Malware is the broad category name for harmful code used in cyberattacks that affect laptops, desktops, servers, mobile devices, and, more recently, IoT devices.
Let’s Define Malware
The list of malicious attacks that fall under the category of malware is extensive – and it keeps getting longer and longer. While the first samples of malware started as viruses, it now comprises major types such as worms, Trojan horses, spyware, adware, rootkits, botnets, and ransomware.
Many subtypes exists as well, while some samples of malware can be categorized under multiple classifications based on what it is designed to accomplish and how. The categories list above are helpful guides to discuss the topic of malware and provide a framework to discuss its capabilities and intent.
While there are many different types of malware, with unique characteristics and goals, there are seven key traits that are common to almost all malware:
- Cyberattackers that use malware have a single goal in mind – and they are using malware as the primary mechanism to achieve their specific outcome.
- Each type of malware gains entry to a system or device differently, typically without the knowing consent of users.
- Each type of malware exhibits different behaviors once it is on a system, depending on the programming code developed by the attacker. The threat may spread, replicate, harvest, spy, or harm as it executes its code.
- Different behaviors present different levels of risk, depending on the ultimate intent.
- All malware requires interactions, either with a user or a machine, in order for the attack code to execute.
- Almost every malware attack today results in a remote connection back to the attacker, who may initiative further, more complex maneuvers.
- Malware continues to evolve in technological complexity and egregious intents at an aggressive pace.
As seen in these industry statistics, malware as a whole is pervasive and costly – and almost every company is a victim.1
$2.4 million spent, on average, defending against malware
50 days pass, on average, resolving a malware attack
250K new samples of malware are discovered every day
Carbon Black’s data found that malware was at the root of 48% of all cyberattacks in 2017. However, of all the malware in use today, ransomware is the one that is of the most concern for every security professional in companies large and small. Here’s why:
Cybercriminals are very successful at using malware to achieve their goals for the simple reason that most traditional antivirus tools use static analysis as a primary security tactic. However, these tools only can identify known samples – and today, with the rapid development of new malware every day, the majority of it now appears as unknown files. Attackers use various techniques like packing, or compressing, to change aspects of the malware so it looks different than known threats. As such, the attacks easily slip through antivirus defenses.
This is where next-generation endpoint security – and behavior analytics – comes in. The good news about malware is that how it operates within a system or device will eventually appear different than normal user behavior. Therefore, with big data and machine learning zeroing in on anomalies, potential malware can be identified as out-of-the-norm and potentially malicious.