Experiencing a Breach?
en
Platform
Why SentinelOne?
Services
Partners
Resources
About
en
Get a Demo

What is Malware?

Back to Glossary

Introduction

Malware is malicious software that prevents a computer from functioning as it should. The effects and scope of malware can extend beyond traditional computers to IoT devices, smartphones, and security cameras. Large companies and entire nations are at risk and spend trillions of dollars each year fighting malware.

Most malware is spread through websites, email, and downloaded software (i.e., its attack vector), and can be hidden in innocuous-seeming files such as images and documents. Users may be infected by malware by installing infected software or opening email attachments. Even visiting a malicious website (or one acting as such, perhaps unbeknown to its owner) can result in a malware infection.

What Are the Different Types of Malware?

One might conflate “malware” with “virus” or even “spyware.” These are related but distinct concepts. Malware is the overarching term for malicious software of any kind, while virus, spyware, and several other terms refer to more specific types of this class of malicious code.

Below is a list of common types of malware:

  • Virus – This type of malicious code hijacks an otherwise legitimate piece of software for malware usage, including spreading itself to other systems. Most early malware came in the form of computer viruses, perhaps giving rise to the term’s more generalized (though technically incorrect) usage.
  • Worm – These self-replicating programs do not require a host program to propagate (as with a virus). While some simply spread, others can cause serious damage.
  • Trojan Horse – Sometimes called a “trojan horse virus” or just “trojan,” this class of malware disguises itself as a useful program, tricking users into installing it. Once installed (pulled in past your computer’s gates, so to speak) it can then perform its nefarious function.
  • Spyware – Used to surreptitiously collect information on computer users, potentially compromising sensitive data such as banking credentials.
  • Ransomware – These programs typically encrypt a victim’s files and demand a payment to unlock them.
  • Adware/Scareware – Adware is software that serves unwanted ads on a victim’s computer, often as pop-ups or banners. Scareware could be defined as a more aggressive and deceptive version of adware, sometimes “informing” users of imminent cyber threats that can be “mitigated” for a fee.

How Does Malware Spread?

Malware is code that performs an attack on your system. The other piece of this attack puzzle is how malware gets on your system. In the cybersecurity realm, this is known as the attack vector, which can take several forms.

  • Business Email Compromise (BEC) – Threat actors impersonate business email addresses to obtain information from employees or request payment to “vendor” accounts owned by the attackers.
  • Malvertising – Online ads are infected with malicious code, redirecting users to harmful websites or even installing malware on the device itself.
  • Phishing – A social engineering scam that attempts to steal sensitive information such as passwords and banking credentials
  • Compromised Credentials – Compromised credentials–such as passwords and usernames obtained via phishing–can then be used to log on to networks and install malware as a “legitimate” system user.
  • Privilege Escalation – While a normal user account (possibly obtained by phishing/compromised credentials) may have a certain level of access, a higher level of access may be needed for attackers to accomplish their goals. Privilege escalation elevates an account at one access level to a higher level for nefarious purposes.
  • Exploit Kits – Malicious web content that automatically installs malware on devices via software vulnerabilities.
  • Drive-by Downloads – Downloads malicious code onto your device via a vulnerability in an app, web browser, or operating system. Unlike many other exploits, drive-by-downloads don’t require any input by the user, such as clicking on a link.
  • Emerging Threats – While this list covers many potential cyber threats, malicious actors are always working on new exploits and attack vectors. Systems and personnel must be continuously updated to address new concerns.
  • Device Vulnerabilities – Computing devices, whether operating under Windows, MacOS, Android, iOS, or other systems, have vulnerabilities that get patched over time. If criminals can find exploits before the “good guys” do, this gives them a method for malware infection. Worse yet, vulnerabilities may be patched, but not every system is up to date, making these systems a prime target. IoT devices can be especially vulnerable to such attacks.
  • Router Insecurities – While networks connecting to the Internet typically have protections built-in via a router, the router itself can be infected by malware. This can then be used to facilitate further malware implementation on network devices.
  • Removable Media – Malicious software can hide in seemingly innocuous removable media like thumb drives. Once inserted into a user’s device, they can then infect it with malware.
  • Infected Downloads – Disguised as an email attachment, “useful” program (even an “antivirus” program), or media file, a user can be tricked into downloading malware under false pretenses. Once on the victim’s device, it can then perform its nefarious purpose.

How Can Malware Be Prevented?

