Malware Exposed: Understanding the Menace of Malware and Real-World Cases
What?
Malware is computer software that has been specifically created to be installed on computers without the users’ knowledge or permission. Such poorly designed applications’ main goals are to either install a program to annoy users or gain access to the targeted systems without the user’s consent.
Otherwise, a malware is a file or piece of code that can almost perform any action an attacker desire. It is often distributed via a network. Additionally, there are many ways to infect computers due to the wide variety of viruses.
Objectives:
Unauthorized Access
Data Theft
Financial Gain
Disruption and Destruction
Espionage and Surveillance
Botnet Recruitment
Propagation and Self-replication
Reputation Damage
Types
Ransomware
Ransomware is a type of malicious software (malware) that encrypts or locks the files and data on a victim’s computer or network. The perpetrators of the ransomware then demand a ransom payment from the victim in exchange for unlocking the locked files or giving them access to the decryption key.
Typically, ransomware enters a system by phishing emails, malicious downloads, social engineering tricks, or by taking advantage of flaws in software or operating systems. Once it has gained access to a system, it begins to encrypt files, rendering the victim unable to access them. The attackers then alert the victim of the encryption and demand money in the form of a ransom note, which is typically shown as a message on the victim’s screen or a text file.
Case:
The WannaCry ransomware assault in May 2017 is one such instance. The National Health Service (NHS) in the UK was among the thousands of machines that were impacted by its quick global spread. Critical healthcare services were interfered with by the attack, which led to delays in patient treatment and required hospitals to reroute ambulances and postpone surgeries. The incident demonstrated the huge impact ransomware attacks may have on crucial infrastructure and the attackers’ demand for Bitcoin ransom payments.
The Colonial Pipeline ransomware attack occurred in May 2021, targeting one of the largest fuel pipeline operators in the United States. The attack was carried out by the DarkSide hacking group, causing Colonial Pipeline to shut down its pipeline system. This led to fuel shortages, price increases, and disruptions in the transportation sector. Colonial Pipeline paid a ransom of $4.4 million to the attackers. The incident highlighted the vulnerability of critical infrastructure and the need for improved cybersecurity measures.
Trojan Horse
A malicious program that masquerades as safe software or a file is known as a Trojan horse. Once installed, it has the ability to carry out a number of unauthorized tasks on the victim’s computer.
In this context, a Trojan horse is a malicious computer application that may seem innocent and modest, but it can open the door for a more serious attack on your computer and sensitive data. It secretly gathers data on user activity, login information, and other computer activities before sending it to its command-and-control center, which is where other malicious attacks may come from. Hackers can gain access to your computer and take control of it by using a Trojan to unlock its backdoor.
The Trojan Horse narrative from Greek mythology is identical to the Trojan Horse idea used in contemporary computer terminology. According to ancient mythology, the Greeks created a wooden Trojan horse that could fit a large number of soldiers inside its wooden chamber. The citizens of Troy would draw the Trojan horse up to the city, and the troops who had been concealed inside would emerge at night and unlock the gates. They would ask their fellow soldiers to invade the city and take it over.
The Trojan Horse narrative from Greek mythology is identical to the Trojan Horse idea used in contemporary computer terminology. According to ancient mythology, the Greeks created a wooden Trojan horse that could fit a large number of soldiers inside its wooden chamber. The citizens of Troy would draw the Trojan horse up to the city, and the troops who had been concealed inside would emerge at night and unlock the gates. They would ask their fellow soldiers to invade the city and take it over.
The concept of Trojan horse in computer security is also same. A Trojan horse comes in through some social engineering tactics such as emails, disguised links, and other sources. They would sit on the computers and start spying, making changes in credentials and doing other such malicious activities.
Case:
The Carbanak Trojan targeted financial institutions all across the world in 2014. Employees at the bank received phishing emails with malicious attachments from the attackers. Once the Trojan was activated, it entered the banks’ networks and gave the attackers access to monitor activity, take over ATMs, and carry out fraudulent transactions. More than $1 billion in bank funds were stolen from banks in more than 30 countries as a result of the Carbanak Trojan campaign.
The NotPetya malware outbreak in 2017 had an impact on businesses all around the world. NotPetya spread with a hacked software update from a Ukrainian accounting program called M.E.Doc after being initially misidentified as a ransomware attack. It led to financial losses and operational interruptions for businesses across a range of industries, including shipping, energy, and healthcare.
Botnets
A botnet, sometimes known as a “robot network,” is a collection of malware-infected computers that are managed by a single attacker, also referred to as a “bot-herder.” A bot is any particular machine that the bot-herder is in control of. The attacking party can control every computer in its botnet at once to execute a coordinated illegal operation from a single central location. A botnet’s size (many are made up of millions of bots) allows an attacker to carry out extensive operations that would have been impossible with malware in the past. Infected devices can receive updates and alter their behavior instantly since botnets are constantly under the control of a remote attacker.
