In the world of cyber security, there are a lot of different words that are used to describe the different types of threat. Ransomware, worms, cryptojacking? Does anybody know what these terms mean? Just in case you don’t, here’s a primer on malware.
Oh, BTW, malware is a blanket term that refers to any software that is installed on a user’s computer or network without his or her consent, for a malicious purpose. So, it includes ransomware, spyware, adware, viruses, worms, keyloggers, trojans and rootkits, and cryptojacking. Those are the types of malware that are commonly known. The fact is that hackers are developing nastier malware every day. Most would fall within the categories listed.
Trojans and rootkits are related in that they are both ways of hiding malware on your computer.
Trojans are by far the most common type of malware. Fully 70% of malicious software identified on computers around the world are trojans. A trojan horse (or trojan) is a piece of malicious software that is packaged as a legitimate application. You would usually download and install it willingly, thinking it’s something useful. It may even do what it says it does. However, in the background, it’s corrupting your system, stealing data or otherwise altering the way your system is supposed to function.
Rootkits are specifically designed to mask the existence of other malware on your computer. A rootkit by itself doesn’t hurt your systems, but it makes it harder to pinpoint and remove other malware.
Viruses and worms are both types of malware that replicate themselves and attempt to spread from one computer to another.
Computer viruses have been around almost as long as personal computers, and they are the first cyber threat that came to prominence worldwide. A virus is a piece of software that you can accidentally pick up by visiting the wrong website, plugging in infected media (like a flash drive or CD ROM) or opening an infected attachment in an email. Typically, the virus will infect particular files in your system, and will be spread when you email those files to other users. Some viruses harmlessly replicate, while others can do major damage.
A worm differs from a virus in that it doesn’t need a host file to replicate itself, and it doesn’t require the user to run a program in order to infect that user’s system.
Spyware and keyloggers are malicious programs that install themselves on your computer and then watch for valuable information. A keylogger tracks every keystroke while you’re using your device. So you can imagine that at a minimum, it’s a good way for bad dudes to steal passwords, and use them to steal money or steal your identity for other purposes. Spyware can also monitor your conversations online, your calendar etc. Hackers can use this information to better disguise other attacks. For example, if a hacker uses spyware to learn that you’re working on a big contract with a client, including dates and financial details, the hacker can then send an email to your client pretending to be you, asking for payment of a credible amount of money for a real project, at about the time when payment would be due.
Ransomware is probably the most disruptive type of malware for a business. The program is designed to encrypt all your data, freeze you out of your own system, and then only let you back in after you pay a ransom, usually in bitcoin (more on bitcoin below).
(Deep breath, everyone. Cryptojacking is related to cryptocurrencies like bitcoin, which themselves are challenging to understand. We’ll try to explain the basics.)
People who mine bitcoin are literally making money. Cryptocurrencies are generated when computers solve incredibly complex mathematical puzzles. This is called cryptocurrency mining. So, for example, you might hear that someone is ‘mining bitcoin’. It takes an incredible amount of computer processing power to mine a bitcoin, but one bitcoin is worth about $5,000, so hackers use cryptojacking technology to hijack your system’s processing power.
Cryptojacking software installs itself on your computer or network for the purpose of using your computers’ processing power to mine bitcoin or other cryptocurrencies.
The big downside to a cryptojacking infection is that because it is using your system’s processing power to mine bitcoin for the bad guys, you have less processing power to carry out your business operations. If you’re infected, your systems will slow down or in some cases they will not work at all.
If you had to choose one type of malware to infect your systems, it would probably be adware. Adware is annoying, to be sure, but the only negative impact is unwanted pop-up ads.
Phishing isn’t a type of software. It’s a method used by cyber criminals to either steal your money, steal your passwords, or infect your system with malware. A phishing attack can be an email or a message via social media that urges you to do something. A Nigerian Prince needs money, or “clicking on this attachment will win you a $100 gift card”, or “Please verify your Google login credentials”. More sophisticated phishing attacks use information that hackers have gathered about you (perhaps using spyware) to make the message look more legitimate. You may get a message that looks like it’s from your boss, asking you to send an e-transfer to a vendor.
Most of the above programs are related, and there is a lot of cross-over. Spyware could be self-replicating, so it could also be a virus or worm. A virus can be a trojan in that it’s masquerading as something it’s not. Same with ransomware. Hackers use these malicious programs in a number of combinations and configurations to derive maximum benefit for them and/or wreak maximum havoc for you.
There are a number of things your business can do to protect itself from malware. All devices on your network should have anti-malware software installed, and it should be updated regularly. You should also have a firewall that shelters your network from the larger Web, blocks suspicious content, and prevents users from visiting certain groups of websites that are known to be sources of malware. The other critical piece is training your staff to identify suspicious emails that might get through the firewall, and never click on a link or attachment unless they are 100% certain that the email is legitimate.
Of course, in our highly connected world, it’s impossible to filter out all malicious content. Mitchell & Whale works with the best cyber insurers in the world to offer state-of-the-art cyber insurance products that protect your business in the event that your systems become infected, and your business and customers are put at risk. Call us today for quote.
Want to add to this story? Let us know in comments below! Mitchell & Whale is a fast-growing insurance brokerage in Ontario, striving to make insurance _not suck_ one customer at a time. Give us a call today to discuss any of your insurance needs at 1.800.731.2228.