What is Malware?
Malware, also known as “malicious software,” typically refers to a malicious file or segment of code delivered to compromise, exploit, or damage a victim system or network.
Malware comes in a variety of types – each designed and created with specific characteristics of how to infiltrate and interact within a target network:
- Ransomware
- Fileless Malware
- Spyware
- Adware
- Trojans
- Worms
- Rootkits
- Keyloggers
- Mobile Malware
- Viruses
- Bots or botnets
- Malvertising
Threat actors may deploy malware to accomplish one or many of the steps within the “Cyber Kill Chain“:
- Recon
- Weaponization
- Delivery
- Exploitation
- Installation
- Command & Control
How is Malware Deployed?
Unfortunately, even the most prepared may fall victim to malware. Cyber criminals, often referred to as cyber threat actors or hackers, have become extremely proficient in developing strategies to entice unsuspecting individuals to access, download, or execute malware.
Common malware delivery methods may include:
- Phishing or Spear-Phishing
- Visiting an infected website or clicking a weaponized link (drive-by download attack)
- Introducing and using unauthorized software or applications (Shadow IT)
- Using or having unpatched, out-of-date, or unsupported systems or applications (Vulnerabilities)
What are the Repercussions?
Left unchecked, these types of malware can caused immense damage to a business’ networks, products and services.
Some of the damage has resulted in:
- Costs to restore and rebuild systems, applications, and data
- Lost revenue from disruption of services (e.g., outages, degradation, etc.)
- Lost revenue from reputational impact associated with a confirmed breach (e.g., drop in stock prices, customer’s loss of confidence, etc.)
- Fees or fines derived from settlements and compensation
- Costs associated with cyber insurance providers, leveraging external counsel, and rebranding / marketing post breach
How Can I Protect Myself From Malware?
Due to the various malware types and delivery methods, it is important to have a comprehensive security system in place to keep your systems, network and data protected.
Some of the security controls that you can take to protect from malware include:
Technical Controls
- Network Intrusion Prevention Systems (Network Security)
- Application White-listing
- Firewalls
- Deep Packet Inspection
- Unified Threat Management Systems
- Anti-virus and Anti-spam Solutions
- Virtual Private Networks (VPN)
- Content Filtering
- Multi-factor Authentication (MFA)
- Endpoint Detection and Response (EDR)
Processes and Services
- Change Management
- Vulnerability Risk Management
- Disaster Recovery
- Digital Forensics
- Incident Response
- Training, Education, and Awareness Programs
- Threat Intelligence
It’s important to understand that every organization is unique, leveraging a variety of technology, hosting various services, and storing vast amounts of data. While there’s no guarantee that any one tool, service or control can detect or protect an organization from all malware, integrating a full complement of security controls, or a defense-in-depth strategy, can assist in lessening an organization’s susceptibility to attacks.