Case:
The Mirai botnet attracted a lot of attention in 2016 because to its widespread distributed denial-of-service (DDoS) attacks. Webcams and routers were among the Internet of Things (IoT) devices that Mirai targeted and compromised. As a result of the botnet’s massive traffic flood on the targeted websites, numerous service interruptions and outages were experienced. Mirai highlighted the need for improved security in these interconnected devices and showed the possible consequences of compromised IoT devices.
The IoTroop or Reaper botnet first appeared in 2018, infecting worldwide IoT devices that were weak points. Instead of depending on specialized software, Reaper, unlike regular botnets, focuses on exploiting security flaws in IoT devices. As it searched for and infected systems with known weaknesses, it grew a sizable botnet that was capable of unleashing destructive DDoS assaults.
Spyware
Spyware is a type of computer program or code that is placed on computers without the user’s knowledge. This program’s primary goal is to track online behavior, computer usage patterns, and personal preferences.
A spyware program monitors a user’s Internet usage. The majority of the time, spyware programs are employed to discover computer users’ habits in order to perform effective and targeted digital marketing campaigns through emails and other online sources.
The value of privacy has grown significantly in today’s world. The General Data Protection Regulation (GDPR) has made privacy a fundamental component of any online service in the nations that make up the European Union (EU).
Case:
The NSO Group’s Pegasus spyware, which was created in 2016, gained attention in 2016. Pegasus made use of iOS device flaws to allow attackers to monitor and collect sensitive data from their targets remotely. The spyware had the ability to view emails, texts, and even text messages, as well as turn on the microphone and camera. Pegasus apparently targeted political dissidents, activists, and journalists, which raised questions about privacy and spying.
Keyloggers are a particularly sneaky kind of spyware that may record and collect human input on a device, including multiple keystrokes in succession. Keylogger software, sometimes known as a “keystroke logger,” records every keystroke you make on your keyboard. However, keyloggers also provide thieves the ability to listen in on your conversations, observe you on your system camera, or hear you over the microphone on your smartphone.
Case:
In 2006, the Zeus Trojan emerged as a prominent keylogger and banking malware. Zeus infected millions of computers globally, mainly targeting online banking systems. The malware captured login credentials and financial information, allowing attackers to carry out fraudulent transactions and steal funds from victims’ bank accounts. The Zeus Trojan campaign resulted in substantial financial losses for individuals and businesses.
Worms
Computer worms and viruses replicate themselves in order to propagate to other computers on a network or through other data transmission methods. This is their key distinguishing characteristic. Computer worms are a particular class of virus software that spreads itself throughout computers and eats up large amounts of resources including memory, hard drive space, and bandwidth.
A worm’s primary goal is to propagate across a network of computers by taking advantage of flaws in the operating system and other aspects of computer networks. They are regarded as safe in the absence of payloads. Worms without payloads or payload-free worms simply consume computer resources without causing any harm. However, when more payloads are introduced, the worms can become deadly because they can install other harmful programs that are concealed in the payloads.
In order to undermine your security and data by transferring them to the command-and-control center situated abroad, those payloads may install backdoors and other spying codes on the machine. Worms, however, just serve to carry payloads and install on networks during the entire process. However, the worm program itself is a free application that can travel around and duplicate itself without posing a severe threat to the system or data.
Case:
In 2000, the ILOVEYOU worm gained notoriety for its rapid global spread. The worm arrived in the form of an email attachment with the subject line “ILOVEYOU” and infected millions of computers worldwide. It spread by overwriting files, deleting critical system files, and emailing itself to the victim’s contacts. The economic impact of the ILOVEYOU worm was estimated to be billions of dollars due to widespread disruption and loss of productivity.
The Conficker worm quickly propagated via international computer networks in 2008. It had several variations and used flaws in Microsoft Windows operating systems. Concerns about potential cyberattacks or data theft arose as a result of Conficker’s capacity to update itself and build a sizable botnet.
Adware's
Adware is a type of computer program that, as its name suggests, compels Internet users to view advertisements by forcing them to view particular websites, pop-up windows, or on-page advertisements.
Adware is now a very common tactic used by digital marketing teams to capture users’ attention to a specific good or service. The adware code use a variety of techniques to spread and locate acceptable targets in order to identify the target market for a given product.
Adware is a type of malware that displays unwanted advertisements on a victim’s computer. In some cases, adware can also collect user data without their consent.
Case:
In 2013, the Superfish adware pre-installed on some Lenovo laptops drew attention. Superfish injected advertisements into web pages, interfering with the user’s browsing experience. The adware also compromised SSL security by using a self-signed root certificate, potentially exposing users to security risks. The incident highlighted the importance of scrutinizing pre-installed software on devices to prevent unwanted or potentially harmful applications.
It is essential to stay alert and take necessary precautions to safeguard against the various types of malware and the tangible consequences they can have. This includes regularly updating software, utilizing trusted antivirus programs, and being cautious when handling attachments or clicking on suspicious links. By remaining vigilant, individuals can effectively protect themselves from these potential threats.
Reference:
Cybersecurity Fundamentals A Real-World Perspective
Let’s connect?
LinkedIn: www.linkedin.com/in/ravitejmbandlekar
