SolarWinds MSP is becoming N-able

Read more

Know Your Cybersecurity: The Different Types of Malware

f you want to be taken seriously when providing security services, then you need to make sure you have your terminology down. And even if you think you already know the fundamentals, it helps from time to time to refresh your knowledge. If you can’t remember the difference between a rootkit and a trojan, you could end up looking foolish or even losing a sales pitch to a new client.

Today, we want to get back to the basics and cover the different types of malware. With over 350,000 new strains of malware discovered each day, it’s important to know the types of malware you could run into—and how to deal with them.

The classes of malware

  • Virus
    When many people think of cyberthreats, they think of viruses. A virus is an executable file that spreads within a machine. One virus could infect multiple files or programs, and do such things as delete data or modify sensitive information on a machine. Some viruses are harmless, but it’s never worth the risk of leaving one be.
  • Worms
    While viruses spread between files on a computer, worms spread to other machines on a network. These can take down networks, or at least create enough bottlenecks to hamper productivity. Worms can be lethal—the 2003 SQL Slammer worm infected tens of thousands of servers in minutes. In short, if you find a worm, make sure to quarantine the file and fix it before it takes your customers’ networks down.
  • Trojan
    You may be familiar with the ancient Greek story of the Iliad, by Homer. In the story, the Greeks fight the Trojans in a long siege. At the end of the story, Odysseus creates a horse statue as a surrender gift to the Trojans. However, hidden within are a group of Greek soldiers who escape the statue at night and destroy the city from within. Trojans are named after Odysseus’s invention. They refer to files other than executables that run malicious processes. Typically, they come in the form of something positive, such as an audio file that you’ve requested or a document you downloaded. The point is that these disguised files appear benign, but have a malicious intent.
  • Spyware
    Spyware captures information about a machine and transmits it to another source. Spyware can record almost anything done on a computer, from accessed files to visited websites. One form of spyware includes keyloggers, which record everything typed by the victim. This could easily lead to stolen passwords, bank account information, or health data.
  • Rootkits
    Rootkits are the “root canals” of malware—you run into one and you’re going to feel a lot of pain. Rootkits attempt to modify the operating system directly and build a backdoor into the system. They’re hard to discover and, if done correctly, VERY hard to remove.
  • Ransomware
    Over the past few years, we’ve seen a major rise in the number of ransomware attacks. While spyware and several other forms of malware attempt to steal data and resell it, ransomware locks the computer or data and demands a payment to release the machine. Ransomware can often be dealt with by restoring data or the system to a safer state from a backup.
  • Cryptominer
    Cryptomining is an activity where computers attempt to generate new cryptocurrencies like Bitcoin, Ethyreum, or Monero. Generating cryptocurrency requires significant processing power, and many criminals place cryptomining malware on computers to steal processing power for the job. However, just because they steal processing power only doesn’t mean you can ignore them—they could just as easily install other more nefarious malware if they want.
  • Fileless malware
    Fileless malware uses legitimate processes or systems within a machine to destroy it from within. These attacks typically run in memory, and typically slip past traditional antivirus and antimalware. A fileless attack may create a new user account with admin rights to establish a foothold in the system, then delete or modify local logs to make them harder to detect.

Malware: betcha’ don’t have just one!

Understanding the basic attack types can help. But the most successful attacks combine multiple types into a sophisticated attack. Let’s say a hacker is determined to turn a profit off one of your customers (or just ruin their lives). They send an email containing a malicious file. The user downloads this, and the file both establishes a foothold on the machine and installs a keylogger, stealing personal financial data. They sit on the customers’ systems, and gather passwords or sensitive company data. One day, after stealing enough data, they decide to download ransomware to your machines. They may have been silent for a while, but now, they’ve disrupted business operations. You could attempt to remove the ransomware infection or reinstall from a backup, but if you don’t catch the other parts of the attack, they can just do it again.

This is an extreme example, but many successful attacks use multiple methods to breach their victims. It’s no longer as simple as quarantining a virus and removing the infected file.

What to do about it

Ultimately, you need multiple layers of security to prevent issues from taking hold. However, one essential tool in your arsenal needs to be endpoint protection like SolarWinds® Endpoint Detection and Response (EDR), powered by SentinelOne. EDR is built to help detect, respond to, and remediate malicious activity on the endpoint, whether malware-based or not. If it detects ransomware, it can spring into action and even roll back the system to a safe state on your behalf. Make sure your customers are covered—get a free demo of SolarWinds EDR, available in SolarWinds RMM, today.

 

Tim Brown is VP of Security for SolarWinds MSP. He has over 20 years of experience developing and implementing security technology, including identity and access management, vulnerability assessment, security compliance, threat research, vulnerability management, encryption, managed security services, and cloud security. Tim’s experience has made him an in-demand expert on cybersecurity, and has taken him from meeting with members of Congress and the Senate to the Situation Room in the White House. Additionally, Tim has been central in driving advancements in identity frameworks, has worked with the US government on security initiatives, and holds 18 patents on security-related topics. 

 

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a trial.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site