The modern world is characterized by a high level of informatization in human activity. Information technology (IT) is used in the economy, healthcare, law enforcement, government, and many other important areas. As a result, the quality of decisions made by various individuals and the effectiveness of activities largely depend on the use of technology. A large amount of information that organizations utilize requires protection from attackers. For this reason, an essential part of the activities of any enterprise should be aimed at maintaining and protecting its information systems (IS). This paper examines threats from malware, its types, and the risks it poses. Since malware is a rather extensive concept, it has various forms and brings different damage. Although there are many measures and practices to prevent such attacks, organizations should have a plan in case computer becomes affected and be able to remove malware from their systems.
Network Attacks in Today’s Technological World
Knowing and understanding malware is a step toward being able to protect IS from it. The concept of malware (short for “malicious software”) is an umbrella term that includes any software created to harm other software or hardware or use for the benefit of an attacker (Regan & Belcic, 2021). It consists of code created by cybercriminals and is often sent as a link, email, or file that needs to be opened (“What is malware?” 2021). A distinctive feature of malware is the malicious intent of those who use it, and it can be not only widely known viruses but also other types of codes and programs. The peculiarities and diversity of malicious software justify the difficulties in protecting against it.
There is an almost half-century history of development behind modern malware. The idea of a self-replicating program arose back in 1949, its first implementation occurred in the 1950s, but Creeper Worm, the experimental program that appeared in 1971, is considered to be the first virus (Love, 2018). The first programs were relatively primitive, and they could only be distributed using diskettes. However, as networks and the Internet developed, malware developers improved them. Modern malware brings vast losses, and the number of constantly improving cybercriminals’ attacks is increasing.
The creation and use of malware occur with specific goals that attackers want to achieve. While the first such programs were created as an experiment or entertainment, modern harmful programs are used to benefit their creators. According to Regan and Belcic (2021), malware goals and developers are correlated. They presented the following reasons for such software use:
- Data theft can involve actions ranging from redirecting people to different websites to stealing logins and passwords for later sale to other criminals.
- Corporate espionage is the company’s theft of classified data from competitors.
- Cyberwarfare or international espionage involves the use of malware by governments against other countries.
- Sabotage is most often aimed at causing losses, causing material damage, up to the closure of the company.
- Extortion occurs when criminals encrypt data necessary to the organization and demand a ransom for decrypting it.
- Surveillance: law enforcement agencies can use malware to monitor suspects and collect information.
- DDoS (distributed denial of service) attacks are used to overload servers using a network of computers controlled by a cybercrime.
- Mining cryptocurrency: criminals use the computers of victims to gain benefits through cryptocurrency mining.
Based on the listed goals pursued by attackers, one can assess the risks and dangers posed by malware. Loss of privacy from data breaches, possible financial losses for both organizations and individuals due to leaks and extortion are only part of the consequences. Such software is also dangerous for the computers’ performance, slowing down and disrupting its operations, retarding browsers, creating problems when connecting to the network, and leading to a failure of all systems (“How does malware impact,” n.d.). At the same time, malware can go unnoticed for a long time, increasing the damage caused until the situation becomes critical.
Depending on the purpose for which the program was created, the principle of its operation and type may differ. Most malware hides on users’ devices and secretly collects information or opens access to intruders. However, there are programs in which the kind of distribution is significantly different – infectious software, for instance, worms and viruses (Fruhlinger, 2019). The worm actively copies itself and spreads, and the virus is embedded in the victim’s software and thus infects other systems. Details on different types of malware are following:
- Viruses are a piece of code that embeds itself in other software and changes it for malicious purposes.
- Trojans are software disguised as licensed, which penetrates the system and installs malicious software.
- A worm is a self-replicating program that distributes itself independently on a computer.
- Spyware is a program that hides and steals personal data. Its subspecies – keyloggers record keystrokes to find out bank data, logins, and passwords.
- Ransomware is a program that blocks a computer or files, threatening to delete indispensable data until the owners pay a ransom.
