What Is Malware — and Why You Should Give a Sh*t
It’s Time to Face Escalating Malware Threats Like It’s 2022
What Is Malware?
Malware is malicious software designed to infect your devices and networks — sometimes for financial gain and sometimes just for the thrill of causing trouble. It can gain unauthorized access to sensitive data, prevent access to your device and network in exchange for ransom, or sell your passwords to someone else — often on the Dark Web. Its aim is to destroy (and yes, it is a portmanteau, for all you language nerds out there).
While malware has been around since the ‘80s, many of today’s threats are firmly future-facing — including extremely advanced, AI-driven malware that can evade detection and hide in code for years. This shouldn’t come as a surprise: Technology is constantly evolving, and malware is no exception.
Why You Should Give a Sh*t
2021 is being called the year of ransomware. Cyber attacks are more sophisticated, coordinated, and well-funded than ever — and they’re happening all the time. An organization is attacked by ransomware every 11 seconds — with annual damages projected at $20 billion. And that’s just ransomware, only one type of malware out of dozens. The total losses due to cybercrime in general are predicted to approach upwards of $6 trillion annually.
From government and financial institutions to small businesses, schools, and global corporations, organized cyber criminals are now ruthlessly attacking all industries — in addition to critical infrastructure like hospitals and transportation. The result? Cyber attacks are now threatening lives as well as sensitive data. According to the Wall Street Journal, a ransomware attack on a Las Vegas hospital chain “nearly brought Las Vegas hospitals to their knees” — and another at a New York trauma center stopped services and delayed care. To put it bluntly, people died from malware in 2021; it’s not just about loss of productivity and profits anymore — it’s about loss of life.
You don’t have to look far to find evidence of escalating malware threats:
Foreign attacks on the U.S. government were reported during the SolarWinds attack.
A zero-day attack in September at Microsoft allowed hackers to gain administrative control on Windows 10, 11, and Windows servers.
Ransomware at the Colonial Pipeline Company halted operations, disrupting energy consumers from Texas to New York.
Ransomware shut down meat processing plants at JBS, responsible for one-fifth of the nation’s meat supply.
Know Your Enemy: The Common Types of Malware
To understand growing threats to personal identifiable information (PII) and business operations, it helps know what you’re up against. These are the most common types of malware:
Ransomware Ransomware essentially encrypts and “kidnaps” your files and systems — demanding ransom in exchange for a decryption key.
Viruses Viruses are malicious code designed to replicate and spread between devices when a user host triggers activation, causing damage and oftentimes destroying devices.
Worms Worms are stand-alone malicious programs that can replicate and spread themselves to other devices and computers across a network.
Spyware True to its name, spyware is any malware designed to spy on you and monitor your behaviors to collect PII. Spyware can discover passwords to sensitive accounts, including your financials.
Keyloggers Keyloggers record your keystrokes in order to gain access to your accounts.
Trojan Horse A Trojan Horse is a malicious program that is downloaded onto your computer — often hidden inside an innocuous looking email (hat tip to Virgil). A common way of gaining access to your corporate devices and systems, a Trojan Horse hides by mimicking legitimate programs.
Malvertising Malvertising spreads malware with legitimate online advertising. As if in-stream video ads weren’t awful enough.
Adware Adware is software that automatically generates advertisements on your device without your consent.
Rootkits Rootkits are hidden malicious software and programs that allow administrative access to devices and systems.
How Does Your Device Get Infected With Malware?
From getting phished to downloading apps with malicious code, there are many different ways malware can infect your devices. Most of them are common mistakes people make every single day. In cybersecurity research, it’s called negligence — a fancy way of saying someone screwed up, big time.
According to a 2021 Cyber Security Trends Report from PurpleSec, 98% of all attacks are social engineering — think phishing (a bad guy pretending to be a good guy to get sensitive information from a trusting user) and spam emails. Social engineering manipulates a person to share PII, sensitive data, or offer up credentials that grant administrative access to systems and networks.
Occasionally, malware can infect your devices through vulnerabilities in the operating system or through compromised software. The most risky type of vulnerability is a zero-day threat. During zero-days, a bad actor exploits unknown vulnerabilities in applications, servers, systems, or networks. Other times, devastating attacks occur despite known vulnerabilities and available patches — because people fail to patch and update their applications and systems.