Mad About Malware: Hot Spots and Trends

Posted by Trevagh Stankard on Tue, Nov 2nd, 2021

Numerous cybersecurity attacks vectors are available to cyber-criminals, but some work better than others.  For example, phishing is popular for stealing credentials, but malware works well for stealing data and providing backdoors for full control of an organization server. Here are some malware trends in 2021 that will likely continue to be popular in 2022.

Phishing is Still the Most Common Attack

Every year, phishing attacks increase globally. Phishing gives attackers several options. The first one is that attackers can either cast a wide net and send thousands of phishing emails in the hopes that a few fall victims to the campaign or they can create targeted messages to specific employees with high-level network access.

Malicious attachments in a well-crafted phishing campaign will download and install malware. This malware could be ransomware that encrypts data forcing victims to send a payment to the attacker in exchange for decryption keys. It could also be trojan malware that creates backdoors to the network or installs remote access tools that provide the attacker with full control of the computer.

Installed Malware

Malware provides attackers with a wide range of exploit potential. For an attacker to steal data or extort money from a victim, usually it requires the use of malware. The potential with malware gives attackers a wide range of monetary gain. This monetary gain could be in stealing data from organizations and then selling it on darknet markets, or an attacker could silently steal data from an organization’s internal network.

Trojan software that gives attackers remote control of a computer is also a form of malware. This type of malware has been responsible for large-scale compromises such as data theft, affecting social infrastructures such as power utility facilities and water plants, and spying on competitor organizations.

Ransomware is another common malware application that can be devastating if attackers can install it on a local computer or critical infrastructure such as a server. With ransomware, an attacker could potentially earn thousands with one successful attack. What makes ransomware a bigger threat than other malware is that it uses cryptographically secure encryption to lock files and businesses must pay the ransom to get this data back. The only way to recover from ransomware is restoring files from a backup. Paying the ransom does not guarantee that the private key will be delivered, and files will be restored.                                                  

TitanHQ Network Security Checklist - This checklist guides you to the areas of IT security you need to focus on and gives you the tips and tricks needed to get started securing your organization against internal and external security threats.

Exploiting Software Vulnerabilities

The year 2021 saw an increase in software vulnerabilities as more companies went digital. More software, servers, and at-home workers left the web open for attackers with the skills to find and exploit vulnerabilities in buggy software. Vulnerabilities are published on the Common Vulnerabilities and Exposures (CVE) database, which means attackers can simply look up any type of vulnerability and write an exploit for it.

Scripting bots that scan for vulnerabilities is also big business for attackers. Once a vulnerability is found, a script can scan thousands of sites in only a few minutes to find any servers or host machines with exploit potential. Once a common vulnerability is found, it only takes a few minutes for an exploit to launch and affect the target host.

Unpatched software was common in 2020 and 2021, and this also leaves hosts vulnerable to exploits. When software developers release security patches, the vulnerabilities patched with the update are listed. Any host that does not have the patch installed is vulnerable until administrators patch the system. This leaves a window of opportunity for an attacker, which could make it a target for bots and scanners that find and exploit the issue.

Encryption in Malware

A big change is that now attackers use encryption to hide malware attacks. Encryption in malware attacks offers the added ability to hide from monitors and protect the attacker’s code. This trend made malware much more effective and harder for cybersecurity researchers to find once it’s deployed to a network device such as a desktop or server.

Best Practices in Your Defense

Scammers might be getting better at what they do, but you can still take the necessary steps to stop attacks. To stop phishing, always have email security installed. This includes filters to stop malicious messages from reaching a user’s inbox.  Deploy an email filtering solution that can filter both inbound and outbound messages to protect your users and your customers.

Use a multi-layered protection approach: don’t rely only on your mail servers filtering capabilities, also add a third party dedicated solution to filter your mail and help your users and your company protected. Deploy mail filtering software that protects users from the full range of email threats, including malware, phishing, and spam.

Protect your organization from all malware with SpamTitan Email Protection.  View SpamTitan Demo today.