- Adware – distributes ad spam, which can make the device vulnerable to other malicious software.
- Scareware – scares device owners to install malware, for example, saying that the system has a virus and the solution is a new installation.
- Botnets, although not software, but a network of computers infected with a virus, are used for DDoS attacks.
- Rootkits hide in the system and give the attacker full administrative access.
- Cryptominer – uses the victim’s device to obtain cryptocurrency.
- Logic bombs are fragments of code that are only started after specific actions.
Methods to Protect a System Against Malware
Given the harm caused by malware, its complexity, and its various types, it is vital to protect against all potential threats. For this reason, a multi-layered approach is one of the most effective in protecting against threats. Cynet specialists identified several key security components that help secure systems from most malware (“Malware Prevention,” 2020). They include:
- Endpoint protection: protection with antiviruses that detect and prevent malware.
- Control privileges mean controlling access to users, their roles, permissions, and accounts.
- Vulnerability protection includes scanning, detecting, and eliminating possible weaknesses in the system.
- Social engineering protection means training people to use devices correctly and securely to prevent their careless behavior, leading to malware installation.
- Threat intelligence is knowing and understanding the most current threats and updating systems to protect against them.
A multi-layered approach can also be applied to the installation of protective programs. Usually, organizations focus only on Internet firewalls, border protection, not taking care of inside and computer protection (“Protecting against ransomware,” n.d.). Border protection is a firewall that protects the network from Internet threats and controls which sites network users can visit. Inside protection allows the firewall to separate and control access to internal network segments, for example, providing limited capabilities for each department. This layer also includes monitoring and detection of malware through unusual patterns. Finally, computer protection includes antivirus, password use by employees, and personal firewall.
Removable Media Rules
Threats can come not only from the Internet and be transmitted not only over the network but also using removable media. This concept includes external devices that can be connected and removed from a computer like USB drives, smartphones, optical discs, memory cards, and other media. People use them to copy, store, and transfer data, for example, to work outside the office. However, despite their convenience, they carry specific threats – data leakage due to media loss or malware penetration. For this reason, it is critical to follow the rules for using removable media. For example, one can limit their use to a minimum – look for other ways to transfer information, copy only the necessary part of the data, and not use unknown and unreliable media (Strawbridge, 2018). It is also essential to use security software and scan media for potential threats. These measures will help keep networks and devices safe when using removable media.
Cybercriminals constantly improve malware, making it more dangerous and capable of breaching existing protection. Developers of protective software, in turn, do not always have time to change and improve programs to respond to new threats. For this reason, a new method of protection was developed, which adapts independently – heuristic analysis. Standard security software using signature analysis works by comparing codes of usual programs with codes of known viruses (“What is heuristic analysis?” n.d.). Heuristic notes unusual characteristics of even new or old but modified threats.
Heuristic analysis can use various methods to detect new threats. For example, static heuristic analysis finds a suspicious program and checks its source code for similarities with other viruses, and if there is a specific match, it signals a threat. Another technique, dynamic heuristics isolates a potentially dangerous program and allows to model its further development (“What is heuristic analysis?” n.d.). Suspicious actions like changing files or self-reproducing give reason to suspect a threat.
Logs and Audits
The described anti-malware measures are necessary for those who value the security of their data. However, threats can still penetrate devices by breaking through antiviruses and other means of protection. Therefore, it is necessary to use other tools to detect malware, such as logs. This concept implies files in which any event that occurs in the operating system is recorded. Firewall logs are the most convenient for malware tracking, but IDS and IPS logs, web proxy logs, antivirus logs, and operating system logs can also be helpful (“Logs vs bots,” n.d.). Unusual patterns in logs, such as multiple hits on the firewall, can indicate malware activity. Sometimes such analysis is more effective and faster than the work of antivirus.
