MALWARE: WHAT IS IT AND HOW TO STAY SAFE?
Malware is a broad term that designates any type of malicious software designed to cause damage or harm to a computer, server, client or equipment network or infrastructure without the knowledge of the end user.
Cyber attackers create, use and sell malware for many different reasons, but most of the time it is used to steal personal, financial or corporate information. Although their motivations vary, cyber attackers almost always focus their tactics, techniques and procedures (TTP) on obtaining access to credentials and privileged accounts to carry out their mission.
Malware
Classification
Most types of malware can be classified into one of the
following categories:
Viruses: When
a computer virus runs, it can replicate itself by modifying other programs and
inserting its malicious code. It is the only type of malware that can
"infect" other files and is one of the most difficult types of
malware to remove.
Worm: A
worm has the ability to self-replicate without end-user intervention and can
infect entire networks quickly by moving from one computer to another.
Trojan:
Trojan malware disguises itself as a legitimate program, making it one of the
most difficult types of malware to detect. This type of malware contains malicious
code and instructions that, once executed by the victim, can operate unnoticed.
It is often used to allow other types of malware to enter the system.
Hybrid
malware: Modern malware is often a "hybrid" or a
combination of different types of malicious software. For example,
"bots" first look like Trojans, then act like worms once they are
executed. They are often used to attack individual users as part of a larger
cyber-attack across the entire network.
Adware:
Adware distributes unwanted and aggressive advertisements (for example, pop-up
ads) to the end user.
Malvertising:
Malvertising uses legitimate ads to distribute malware to end users' computers.
Spyware:
Spyware spies on the unsuspecting end user, collecting credentials and
passwords, browsing history, etc.
Ransomware: The ransomware infects computers, files and
kidnaps the required number key to decrypt it until the victim pays the ransom.
Ransomware attacks targeting businesses and government entities are on the
rise, costing organizations millions, with some paying attackers to restore
vital systems.
How
to Mitigate the Risk of Malware
Ø To
strengthen protection and malware detection without negatively impacting
business productivity, organizations typically take the following steps:
Ø Use antivirus
tools to protect against common and known malware.
Ø Use
endpoint detection and response technology to continuously monitor and respond
to malware attacks and other cyber threats on end-user computers.
Ø Follow
best practices for patching applications and operating system (OS).
Ø Apply
the principle of least privilege and Just-In-Time access to elevate account
privileges for specific authorized tasks, to keep users productive without
giving them unnecessary privileges.
Ø Remove
local administrator rights from standard user accounts to reduce the attack
surface.
Ø Apply
application gray lists to user endpoints to prevent unknown applications, such
as new instances of ransomware, from accessing the Internet and obtaining the
necessary read, write, and modify permissions to encrypt files.
Ø Apply
application whitelists on servers to maximize the security of these assets.
Ø Make
regular and automatic backups of endpoint and server data to enable efficient
disaster recovery.
Comments
Post a Comment