To infect a computing system, malware must get onto that system. Basic prevention measures include:

    • Network Firewalls – Firewalls, typically implemented on router setups that connect to the open Internet, allow data in or out only in certain circumstances, thus keeping a significant amount of malicious traffic from getting onto a network in the first place.
    • Update Systems – Malware often takes advantage of system vulnerabilities which are patched over time as they are discovered. While so-called “zero-day” exploits are designed to take advantage of unknown vulnerabilities, updating and patching known vulnerabilities will make your system much more secure. This includes both mobile devices, computers, and even the router itself.
    • Strong and Updated Passwords – Poor password practices (e.g., reuse between services, poor password security, insecure transmission, or even sticking with default settings), will result in more opportunities for hackers to compromise your system with malware.
    • Zero Trust Network Architecture – In an organizational context, devices and personnel should be given the minimum amount of system privileges needed to do a job. This means that infected devices can, in turn, affect the least number of other devices possible, and humans in the loop (whether through malicious intent, carelessness, or even blackmail) can do as little damage as possible.
    • Avoid Suspicious Links, Websites, and Files – If something looks amiss on a website or link, or if you get an unexpected email attachment, be cautious about interacting with it. If something is questionable, it may be wise to contact the sender through other means to verify its authenticity.
    • Robust Cloud – Cloud resources should be considered as possible vectors, and even sources, of attack, and secured as appropriate.
    • Identity Protection – User identities, credentials, and other sensitive information should be secured. Tools using encryption and monitoring can help keep this information safe.
    • Endpoint Protection – Endpoints like laptops, smartphones, and Internet of Things (IoT) devices must be secured as a part of an overall cybersecurity strategy.
    • Continuous Monitoring with AI and ML – Comprehensive cybersecurity vendors like SentinelOne use artificial intelligence and machine learning algorithms to prevent, detect, and mitigate malware threats.
  • Role Based Access Control (RBAC) – Restricts network and data access based on one’s role within an organization. A standard user may, for example, not be able to install programs or access certain sensitive data. This minimizes the consequences of such accounts being compromised.
  • Cybersecurity Training and Education – While automated tools go a long way toward securing a network, people with access need training to avoid clicking on suspicious links or even giving out information to attackers using BEC or phishing techniques.

While these techniques will not prevent all malware infections in every case, they do lower your risk. Consider this situation analogous to two bicycles side-by-side, one of which is locked. Normally, a thief would choose the one they could just walk off with, but if one is much more valuable, they might grab the bolt cutters. In the same way, an updated computing device is “locked,” but if you are an especially high-value target (e.g., a profitable business, public figure, or politician), you may gain special notice from cybercriminals.

How Do I Know If My System Is Infected With Malware?

Strange behavior out of your device (e.g., slowdowns or ad pop-ups) can be an indication of malware, but this is not always evident. Active monitoring solutions can also be quite helpful to ensure your system is in excellent shape. While you may or may not be as big a target as person X, your security is still important. And while you might not be a notable target, the fact that your device has important information about your company (or customers) could indeed be valuable next to persons Y and Z.

Another important security technique is to back up data regularly, ideally in an “air-gapped” setup. Taking a hard drive to an offsite safe deposit box may seem like an antiquated notion, but consider what would happen if you needed to start from scratch because of malware, or for that matter, a physical incident like a fire or tornado.

Consider that a ransomware attack might encrypt all your available files. However, if you have a nearly current backup in a safe somewhere, you could choose to start from that point rather than giving in to demands or losing copious amounts of data.

FAQ

What is malware versus a virus?

A virus is a type of malware. Malware refers to all classes of code used to attack and disrupt computing systems.

How harmful is malware?

The risk from malware varies greatly. In some cases (e.g., a worm that simply spreads) there is little risk. However, on the whole, malware is very harmful. According to one estimate, cybercrime accounts for $6 trillion in annual monetary damages, a figure that’s only expected to increase in the future. Ransomware demands can range from thousands to millions of dollars, and general system inconveniences are significant.

Conclusion

Malware is code used to prevent a computer from functioning correctly, enabling cyberattacks. Malware can affect traditional computers, as well as smart devices like phones and tablets, and spreads through a wide range of human and system vulnerabilities. With the proper tools, preparation, and monitoring, malware can be prevented and fixed when necessary. System administrators must always stay vigilant against this ever-evolving threat.

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform harnesses the power of data and AI to protect your organization now and into the future.

Request a Demo