Regardless of whether you call it ransomware, malware, or viruses, these nuisance programs account for a growing number of attacks against your company every year. While the process of creating malware may have started as a challenge amongst hackers years ago, it has gotten organized and turned into a new sector of technology, motivated by greed and profit.
4 Reasons Malware Attacks are Created
“Since the early 2000s, almost all malware out in the wild has been created to steal identities, contact lists, passwords, credit/banking information, gamer accounts, photos – any data and resources that can be monetized.”
1. Botnets Can Be Sold For Profit
Why do people go to the trouble of creating malware? We live in a world where criminals will pay for networks of infected computers that can be sold as virtual slaves as a botnet. These infected devices can then be controlled by a master (the buyer) and used for nefarious purposes like sending spam or distributed denial of service attacks.
As the internet of things (IoT) grows, there will likely be new markets of devices that can be controlled for nefarious purposes. An article in Wired states that, “Instead of hackers hijacking your laptop for their zombie army, they will commandeer large networks of IoT devices—like CCTV surveillance cameras, smart TVs, and home automation systems.”
2. Stealing Personal Information
Another common reason for creating malware is to steal your personal information such as social security numbers, credit card numbers, and other personal data that can be extremely valuable for identity theft. Some malware attacks will record your keystrokes to steal account information for banks and other sites.
In the case of ransomware, hackers may take your data hostage using an encryption algorithm and use it to extort money from you. It’s never a good idea to pay these people because in many cases they will take your money and never allow you to decrypt your data. In reality, paying them only increases the likelihood they will do it again. Sometimes ransomware can be part of a larger shakedown.
4. Data Sabotage
According to an article in Wired, “cyber operations that change or manipulate digital data in order to compromise its integrity—instead of deleting or releasing stolen data—is our next nightmare.”. This type of malware will destroy data integrity and, likely, entire companies as well.
Who Creates Malware?
People who write malware get paid just like other software developers. Some employers might be people that send spam or those that want to sell networks of compromised botnet machines. In some cases, this may be small groups of hackers or possibly larger, more organized groups of criminals.
How Are Computers Infected?
- Simple Downloads: Machines are often infected by a simple download. Many times it happens as people unknowingly click a link or advertisement that contains malicious code. Without security software, most of the time employees don’t even realize these machines are infected.
- Software exploits: Less often, malware attacks use an exploit to infect through a vulnerability that exists in software (i.e. Adobe Flash) to infect the computer.
- Email links and attachments: Email infections occur when people click on links that lead to infected site or download and open malicious files that may be disguised as something you trust. This is why you should always be careful when receiving links from people you don’t know.
- Phishing attacks: Phishing attacks also occur when people go to a fake site that looks identical to the real one. They enter their login information, which is then stolen.
What About Security Software?
The good news is that security software like SentinelOne can help protect your computers and servers from malware attacks. Still, it’s very important to do the following things to make sure your systems are protected:
- Keep your laptops, desktops and servers up-to-date with security patches and security software (i.e. SentinelOne).
- Make sure the data on your endpoints and servers is backed up. This way, if the machine gets infected you can restore your data to its previous state.
- Train your users on avoiding many cyber security threats such as:
- Not opening attachments
- Not clicking on suspicious links
- Not going to questionable websites
Training can be a powerful ally when combatting malware. Teaching employees how to avoid malware can be a great way to avoid zero-day attacks. You can even use gamification to reward people when they report receiving emails that are questionable.
Protect Your Company From Malware
Malware has become a big money business. The best way to protect your company is to train your employees on proper cyber security and malware best practices, and to use an endpoint protection security software like SentinelOne.