​The top 5 least-wanted malware in any corporate IT infrastructure

David Higgins, Regional Director – ANZ, WatchGuard Technologies

Ask a group of people to define malware, and you’re likely to get a range of different answers. The term has become a catch-all description for a broad collection of different cyber threats that keep IT managers awake at night.

Categories falling under the malware banner include viruses and worms, adware, bots, Trojans and root kits. Each category is different but all can cause disruption and loss if not detected and quickly removed.

Of the malware types in the wild, the top five are:

1. Remote Access Trojans (RATs)

RATS comprise malicious code that usually arrives hidden in an email attachment or as part of a downloaded file such as a game. Once the file is open, the RAT installs itself on the victim’s computer where it can sit unnoticed until being remotely triggered.

RATs provide attackers with a back door that gives them administrative control over the target computer. This can then be used to steal data files, access other computers on the network or cause disruption to business processes.

One of the first examples, dubbed Beast, first appeared in the early 2000s. It was able to kill running anti-virus software and install a key logger that could monitor for password and credit card details. Sometimes it would even take a photo using the target computer’s web cam and send it back to the attacker.

2. Botnets

Some liken botnets to a computerised ‘zombie army’ as they comprise a group of computers that have been infected by a backdoor Trojan. Botnets have similar features to a RAT, however their key difference is that they are a group of computers being controlled at the same time.

Botnets have been described as a Swiss Army knife for attackers. Linked to a command-and-control channel, they can be instructed to forward transmissions including spam or viruses to other computers in the internet. They can also be used to initiate distributed denial of service (DDoS) attacks similar to the one suspected to have disrupted the Australian census.

Some attackers even rent their botnets out to other criminals who want to distribute their own malware or cause problems for legitimate websites or services.

3. Browser-based malware

This type of malware targets a user’s web browser and involves the installation of a Trojan capable of modifying web transactions as they occur in real time. The benefit for malware of being in a browser is that it enables it to avoid certain types of security protection such as packet sniffing.

Some examples of the malware generate fake pop-up windows when they know a user is visiting a banking web site. The windows request credit card details and passwords which are then sent back to the attacker.

Security experts estimate that there have been around 50 million hosts infected by browser-based malware and estimated financial losses have topped $1 billion.

4. Point-of-sale (POS) Malware

This is a specialised type of malware that seeks out computers specifically used for taking payments in retail outlets. The malware is designed to infect the computer to which POS terminals are attached and monitor it for credit card details.

One example, called Backoff, appeared in late 2013 and managed to infect more than 1000 businesses including the large US-based retailer Dairy Queen.

5. Ransomware

This category of malware is designed to take over a computer and make it or the data stored on it unusable. The code usually encrypts data and then the attacker demands payment from the user before providing the encryption key.

One of the more prevalent ransomware versions is called Locky and appeared in early 2016. It has already infected a large number of individuals, companies and public facilities such as hospitals.

While early examples used poor encryption techniques, ransomware has quickly evolved to the point where many varieties now use industry-standard 256-bit encryption which is effectively impossible to crack without the private key.

The best anti-malware steps to take

While the impact of a malware infection can be significant for individuals or an organisations, there are steps that can be taken to reduce the likelihood of infection. They include:

General awareness
It’s important for users to be aware of the threats that malware brings. Staff should be educated about phishing attacks and to be cautious when downloading files or opening attachments from unfamiliar parties.

Regular backups
Regular back-ups of critical data are a vital part of any security strategy. In larger organisations, a global share drive can be created in which all important files should be stored. This drive can then be backed up as often as is needed. Copies of backups should also be kept offline as an additional layer of protection.


Defence in depth

In a complex IT infrastructure, there should be multiple layers of security designed to stop attacks. While no single defence can protect completely, creating a defence in depth strategy will ensure systems and data are as secure as they can be.

Layered protection should range from firewalls and anti-virus software through to network intrusion and advanced persistent threat tools.

By taking a comprehensive and multi-layered approach to security, organisations can reduce the likelihood they will fall victim to malware attacks and avoid the disruptive and potentially costly problems they can cause.

Join the CSO newsletter!

Error: Please check your email address.

Tags Australian censusadministrationsposvirusesremote access trojan (RAT)census 2016email securityIT managementransomwaremalwarecyber securityDDoS attacksrats

More about

Show Comments