What is malware & why (or how) do cybercriminals use it?

All modern businesses have sensitive data or assets that have been digitized or can be accessed digitally. Most likely your business does too, so malware prevention should be on your radar.

In this post, we're going to be covering the basics of malware risks and protections so that you can start creating a solid defense for your company.

What is malware?

First, let's break down what malware is in the first place.

Malware is short for “malicious software”. That means that any kind of software designed to target, steal from, or disrupt your business qualifies as malware. You may use this term interchangeably with a computer virus, though it should be noted that traditional viruses do not represent a significant portion of breaches anymore. This is partly because operating systems and applications have evolved to protect against the traditional modes of infection and propagation of viruses, which has necessitated that threat actors evolve, giving rise to modern malware.

Consequently, other types of malware have usurped viruses. And although malware is a single term, it encompasses a broad range of attacks. Ransomware, phishing, DNS tunneling, DDoS, and key-logging are just a handful of attacks that can fall under the umbrella of malware.

How do cybercriminals use malware?

To steal, delete, or encrypt data

Perhaps the most common type of malware attack is one that targets your company's data. That's because, in today's world, data is generally the most valuable resource that your company accrues, aside from profits.

As such, several malware attack strategies have the aim of stealing, deleting, or encrypting your data. This can be done for a few reasons:

• To bring your business down
• To target your customers broadly or a specific segment of your customers
• To seize your data and then seek a reward to release it.
• When we look at data theft, espionage is an increasingly notable use of malware.

This type of malware attack can seemingly come out of nowhere. That’s because modern companies tend to collect data on a large scale in a variety of formats for a variety of use cases, — as well as having multiple avenues for accessing that data.

One of the most significant malware attacks to date took place in July 2021, when the REvil gang succeeded in getting a malicious software update downloaded onto a software organization’s computer system resulting in file encryption. This attack was so severe that it impacted the software provider, Kaseya’s, clients the whole chain down. At least 1,500 companies were affected — one supermarket chain had to close its doors completely as the malware attack forced its processing equipment to malfunction.

To access your systems, accounts, and digital assets

Malware can also be used to maliciously access systems, accounts, and digital assets. This most often happens by penetrating your account access (i.e., acquiring a username/password combination), but several other strategies exist for accessing sensitive resources.

Attacks of this kind can also take a significant amount of time to notice. Threat actors can gain access to resources and monitor your activity, steadily move assets from your accounts to their accounts, or even gather information for a more sophisticated attack down the road — all before you know anything malicious has taken place.

Cybercriminal gang DarkSide acquired user credentials for a chemical company, Brenntag, in 2021, before using these credentials to access 150 gigabytes of company data. An eventual sum of $4.4 million was paid in ransom to DarkSide to avoid the data being published.

To cause devices or systems to become unusable

While some malware attacks target data and assets, others target devices and/or systems. DDoS — distributed denial-of-service — attacks, for example, are another form of malware attack we see all too frequently.

When a DDoS attack takes place, malware is used to overwhelm your network, system, website, app, etc., by driving more traffic to it than it is capable of handling. Some DDoS attacks drive multiple terabytes of data through your systems at once, effectively freezing them and rendering them out of service.

When this happens, your business is more or less held hostage by the attack. At this point, the bad actor will usually ask for a ransom to stop the attack and allow normal processes to resume.

Amazon Web Services was hit by a DDoS attack in 2020, lasting for three days and delivering a phenomenal 2.3 terabytes of traffic per second to render AWS unusable.

How to protect against malware

Educate your staff and users

Education is the first and best way to protect your business against malware attacks. Ensuring that your staff and users are aware of what a malware attack looks like, how to avoid phishing attempts, and what to do in various instances of a malware attack will go a long way towards protecting your business.

Practice prevention and perform penetration testing

Another key way to protect your business from a malware attack is to routinely practice prevention. That includes auditing your security measures regularly, testing your staff, and running defensive drills.

Penetration testing is an important practice to get into. By trying to hack into your own system (in a safe manner, of course), you can find the chinks in your armor before a bad actor does.

Implement layered protection against threats (also known as “defense in depth”)

It's important to understand that there is no "magic bullet" that will completely protect your business from malware attacks. You'll need a multi-pronged, layered approach.

That means educating your staff, implementing trusted malware protection software, working with experts, and having a dedicated IT team at your disposal. This way, you aren't relying on any one system to keep your business protected, but the strength of all of these combined.

Keep your security practices updated

Lastly, you must keep your malware security practice updated, as updated security software delivers the most up-to-date protections. You should also look into the latest malware threats and ensure that you have defenses against them.

New types of malware attacks are implemented every few years. With that in mind, it should come as no surprise that your business should be employing new security tactics every few years.

How the NTT MDR team defeats double extortion ransomware attacks

Before closing out this post, it might be helpful to take a look at a real-world defense against a malware attack — an attack on our cybersecurity solution spotted within a client’s systems.

In this case, it was quickly discovered that a malicious email had been opened by a staff member, which led to a chain of events compromising the client's security. NTT was able to respond to this incident via MDR which fits into a defense in depth strategy by detecting and responding to attacks which get through the first layers of defense such as firewalls, zero trust, EPP etc.

The lesson here is that you need to have a plan before an attack takes place, and it needs to be well rehearsed.

Get in touch today to learn more about our Managed Detection and Response.