desirable, and the problem is even more acute with third-party app stores. While the app store operators try to prevent malicious apps from becoming available, some inevitably slip through. These apps can steal user information, attempt to extort money from users, attempt to gain access to corporate networks accessed with the device, force users to view unwanted ads or engage in other types of unwanted activity.
How to defend against malicious mobile apps
User education is one of the most powerful tools for preventing malicious mobile apps because users can avoid much of this malware simply by avoiding third-party app stores and being careful when downloading new apps onto their mobile devices. Mobile anti-malware can also help prevent the problem.
Organizations can prevent malicious apps from threatening their networks by creating strong mobile security policies and by deploying a mobile security solution that can enforce those policies.
Phishing is a type of email attack that attempts to trick users into divulging passwords, downloading an attachment or visiting a website that installs malware on their systems. Spear phishing is a phishing campaign targeted at a very specific user or organization.
How to defend against phishing
Because phishing relies on social engineering (the security term for tricking someone into doing something), user education is one of the best defenses against these attacks. Users should deploy anti-spam and anti-malware solutions, and they should be warned not to divulge personal information or passwords in email messages. In addition, they should be cautioned about downloading attachments or clicking website links in messages, even if they appear to come from a known source, because phishing attackers often pretend to be a company or person known to the victim. Email is also usually how ransomware works.
RAM scraper malware harvests data that is being temporarily stored in a system's memory, or RAM. This type of malware often targets point-of-sale (POS) systems like cash registers because they store unencrypted credit card numbers for a very brief (often only milliseconds) period of time before passing the encrypted numbers to back-end systems. RAM scrapers have been around a long time, but they have been getting more attention since the Target attack that compromised the data of 40 million customers.
How to defend against RAM scrapers
Organizations can help prevent RAM scraper attacks by using hardened POS systems that are difficult to attack. They should also keep their payment-related systems separate from non-payment systems. And of course, they should also take the usual security precautions, such as anti-malware software, firewalls, data encryption, etc., and comply with any relevant standards or regulations for protecting customer data.
In recent years, ransomware has quickly become one of the most prevalent types of malware. In fact, Malwarebytes reports that incidents of ransomware increased 267 percent between January 2016 and November 2016. The most common malware variants lock up a system, preventing any work from being done until the victim pays a ransom to the attacker. Other forms of ransomware threaten to publicize embarrassing information, such as a user's activity on adult websites, unless he or she pays a ransom.
How to defend against ransomware
Often organizations can mitigate ransomware attacks by having up-to-date backups. If their files become locked, they can simply wipe the system and reboot from the backup. In addition, organizations should train users about the threat, patch their software as necessary and install all the usual security solutions. However, some types of ransomware have proven so difficult to remove that many organizations and individuals have resorted to paying the ransom.
For more on ransomware, see How to Stop Ransomware.
Rogue security software is often described as a form of ransomware or scareware. It tricks users into thinking that their system has a security problem and entices them to pay for a fake security tool to remove the problem. In actuality, the fake security software often installs more malware onto their systems.
How to defend against rogue security software
As with most other forms of malware, you can prevent most rogue security software from being installed on your system by using a firewall and anti-malware solution and by being careful when clicking on links or attachments in email messages. Also, organizations should educate users about the threat as rogue security software attackers have become particularly good at social engineering.
Rootkits are one of the most insidious kinds of malware because they allow attackers to have administrator-level access to systems without the users' knowledge. Once an attacker has root access to a system, he or she can do almost anything they want with the system, including recording activity, changing system settings, accessing data and mounting attacks on other systems. The well-known Stuxnet and Flame attacks were both examples of rootkits.
How to defend against a rootkit
You can prevent most rootkit infections by installing appropriate security software (anti-malware, firewall, log monitoring, etc.) and by keeping your operating system and other software up-to-date with patches. In addition, you should be careful when installing any software on your system and when clicking email attachments or links. If a rootkit infects your system, it can be nearly impossible to detect and remove; in many cases you may have to wipe your hard drive and start over from scratch to get rid of it.
In IT security, spam is unwanted email. Usually, it includes unsolicited advertisements, but it can also include attempts at fraud or links or attachments that would install malware on your system.
How to defend against spam
Most email solutions or services include anti-spam features. Using these capabilities is the best way to prevent spam from showing up on your systems.
Spyware is any type of software that gathers information about someone without their knowledge or consent. For example, website tracking cookies that monitor a user's Web browsing can be considered a form of spyware. Other types of spyware might attempt to steal personal or corporate information. Sometimes government agencies and police forces use spyware to investigate suspects or foreign governments.
How to defend against spyware
You can install anti-spyware software on your computer, and anti-spyware capabilities are included in many anti-virus or anti-malware packages. You should also use a firewall and take care when installing software on your system.
In ancient Greek mythology, Greek troops hid themselves inside a wooden horse outside the city of Troy. When the Trojans brought the horse inside their walls, the Greeks attacked and defeated them. In computer security, a Trojan horse, sometimes called a Trojan, is any malware that pretends to be something else but really serves a malicious purpose. For example, a Trojan might appear to be a free game, but once it is installed it might destroy your hard drive, steal data, install a backdoor or take other harmful actions.
How to defend against a Trojan horse
Because Trojans incorporate social engineering, it is imperative to educate users about the threat. Users should also be careful when installing new software on their systems or when clicking email links and attachments. In addition, organizations can prevent many Trojans with security software, such as anti-malware software and firewalls.
Sometimes people use the words "virus" and "malware" interchangeably, but a virus is actually a very specific kind of malware. In order to be considered a virus, the malware must infect another program and attempt to spread itself to other systems. The virus also usually (but not always) performs some sort of undesirable activity on the systems it infects, such as incorporating systems into a botnet, sending spam, stealing credit card information or passwords, or locking the system.
How to defend against a virus
Every Internet-connected system should have anti-virus software installed, and users should keep the anti-virus protection up-to-date. You should also deploy a firewall and use care when clicking on email attachments or Web links.
A worm is very similar to a virus because it spreads itself, but unlike a virus, it doesn't infect other programs. Instead, it is a standalone piece of malware that spreads from one system to another or from one network to another. It can cause similar types of damage to the infected system as viruses do.
How to defend against a worm
As with viruses, the best way to prevent worm infections is with the use of anti-virus or anti-malware software. And as always, users should only click on email links or attachments when they are certain of the contents.