Image courtesy of Flickr_Pink Sherbert Photography

Cyber Security: What is malware?

There are over 100 million different viruses live on the Internet. Many of these are only slight variants of each, substantially enough different to try and avoid detection by anti-malware software.
Malware is short for ‘malicious software’ and is software designed with a malicious intent. In total it is estimated there are nearly 100 million different types of malware on the web today and growing rapidly.

Due to the potential for high returns, organised crime is investing heavily in malware production and a malware-based cyber attack is the most common threat smaller businesses will experience at least once in the next 12 months.

The UK Government’s Cyber Essentials scheme provides an excellent broader risk management framework for this threat.

Malicious content can be used:
• To record every keystroke on your keyboard, including bank details and passwords
• To make your computer undertake an action on behalf of the malware’s creator
• To encrypt the files on your computer and demand a ransom fee to get your files back

Malicious software, like all software, is ultimately written by a human being. The author of the software identifies a “vulnerability” in an operating system (e.g. Microsoft Windows) or other common software (e.g. Microsoft Word) and “exploits” the vulnerability.

Opportunities and organised crime are typically after either money or information that can be exchanged for money.

Nationstates are most typically after information, for example trade secrets or information on the activity of corporate firms or other Governments.

A simple metaphor is an open window on a house. Malware is written to detect if a certain window is open, and if so, it climbs through and begins to undertake its primary objective. This is why software updates are so important!

Some vulnerabilities aren’t found until it is too late. By this we mean that a malicious individual has found a vulnerability before the software developer, and begins to exploit the vulnerability before a ‘patch’ (software update) is released. These are often called “zero day” attacks, where are “zero days” to be able to respond – the problem is already underway.

Malicious software can’t spontaneously appear on a computer. Typically it requires action by the computer user, either by downloading a file from the Internet or via an infect USB drive.

Most malware is spread via the Internet, either as an attachment to an email, or as a download from a website. The first line of defence for all businesses is their staff not downloading or opening a suspect file.

Interestingly, a recent report identified that religious websites are a greater risk for malware than adult websites. The report stated that, firstly religious websites are often poorly secured, and secondly, that the users of such websites are more likely to trust the website due to its subject matter. Adult websites on the other hand are, mostly, legitimate businesses, meaning that security can be of more importance to the firm on behalf of their customer.

It is for the reasons above that a variety of steps need to be taken by a business to reduce the risk of a malware infection. These include:
• Anti-malware software installed, properly configured and up-to-date
• Annual staff awareness training with a focus on malware
• Configuring computers to require user prompts before software can run
• Ensuring computer users are not working on administrator accounts

With staff awareness training lacking, anti-malware software is often our single greatest hope to defend against this risk.

But… if the anti-malware software isn’t installed correctly it can’t do its job. This requires a business to firstly verify the software is installed correctly from day one, and secondly that they verify at regular intervals that the software remains up-to-date and properly configured.

The way that most anti-malware software works is through “signature” recognition. The creator of the anti-malware software finds a new virus in the wild and, metaphorically, ‘takes a photo’ of it. This photo is called a ‘signature’. The anti-malware software developers then push this signature to its software. If your computer sees the signature, it rejects the file, as it knows it is a bad file.

Unfortunately, malware creators known this, too. It means they have to keep creating variations of their software, with different signatures. The more new signatures, the harder it is for the anti-malware software developers to keep up, and the more chance it is that the malware will infect your computer.

It is for this reason that defending a business against malware must be taken seriously, and that a business should not simply rely on anti-malware software alone.

Unfortunately, the only true defence against malware is constant human diligence. If the malware doesn’t reach your computer, it’s unlikely to be able to infect you.

Source: Berea Group.

Tags: , , , , ,


* Optional information


pk partnership standard life