How malware gets into your devices?

 

Imagine, you have receive a message like, you are debited some amount from your bank account to an unknown account without your knowledge. These type of situations are arrive due to the malware. Do you know how it gets into your devices? How it accesses your data? And how you can prevent it?

                                   (Pic Credits: PCH Technologies)

Malicious Software:

Malicious Software (shortly known as Malware) is the harmful software which performs without permissions on the devices and allows hackers to get your data.It is often created by teams of hackers: usually, they’re just looking to make money, either by spreading the malware themselves or selling it to the highest bidder on the Dark web.

Different types of malware are commonly described as viruses, worms, Trojans etc. These terms corresponds to the functionality and behavior of the malware. Experts usually group malware into two categories:

·        Family: It refers to the distinct or original pieces of malware.

·        Variant: It refers to the different version of the original malicious code, or family, with minor changes.

Working of Malware:

Malware is able to compromise information systems due to a combination of factors that include insecure operating system design and related software vulnerabilities. Malware works by running or installing itself on an information system manually or automatically. Software may be improperly configured, have the functionality turned off, be used in a manner not compatible with suggested users or improperly configured with other software. All of these are potential vulnerabilities and vectors for attack. Once the vulnerabilities are found, malware can be developed to exploit them for malicious purposes before the security community has developed a fix, called as patch.

Social Engineering:

Social Engineering is a technique designed to manipulate users into providing information or taking an action which leads to the subsequent breach in information systems security. Social Engineering, in the form of e-mail messages that are intriguing or appear to be from legitimate organisations, is often used to convince users to click on malicious link on download malware.

                                     (Pic Credits: SearchSecurity - TechTarget)

History of Malware:

Viruses and worms date back to the early days of computer when most viruses were created for fun and worms were created to perform maintenance on computer systems. Malicious viruses did not surface until the 1980s when first PC virus, Brain (1986), appeared and propagated when the user booted up their computer from floppy disk. In 1988, the Morris worm received significant media attention and affected over 6000 computers.

The so-called big impact worms began to reach the public in novel ways. The increased use of e-mail brought high profile mass-mailer worms such as Mellissa (1999), I Love You (2000), Anna Kournikova (2001), SoBig (2003) and Mydoom (2004). Between 2000 and 2010, malware grew significantly, both in number and in how fast infections spread. Although, Cabir Virus (2004) caused little if any damages, it is noteworthy because it is widely acknowledged as the first mobile phone virus. Koobface Virus (2005) is one of the first instances of malware to infect PCs and propagate to social network sites. If you rearrange letters “Koobface”, it results “Facebook”. The virus also targeted other social networks like Twitter.

Between 2010 and present time, we’ve again observed significant evolution in the sophistication of malware. Some notable varieties of malware like Stuxnet (2010), Zeus (2011), Cryptolocker (2013), Backoff (2014), Wannacry Ransomware (2017) were had a major impact between 2010 and today. Organized crime and state sponsors upped the game dramatically with large, well-funded development teams.

Exploiting a vulnerability first uncovered by the National Security Agency, the WannaCry Ransomware brought major computer systems in Russia, UK, China, and the US to their knees, locking people out of their data and demanding they pay a ransom or lose everything. The virus affected at least 150 countries, including hospitals, telecommunications companies, banks, warehouses and many other industries.

Emotet (2018) is a Trojan that became famous in 2018 after U.S. department of Homeland Security defined it as one of the most dangerous and destructive malware. The reason for so much attention is that Emotet is widely used in cases of financial information theft, such as bank logins and cryptocurrencies.

LockerGoga (2019) is a ransomware which involves malicious emails, phishing scams and also credentials theft. LockerGoga is considered as a very dangerous threat because it completely block victims access the system.

Fear in relation to the Coronavirus (COVID-19) has been widely exploited by cybercriminals. CovidLock ransomware is an example.The problem is that, once installed, CovidLock encrypts data from Android devices and denies data access to victims. To be granted access, you must pay a ransom of USD 100 per device.

Origin of Malware attacks:

Origin refers to both where the attackers who launch the attack are based and where the computer systems that actually attack the targeted system are located. In most cases, it is easy to see where the attacking computer systems are hosted based on their IP addresses, but this is not usually sufficient to identify the person responsible to identify the person responsible for launching the attack.   

Spoofing:

Spoofing is a technique designed to deceive an uninformed person about the origin of, typically, an e-mail or a website. When spoofing is used, identifying the source IP address of an e-mail or website is usually a futile effort. It is possible to spoof the source IP address of an IPv4 datagram, thereby making real identification of the source IP address much more difficult. It should be noted that this is often not required for an attack to succeed or can be counter-productive for the attacker if the objective is to steal data from a computer.

Botnet: 

A botnet is a group of malware infected computers also called “zombies” or bots that can be used remotely to carry out attack against other computer systems. Here, the term “Bot” refers to a malware infected computer that a malicious actor can control remotely and turn into a “robot” or zombie machine. Bots are generally created by finding vulnerabilities in computer systems, exploiting these vulnerabilities with malware, and inserting malware into these systems. Botnets are maintained by malicious actors commonly referred to as a “bot herders” or “bot masters” that can control the botnet remotely. 

Ways to prevent from malware:

                                         (Pic Credits: Autodesk's Redshift)

·        Safeguard your data: Whether the data is stored in the cloud, on premise, or on devices, it is important to have the appropriate protection in place you can secure it and recover it.

·        Secure your devices: Security services must be in place to protect devices. Device protection should include antivirus, patch management, regular vulnerability scans, secure web gateways, and web server hardening.

·        Regularly update software: It is vital to ensure that your software is regularly updated to stop attackers gaining the access to your devices through vulnerabilities in older and outdated systems.

·        Don’t click on suspicious link: Phishing remains the easiest way for hackers to install malware on your devices.

·        Only buy apps from trusted sources: It reduces the chance of your device being infected with malware. Big brands will take care to ensure that they do not damage their reputation by distributing malware.

·        Install Firewall: It prevents malicious attacks by blocking all unauthorized access to or from a private computer network.

  M.Naveenkumar

 

 S.Sakthikumar