In 2018, there were 812 million reported malware infections (PurpleSecus Cyber Security Report), and 94% of those malware infections were delivered via email (CSO). No devices were immune to these infections—not even mobile devices.
What is malware? Malicious software, or "malware," is software written with the intent to damage, exploit, or disable devices, systems, and networks. It is used to compromise device functions, steal data, bypass access controls, and cause harm to computers and other devices and the networks they are connected to.
Malware on the Rise
According to a recent Internet Security Threat Report by Symantec, there were 246 million new malware variants discovered in 2018, and the percentage of groups using malware is on the rise, too. Symantec reported that groups using destructive malware increased by 25% in 2018.
With malware usage continuing to rise, it’s important to know what the common malware types are and what you can do to protect your network, users, and critical business data.
Understanding the Six Most Common Types of Malware
The six most common types of malware are viruses, worms, Trojan Horses, spyware, adware, and ransomware. Learn more about these common types of malware and how they spread:
Viruses are designed to damage the target computer or device by corrupting data, reformatting your hard disk, or completely shutting down your system. They can also be used to steal information, harm computers and networks, create botnets, steal money, render advertisements, and more.
Computer viruses require human action to infect computers and mobile devices and are often spread through email attachments and internet downloads.
[You Might Also Like: "As Cyber Crime Evolves, Are Your Security Tools Keeping Up?"]
One of the most common types of malware, worms spread over computer networks by exploiting operating system vulnerabilities. A worm is a standalone program that replicates itself to infect other computers, without requiring action from anyone.
Since they can spread fast, worms are often used to execute a payload—a piece of code created to damage a system. Payloads can delete files on a host system, encrypt data for a ransomware attack, steal information, delete files, and create botnets.
3. Trojan Horse
A Trojan horse, or “Trojan”, enters your system disguised as a normal, harmless file or program designed to trick you into downloading and installing malware. As soon as you install a Trojan, you are giving cyber criminals access to your system. Through the Trojan horse, the cyber criminal can steal data, install more malware, modify files, monitor user activity, destroy data, steal financial information, conduct denial of service (DoS) attacks on targeted web addresses, and more. Trojan malware cannot replicate by itself; however, if combined with a worm, the damage Trojans can have on users and systems is endless.
[You Might Also Like: "What is Layered Security & How Does it Defend Your Network?"]
Installed on your computer without your knowledge, spyware is designed to track your browsing habits and internet activity. Spying capabilities can include activity monitoring, collecting keystrokes, and harvesting of account information, logins, financial data, and more. Spyware can spread by exploiting software vulnerabilities, bundling with legitimate software, or in Trojans.
Adware is often known for being an aggressive advertising software that puts unwanted advertising on your computer screen. Malicious adware can collect data on you, redirect you to advertising sites, and change your internet browser settings, your default browser and search settings, and your homepage. You typically pick up adware through a browser vulnerability. Legitimate adware does exist, but it will ask your permission first before collecting data about you.
According to Cybersecurity Ventures, cybercrime is predicted to cost the world 6 trillion dollars annually by 2021. Because ransomware generates so much money for cybercriminals, it is the type of malware we hear the most about.
Ransomware is a type of malware that holds your data captive and demands payment to release the data back to you. It restricts user access to the computer by either encrypting files on the hard drive or locking down the system and displaying messages that are intended to force the user to pay the attacker to release the restrictions and regain access to the computer. Once the attacker is paid, your system and data will usually go back to its original state.
How To Protect Your Business from Malware
Propagation of malware and cybercrime will continue to rise, and it’s important to protect yourself and your business from cybercriminals by implementing multiple layers of security, also known as a “layered approach.” These layers may include a firewall, end-user training, anti-malware and anti-virus software, email and web filtering, patch and update management, network monitoring, and managed detection and response services, just to name a few.
A layered approach is important to ensure that all potential entry points are protected. As an example, a firewall may prevent a hacker from getting on the network, but it won’t stop an employee from clicking an infected link in an email.
A good business continuity and disaster recovery solution (BCDR) is a must, too. A BCDR device and plan will not only protect your critical data in the event of a ransomware attack, but also from server failure, fire, or other natural disasters.
Don’t Forget Your End-Users
Though the layered approach described above can significantly reduce the risk of an attack, a business’ biggest vulnerability lies with its end-users.
Remember, 94% of all malware is delivered via email, which means that the security of your business lies in the hands of your end-users. So, when building your cybersecurity layers, don’t forget to educate your end-users and train them to be aware of the threats they may encounter and what to do when an attempted attack inevitably lands in their inbox.
End-user education along with software and hardware solutions are key to creating a more secure business environment. Prosource’s Managed IT Services give customers peace of mind. The monthly service not only includes many of the layers needed to secure your business network, but also other productivity-boosting benefits, like Help Desk support and a virtual Chief Information Officer (vCIO) who can educate and guide you and your employees on best practices to help protect your business.
Editor's Note: This post was originally published as "5 Common Types of Malware" in June 2017 and has been updated for accuracy and comprehensiveness, including an additional common type of malware.