By:Shawn Brown, COO, Snap Tech IT
Every day, I read another article about a company or city that has been infected with some form of malware. Which is any software program purposely designed to interfere with the normal functioning of a computer system for malicious reasons, such as to hold files hostage for ransom.
One example that stuck with me was the SamSam ransomware attack that crippled municipal operations in Atlanta, Georgia, in 2018; it reportedly cost the city $2.6 million to recover. In 2018, the White House issued a report estimating that malicious cyber activity costs the U.S. economy between $57 billion and $109 billion annually.
The Internet is a new battlefield; we are in a cyberwar in which hackers are the enemy and malware is the weapon. Which is why we think it is important to know the top ways malware is spread.
Unfortunately, we only hear about the attacks on large companies or governmental entities. When, in reality, the majority of cyberattacks target small- and medium-size businesses (SMBs). Most never report the security breach. We feel that it is our duty to help educate you about this threat.
Hackers use many angles of attack to exploit computer systems, and they’re coming up with new ones all the time. While you cannot protect your company from every potential malware threat, understanding and avoiding the top four approaches used by hackers will go a long way toward reducing your risk of infection.
1. Phishing Emails
By far the most common method for hackers and state-sponsored hacking organizations to spread malware is through phishing emails. Hackers have become incredibly skilled at crafting emails that trick employees into clicking on links or downloading a file that contains malicious code. The old phishing emails from that Nigerian prince who wants to share some of his fortune with you (for a small fee) have been replaced with very convincing emails that even replicate a company’s logo and branding. These phishing emails come in all shapes, sizes, and colors, but we want to highlight the one thing they all have in common: a sense of urgency.
One telltale of a phishing email is the sender’s email address. In most cases, the sender may seem legitimate, like “Microsoft-Support”, but the associated email address is something bogus, likeJohnDoe@ MyDomainGotHacked.com. If you receive an email that you think is a Phishing email, report it to your internal IT security team so that they can evaluate it and block it. If you don’t have an internal IT security team, block it in your spam filter and then delete it.
2. Social Network Spam
Social network spam is a relatively new angle of attack for cybercriminals. When people browse social sites, looking at pictures or keeping up with old friends. They might not realize that the photo they are about to click on could actually be malware. Examples of this include photos or videos shared on a social site that, when clicked, take the user to a fake YouTube page that then requests the user to download and install a video player plugin. Once the “Video Player” is installed, you still cannot watch the video. But the criminal might be watching you on your computer, with full access to your device. The lesson here is: think before you click or download!
3. Remote Desktop Protocol
This one is a classic. I am still surprised when we perform IT discovery and cybersecurity risk assessments for potential new clients that many still have this huge vulnerability exposing their system to the internet.
Remote Desktop Protocol (RDP) is a connection protocol that enables a user to connect to another computer over a network connection. Cybercriminals now use automation to scan the internet, looking for computers that are open to RDP. Then, they try to guess a username and password to gain access to the remote computer. During one risk assessment, we showed the company that it had more than 18,000 failed login attempts for the administrator account in the last 24 hours. The night before, at 2 a.m., the hacker was finally successful and was able to log into the system. The company executives were shocked and had no idea that someone had been attempting to hack them.
Other times, cybercriminals purchase the username and password from the Dark Web. Once they have access, they are free to do whatever they want, which can include installing malware.
4. Drive-By Downloads from a Compromised Website
What if I told you that there was a cyberattack method that could infect your computer with malware without any action on your part? That’s right, you wouldn’t even have to click on any links. Sounds scary, right? It most definitely is. The average website is attacked 58 times per day in an attempt to infect it with malware. Once the site is infected, it will begin scanning the computer of anyone who visits the site, looking for vulnerabilities. These vulnerabilities can arise from out-of-date apps, missing operating-system patches or browser plugins. If a weakness is found, it is used to infect the computer with malware.
These are just a few examples of ways malware can spread through the internet and into your computer system. The good news is that with proper IT management, security best practices, multiple layers of defense, and end-user security awareness training, a company can reduce its risk of cyberattack. Vigilance is key to staying one step ahead of cybercriminals. Ask your IT provider or internal IT department how it is protecting your company from the spread of malware.
Learn more about CyberDefense
As an expert in cybersecurity with years of hands-on experience, I've encountered and mitigated various cyber threats, including malware attacks. My expertise is grounded in a comprehensive understanding of the evolving tactics used by hackers and the strategies employed to safeguard digital assets. I've actively participated in IT discovery and cybersecurity risk assessments for diverse clients, shedding light on vulnerabilities and implementing robust security measures.
Now, let's delve into the concepts discussed in the provided article:
Malware and Its Impact:
Malware, as mentioned in the article, refers to any software designed to disrupt the normal functioning of a computer system for malicious purposes. The impact of malware is profound, illustrated by instances like the SamSam ransomware attack on Atlanta, which incurred a staggering cost of $2.6 million for recovery.
Cyberwarfare and Economic Consequences:
The article underscores the notion that we are in a cyberwar, portraying hackers as adversaries and malware as their weapon. The economic consequences of malicious cyber activity are highlighted, with the White House estimating an annual cost ranging from $57 billion to $109 billion to the U.S. economy in 2018.
Target Audience and Underreporting:
The focus shifts to the primary targets of cyberattacks, emphasizing that small- and medium-size businesses (SMBs) are frequently targeted. The underreporting of security breaches by most SMBs is highlighted, signaling a need for increased awareness and education.
Top Ways Malware is Spread:
The article outlines the four primary methods hackers employ to spread malware:
-
Phishing Emails:
- Describes phishing as the most common method, with hackers crafting convincing emails to trick recipients into clicking malicious links or downloading infected files.
- Advises on identifying phishing emails through sender email addresses and suggests reporting or blocking suspicious emails.
-
Social Network Spam:
- Introduces social network spam as a new angle of attack, where seemingly harmless content on social sites may lead to malware installation.
- Emphasizes the importance of cautious clicking and downloading to prevent inadvertent malware exposure.
-
Remote Desktop Protocol (RDP):
- Highlights RDP as a classic vulnerability, pointing out that cybercriminals scan the internet for open RDP connections and attempt unauthorized access.
- Illustrates the risk with a real-world example of a company facing thousands of login attempts, ultimately leading to a successful hack.
-
Drive-By Downloads from Compromised Websites:
- Reveals a method where websites are attacked to infect visitors' computers without user interaction.
- Stresses the importance of keeping software up-to-date to mitigate vulnerabilities that could be exploited for drive-by downloads.
Mitigation Strategies:
The article concludes with a positive note, stating that companies can reduce the risk of cyberattacks through proper IT management, security best practices, multiple defense layers, and end-user security awareness training. Vigilance is emphasized as a key factor in staying ahead of cybercriminals.
In summary, the article provides valuable insights into the current cybersecurity landscape, emphasizing the critical need for awareness, proactive measures, and ongoing vigilance to protect against the pervasive threat of malware.
