What is Malware & Why Is It So Dangerous?
Table of Contents
- By David Lukic
- Apr 12, 2021
Unfortunately, these days everyone needs to be aware of what malware is and what you need to do to stay safe. Not only does malware threaten your privacy and security, and the health of your devices and networks it can also compromise your identity. So, continue reading this article to learn about what is malware and all the different types of it.
What is Malware?
Malware is malicious software, and it is delivered in a variety of ways. Malware is probably the number one cybersecurity concern for most businesses and Americans right now. You can often infect your computer, network, or device by clicking a link in a phishing (fake) email.
Cybercriminals develop various types of malware to do different things. Usually, they try to install it on your device without your knowledge, and then the payload is delivered. Some examples of malware are viruses, spyware, Trojans, and ransomware.
Malware affects all operating systems, including Windows, macOS, Android, and iOS. However, Windows and Android are more susceptible to malware than the Apple ecosystem.
In 2018 ransomware increased 1/3 from the previous year. It is becoming a major concern for companies and cybersecurity threat researchers.
Types of Malware Attacks
It is important to not only learn what is malware, but also to learn different types of malware to fully secure yourself on the internet. Some of the most common types of malware attacks are:
Malvertising (malicious advertising) is pretty much what it sounds like. Hackers embed malicious code in ads is called malvertising. Sometimes these criminals purchase legitimate ad space on Google Ads or social media sites to appear real. When an unsuspecting victim clicks on the ad to learn more about the product or service, their device may be infected with malicious software. Hence, you become a victim of malvertising. In some cases, the user doesn't even need to click just be on the same page as the malware.
Malvertising should not be confused with adware which is less harmful and simply displays ads in your browser or on your PC.
Threat actors use exploit kits to search for vulnerabilities on your hardware or software. Basically, this type of malware takes an inventory of the device's hardware and software resources and reports back to the central command. If the malware finds a known exploit, it may install other malicious code to perform other nefarious tasks.
Man in the Middle Attack (MitM)
A man in the middle attack occurs when a hacker exploits an unsecured Wi-Fi hotspot looking for victims who are connected to the network. If you visit your local coffee shop where they offer "free" Wi-Fi, then you use your cell phone to log onto your bank, pay a credit card bill or update your Netflix queue, through a man in the middle attack, someone could steal your credentials and take over all those accounts.
Cybercriminals perform man in the middle attack using special hardware or software that puts them in between you and the website you are visiting. That is why it is called a man in the middle attack. By intercepting all your activity, they can strip out pieces of personal, sensitive, but valuable information and use it for identity theft or fraud.
Man-in-the-Browser Attack (MitB)
Another type of malware that bad guys often use is man in the browser attacks. If someone is able to install malware on your computer and then into your internet browser, it can record everything you do while using the browser. Sometimes these issues occur when you use an infected browser add-on.
Recently there were reports of a very popular add-on for Google Chrome called the "Great Suspender," which was riddled with malware and had infected thousands of users' machines. Google removed it and wrote code to update and deactivate it from everyone's browser. Thus, if you do use google add-ons, be aware of man in the browser attacks
Drive By Downloads
Malicious websites or even legitimate websites infected with malware may also infect your device if you land on the URL either through a phishing email or other social engineering tactic.
The scary part about drive-by-downloads is that the user doesn't need to do anything; just visit an infected website. Some very reputable websites have been compromised by this type of infection, thereby spreading it to everyone who visits.
Social Engineering Attacks
Social engineering is becoming a very popular method of delivering malware to unsuspecting victims. Social engineering attacks use emotion to get you to trust someone into giving them information or clicking a link. Sometimes these messages come through in email or text, and the perpetrator pretends to be your bank, your boss, or someone of authority who you might trust to get you to click. Once you do, your device is infected, and then the criminal can take over.
Sometimes social engineering attacks are ongoing and take a while as they earn your trust before asking for the big score, which is usually personal information or your login credentials. Most of the data breaches during 2020 worked due to social engineering attacks and an employee clicking a malicious link in an email.
Often these threat actors use scare tactics, so you will panic and do something without thinking. For example, they may send you a convincing-looking email alerting you that your bank account has been hacked. The email will contain a link with the word "fix now," and without thinking, you click it. You may be taken to a website that "looks" like your bank, but it is fake. If you enter your login, the crooks now have access to your bank account and can drain your funds before you know what has happened.
Sometimes, to make the ruse complete, they redirect you to the legitimate website, so you won't suspect a thing and they get what they wanted. Hence, wary always of social engineering attacks, you do not know when or how it could happen.
These days, it is super important to be aware of all these types of malware and how to protect yourself.