The Most Common Enterprise Malware and how to identify them
If you are responsible for your enterprise’s cyber security, then it will always pay to stay updated on the latest varieties of malware trends.
Businesses lose billions every year due to phishing and advanced ransomware attacks. Entrepreneurs should apprise themselves of the top malware attacks affecting their business data.
Phishing attacks are disguised attacks that target a victim’s digital subscriptions and services. These attacks resemble authentic services and use various pretexts to trick the victim into sharing their security details.
All this is done by pretending to be someone else, keylogging, or using a facsimile of the original service. Modern phishing attacks are attacking businesses by targeting supposedly secure cloud servers and applications.
$150 was the average cost of every record a business lost to a phishing attack; $3.92 was the average cost of every phishing breach.
75% of organizations across the globe faced phishing attacks in 2020. 96% of these attacks seeped in via email communications.
These malware attacks have become sophisticated, multi-stage operations that can bring an enterprise down to its knees, especially when they go undetected.
Advanced ransomware attacks
Ransomware attacks have become extremely commonplace in the business IT domain. These types of attacks break into the victim’s systems and encrypt them with a key.
The key is held at a ransom, which requires the victimized organizations/individuals to pay heavy returns for release. As per a recent survey, 37% of total business enterprises are affected by ransomware attacks.
Sadly, business organizations are not the only target. The scope of ransomware attacks extends to digital portals and services belonging to national and state authority bodies.
The ‘RobinHood’ ransomware took the city of Baltimore by storm. It wiped out tax collection data, property transfer information, and government email communications. The town had to incur a cost of $18million as a result of this typical malware attack.
Businesses need to be sceptical about ransomware because it can spread via emails, like phishing attacks. Hence, organizations must exercise better control over how employees access their online business data.
Network perimeter and endpoint intrusion
The scope of your business network must have all access points under supervision. Such surveillance will help stop any form of unauthorized entry in its tracks. Unfortunately, with the ongoing COVID-19 pandemic, scrutinizing network perimeter and endpoint intrusion have become monumental tasks.
As businesses are relying on the work-from-home model, employees are using personal devices to work remotely. This working model has exposed companies to infections residing on employees’ devices.
These external access points are on unsecured connections, making them further vulnerable to top malware, which puts their employer’s business servers and data at risk.
Many businesses have made the novel decision to adopt the remote working model as it has proved to be highly productive. However, this only increases the risk by reducing the endpoint security businesses have on their applications and servers.
Deepfake technology uses Artificial Intelligence to fake someone’s identity in a digital format. Deepfake content is widely seen within the entertainment industry, media-oriented social networking applications, amongst other places.
What if someone poses as one of your executives, or even as you, to misuse personal information? The biggest concern is that Machine Learning helps AI mimic newer identities from new images and videos. Hence, deepfake activities cannot be replaced by switching out the person’s physical identity as the malware is adept at readapting.
Deepfakes have gained popularity with the circulation of AI-based applications, commonly used for casual and consumer use.
2020 was an election year, and it saw deepfakes spreading political misinformation. The AI-based augmentation has made it possible for hackers to use self-educating viruses to automate attacks with minimal code.
APIs are at the core of today's digital services. Web2.0 has ushered in API-driven architectures in web-based software systems that demand rapid scalability.
However, catering to millions of users at once stretches your cyber security thin. Today, everything from our essential on-demand services to the CMS apps on our phone feature a wide array of APIs.
As an intermediary between web portals and apps, APIs form a bridge between malware on the internet (including the apps residing on the client's server and devices) and your data repository and web processes. The only saving grace against these types of attacks is deep learning and AI-based countermeasures. However, they are a little further away from becoming real-time countermeasures.
Recently, the Astaroth info-stealing attacks became a hot topic of discussion. It is an information-thieving malware that does not require a single file to breach your business systems. Astratoh is not alone; it is aptly named after a biblical character from hell, representing a new breed of cyber threats: fileless malware.
Fileless intrusion tactics like Astratoh do not feature on security sweeps due to the absence of their digital footprint. They attack a server’s Alternate Data Streams (ADS) and hide their payloads from detection.
Astaroth relies explicitly on an attack vector called ExtExport.exe to deliver its payload. Microsoft reports that these attacks can originate with phishing emails, malicious scripts, etc., and can systematically take down horizontal or vertical infrastructure.
Malvertising is when a virus hides behind a legitimate ad displayed over the web to deliver common malware to the target system. Sometimes hackers rely on well-placed ads in standard platforms such as Facebook and even Google searches to infect your computer. These viruses have worm-like properties; once installed, they can run automated ads by the dozen to crash your system.
The problem with malvertising is that it masks a wide variety of attacks. The goal of hackers here is to generate money either by passive or active cyberattacks.
Therefore, malvertising delivers worms, trojans, adware, phishing attacks, crypto mining scripts, and banking trojans. Even the ad generation networks and software fall victim to these attacks since they help the malware reach millions of user systems at once.
Beyond these threats, experts predict that there are other types of upcoming cyberthreats. Supply chain and third-party attacks focus on non-IT digital services, such as Healthcare, broadcast, automotive, etc.
2021 witnessed one of the most depressing attacks where Oldsmar, Florida, USA’s water supply was hacked and spiked with lye. There are significant concerns across the globe as hackers continue to interfere with real-time systems. This interference is leading to an increase in attacks on civic infrastructures that use digital systems.
Finally, the rising geopolitical tensions are a massive motivating factor fueling international cyberattacks. In a scenario where data is at the core of every operation, businesses must take preemptive action against malware that threatens their digital activities and the customers' safety.