Additional documentation may be required to ensure that security systems work well – an audit log also called an audit trail. It includes information that tracks access to the system and network, for example, user ID, which files and networks were available, and other data (Walsh, 2018). Thus, the audit log helps track activity that affects the system and its sources to ensure security. The audits’ feature is providing a chronological order of events, which allows track deviations from the norm or non-compliance with any requirements, such as late system updates. Their benefits are also convenience in use for reporting and, as in other logs, hazard tracking.
Expectations for the Install of Malware Protection
The importance of establishing protection against malware pushes individuals and organizations to find the most profitable protection. The time, resources, and costs that should be spent on cybersecurity depend on the goals and scale pursued. For example, individuals may need to purchase, install, and periodically update an antivirus program to protect their personal computers. Large corporations, in turn, may require a set of measures – from establishing the necessary programs to training employees or creating a cybersecurity department.
Cybersecurity requires not only the provision of products such as antivirus programs, firewalls but also services from specialists – vulnerability assessment, individual security planning, and similar measures. Moreover, security software providers use different methods in their work, so their prices and the necessary time to provide products and services are also different. For example, the potential expense of firewalls varies from $400 to $6,000; the antivirus can cost companies from $3 – $5 per user and $5 – $8 per server monthly (“How much does cyber security cost?” n.d.). Thus, the cost, time, and resources are affected by the company’s size, the type of data, services, and products necessary for the customer, the need for professional assistance in installation and audit.
What to Do if Your Computer Becomes Infected
If protective measures do not cope with viruses, they penetrate the device, and actions must be taken at the first signs of infection. The main signals are slowing down the machine, loss of functionality, unexpected pop-ups, strange sounds, changes in files without user intervention, uncontrolled connection to websites, or starting unusual processes (Martins, 2020). Moreover, if the user fails to start or update antivirus programs, this is also a cause for suspicion. Thus, if something on the device happens without user control and does not meet the norm, it is worth checking it on malware presence.
While the best measures are to prevent threats, users should be prepared to address them. After detecting signs of a virus, one should disconnect from the Internet and install an antivirus and scanner. Then it is crucial to start the computer in safe mode to protect during virus removal (“How do computer viruses work?” n.d.). In safe mode, users should delete temporary files and run virus scanning. Depending on the program installed, people take steps to remove or quarantine malware. After uninstalling, one must restart the computer, change passwords, and update software. Users can also seek support from their antivirus providers’ websites, which often present more relevant protection information.
Thus, malware is software aimed at harming systems and devices. Most often, attackers use such software to gain benefits by selling stolen data, theft of corporate secrets from competitors, or other methods. The most common malware types are ransomware, worms, viruses, Trojans, and similar software. They pose a significant threat to both individuals and various organizations, as they violate the privacy of life, bring losses, and harm reputation. Many measures can protect against malware, and their choice depends on the size of the organization, its resources, and the data that needs to be protected. Individual users should pay attention to minimal protection as a purchase of antivirus, and large companies should use a multi-layered approach. At the same time, protective measures can still overlook malware, as it is constantly being improved. For this reason, users must be prepared to take action to address threats and remove them.
Fruhlinger, J. (2019). Malware explained: How to prevent, detect and recover from it. CSO.
How do computer viruses work? (n.d.). Kaspersky.
How does malware impact your computer’s performance? (n.d.). DiGiViE.
How much does cyber security cost? Common cyber security expenses & fees. (n.d.). Proven Data.
Logs vs bots and malware today. (n.d.). Netsurion.
Love, J. (2018). A brief history of malware — its evolution and impact. Lastline.
Malware prevention: A multi-layered approach. (2020). Cynet.
Martins, A. (2020). How to tell if your computer is infected and how to fix it. Business News Daily.
Protecting against ransomware with layered security (n.d.). Impact Advisors.
Regan, J., & Belcic, I. (2021). What is malware? The ultimate guide to malware. AVG.
Strawbridge, G. (2018). How to manage the risks of removable media. Meta Compliance. Web.
Walsh, K. (2018). Audit log best practices for information security. Reciprocity.
What is heuristic analysis? (n.d.). Kaspersky.
What is malware? (2021). Forcepoint.