Phishing
Aphishingattack poses as a credible source to steal sensitive information through emails, websites, text messages, or other forms of electronic communication. These attacks provide a delivery mechanism for malware. Common attacks steal usernames, passwords, credit card details, and banking information. These types of malware attacks may lead to identity theft or money stolen directly from someone’s personal bank account or credit card.
For example, a cybercriminal might pose as a well-known bank and send an email alerting someone that their account has been frozen because of suspicious activity, urging them to click a link in the email to address the issue. Once they clink the link, malware is installed.
Spyware
Spyware works by installing itself on a device without someone’s consent or providing adequate notice. Once installed, it can monitor online behavior, collect sensitive information, change device settings, and decrease device performance.
Adware
Like Spyware, Adware installs itself to a device without someone’s consent. But in the case of adware, the focus is on displaying aggressive advertising, often in popup form, to make money off clicks. These ads frequently slow a device’s performance. More dangerous types of adware can also install additional software, change browser settings, and leave a device vulnerable for other malware attacks.
Viruses
Viruses are designed to interfere with a device’s normal operation by recording, corrupting, or deleting its data. They often spread themselves to other devices by tricking people into opening malicious files.
Exploits and exploit kits
Exploits use vulnerabilities in software to bypass a computer’s security safeguards to infect a device. Malicious hackers scan for outdated systems that contain critical vulnerabilities, then exploit them by deploying malware. By including shellcode in an exploit, cybercriminals can download more malware that infects devices and infiltrates organizations.
Exploit kits contain a collection of exploits that scan for different types of software vulnerabilities. If any are detected, the kits deploy additional malware. Software that can be infected includes Adobe Flash Player, Adobe Reader, web browsers, Oracle Java, and Sun Java. Angler/Axpergle, Neutrino, and Nuclear are a few types of common exploit kits.
Exploits and exploit kits usually rely on malicious websites or email attachments to breach a network or device, but sometimes they also hide in ads on legitimate websites without the website even knowing.
Fileless malware
This type of cyberattack broadly describes malware that doesn’t rely on files—like an infected email attachment—to breach a network. For example, they may arrive through malicious network packets that exploit a vulnerability and then install malware that lives only in the kernel memory. Fileless threats are especially difficult to find and remove because most antivirus programs aren’t built to scan firmware.
Macro malware
You may already be familiar with macros—ways to quickly automate common tasks. Macro malware takes advantage of this functionality by infecting email attachments and ZIP files. To trick people into opening the files, cybercriminals often hide the malware in files disguised as invoices, receipts, and legal documents.
In the past, macro malware was more common because macros ran automatically when a document was opened. But in recent versions of Microsoft Office, macros are disabled by default, meaning that cybercriminals who infect devices in this way have to convince users to turn macros on.
Ransomware
Ransomwareis a type of malware that threatens a victim by destroying or blocking access to critical data until a ransom is paid. Human-operated ransomware attacks target an organization through common system and security misconfigurations that infiltrate the organization, navigate its enterprise network, and adapt to the environment and any weaknesses. A common method of gaining access to an organization’s network to deliver ransomware is through credential theft, in which a cybercriminal could steal an actual employee’s credentials to pose as them and gain access to their accounts.
Attackers using human-operated ransomware target large organizations because they can pay a higher ransom than the average individual—often many millions of dollars. Because of the high stakes involved with a breach of this scale, many organizations opt to pay the ransom rather than have their sensitive data leaked or risk further attacks from the cybercriminals, even though payment does not guarantee the prevention of either outcome.
As human-operated ransomware attacks grow, the criminals behind the attacks become more organized. In fact, many ransomware operations now use a Ransomware as a Service model, meaning that a set of criminal developers create the ransomware itself and then hire other cybercriminal affiliates to hack an organization’s network and install the ransomware, splitting the profits between the two groups at an agreed-on rate.
Rootkits
When a cybercriminal uses a rootkit, they hide malware on a device for as long as possible, sometimes even years, so that it steals information and resources on an ongoing basis. By intercepting and changing standard operating system processes, a rootkit may alter the information that your device reports about itself. For example, a device infected with a rootkit may not show an accurate list of programs that are running. Rootkits may also give administrative or elevated device privileges to cybercriminals, so they gain complete control of a device and can perform potentially malicious actions, such as steal data, spy on the victim, and install additional malware.
Supply chain attacks
This type of malware targets software developers and providers by accessing source codes, building processes, or updating mechanisms in legitimate apps. Once a cybercriminal has found an unsecured network protocol, unprotected server infrastructure, or unsafe coding practice, they break in, change source codes, and hide malware in build and update processes.
Tech support scams
An industry-wide issue, tech support scams use scare tactics to trick users into paying for unnecessary technical support services that may be advertised to fix a falsified problem relating to a device, a platform, or software. With this type of malware, a cybercriminal may call someone directly and pretend to be an employee of a software company. Once they’ve gained someone’s trust, attackers often urge potential victims to install applications or give remote access to their devices.
Trojans
Trojans rely on a user unknowingly downloading them because they appear to be legitimate files or apps. Once downloaded, they may:
- Download and install additional malware, such as viruses or worms.
- Use the infected device for click fraud.
- Record the keystrokes and websites that you visit.
- Send information (for example, passwords, login details, and browsing history) about the infected device to a malicious hacker.
- Give a cybercriminal control over the infected device.
Unwanted software
When a device has unwanted software, the user may experience a modified web browsing experience, altered control of downloads and installations, misleading messages, and unauthorized changes to device settings. Some unwanted software is bundled with software that people intend to download.
Worms
Mostly found in email attachments, text messages, file-sharing programs, social networking sites, network shares, and removable drives, a worm spreads through a network by exploiting security vulnerabilities and copying itself. Depending on the type of worm, it might steal sensitive information, change your security settings, or stop you from accessing files.
Coin miners
With the rise in popularity of cryptocurrencies, mining coins has become a lucrative practice. Coin miners use a device’s computing resources to mine for cryptocurrencies. Infections of this type of malware often begin with an email attachment that attempts to install malware or a website that uses vulnerabilities in web browsers or takes advantage of computer processing power to add malware to devices.
Using complex mathematical calculations, coin miners maintain the blockchain ledger to steal computing resources that allow the miner to create new coins. Coin mining takes significant computer processing power, however, to steal relatively small amounts of cryptocurrencies. For this reason, cybercriminals often work in teams to maximize and split profits.
Not all coin miners are criminal, though—individuals and organizations sometimes purchase hardware and electronic power for legitimate coin mining. The act becomes criminal when a cybercriminal infiltrates a corporate network against its knowledge to use its computing power for mining.
