Cyberattacks and malware are one of the biggest threats on the internet.
Here is Part 3 of information necessary to learn about the different types of malware – and how to avoid falling victim to attacks.
Do only Windows PCs get malware?
There was a time when many naively believed that it was only Microsoft Windows systems that could fall victim to malware. After all, malware and viruses had concentrated on these, the most common computer systems, while those that used other operating systems were free of its grasp. But while malware still remains a challenge for Windows systems — especially those running older, even obsolete versions of the OS — malware is far from exclusive to Microsoft PCs
Mac malware
For many years, a myth persisted that Macs were completely immune to malicious infection. Over the course of the 90s, there were some forms of malware that did infect Macs, despite primarily being designed for Windows systems. The likes of Concept and Laroux were about to infect Macs using Microsoft office programs.
However, by the mid-00s, attackers had started building forms of malware specifically designed to target Apple Macs, and now, while Windows machines bear the brunt of computer and laptop based malware attacks, Macs are now regular targets for cybercrime.
It’s now normal for backdoors trojans, compromised software downloads, and ransomware attacks targeting Mac systems to be uncovered by cybersecurity researchers.
What is mobile malware?
The rise of smartphones and tablets over the last decade has fundamentally changed our relationship with the internet and technology. But, like any form of new technology, criminals soon realised that they could exploit smartphones for their own illicit gain — and these mobile devices not only contain vast amounts of personal information, they can even allow hackers to monitor our location.
If there’s a type of malware that can infect computers — be it a trojan, ransomware, information stealer, or pop-up adware — then criminals have been working on malware threats that can carry out the same tasks on smartphones.
The amount of data carried on mobile devices makes them an even more valuable target for hackers, particularly if a sophisticated hacking group, or a state-backed espionage operation is looking to compromise a particular target for the purposes of spying.
The inherent abilities of a smartphone mean it’s ultimately possible, with the use of the right malware, for those groups to physically locate targets or even listen into conversations and take photos of them using the microphone and camera capabilities built into phones.
Unfortunately, many people still don’t realise their mobile phone is something that can fall victim to cyberattacks — although they can be protected by good user practice and mobile antivirus software.
What is Android malware?
Android phones suffer the majority of malware attacks on smartphones, with Google’s larger share of the mobile market and the open nature of the ecosystem making it an attractive target for cyber criminals.
Attackers can infect their targets by tricking them into downloading malicious applications from third-party stores and malware has often found its way into the official Google Play application market place.
These malicious apps are often designed to look like original useful tools or games or in some cases mimic legitimate apps outright — as demonstrated by a fake version of WhatsApp that was downloaded over a million times.
However, while the Google Play store has been used by hackers to distribute Android malware, more sophisticated campaigns will socially engineer selected targets into downloading malware for the purposes of espionage onto their device.
Can my iPhone become infected by malware?
When it comes to iPhone, the ecosystem is much more heavily protected against malware due to Apple’s closed garden approach to applications.
However, while malware on iPhones is rare, it isn’t an unknown entity — hacking gangs have found ways to compromise the devices of selected targets in espionage campaigns, such as those who exploited the Trident vulnerabilities to install Pegasus spyware to spy on human rights activists in the Middle East.
What is Internet of Things malware?
As the rise of malware on mobile devices has demonstrated, if something is connected to the internet, it’s a potential avenue of cyberattacks.
So, while the rise of Internet of Things connected devices has brought a number of benefits to users — in industry, the workplace and at home — it too has opened doors for new cyber criminal schemes.
The rush to jump on the IoT bandwagon means that some devices are rushed out with little thought put into cybersecurity, meaning it remains relatively simple for hackers to infect connected devices, ranging from industrial control systems, to household products to even children’s toys.
One of the most common means in which the insecurity of IoT devices is exploited is with malware attacks that secretly infect products and rope them into a botnet.
Devices like routers, smart lighting systems, VCRs, and surveillance cameras can all easily become infected and the eventual damage can be spectacular — as demonstrated by the online chaos caused by the Mirai botnet DDoS attack.
The network of Mirai-infected devices consisted largely of IoT products and was so powerful that it brought large swathes of the internet grinding to a halt, slowing down or outright preventing access to a number of popular services.
While devices infected with Mirai continued to operate as normal, that wasn’t the case for those who found their IoT products infected with BrickerBot, a form of IoT malware that resulted in Homeland Security’s Cyber Emergency Response Team (CERT) issuing new warnings. Devices infected with BrickerBot have their storage corrupted, leading them to be completely unusable and irrecoverable.
Just like mobile phones can be turned into surveillance devices by hackers, the same can be said of internet-connected cameras in the home. There has already been a number of instances where IoT camera security has been found to be so basic that malware has infected large numbers of devices.
Unlike mobile phones, IoT devices are often plugged in and forgotten about, with the risk that the IoT camera you set up could become easily accessible to outsiders — who could potentially use it to spy on your actions, be it in your workplace or in your home.
Such is the extent of the security worry with the IoT, police have warned about the threats posed by connected devices, while government bodies are working towards ways of legislating IoT devices sooner rather than later, so we’re not left with a toxic legacy of billions of devices that can easily be infected with malware.
Malware as a tool for international cyber warfare
With malware’s offensive capabilities evident, it’s no wonder it has become a common tool in the murky world of international espionage and cyber warfare.
It’s especially useful for those involved in the game of geopolitics because currently, unlike the case with conventional weapons, as yet there are no rules or agreements detailing who can and can’t be targeted by cyber weapons.
That attribution of attacks remains so difficult also makes cyber espionage a crucial tool for nation-states who want to keep their activities under wraps.
Stuxnet is generally regarded as the first instance of malware designed to spy on and subvert industrial systems and in 2010 it infiltrated Iran’s nuclear program, infecting uranium centrifuges and irreparably damaging systems. The attack slowed down Iran’s nuclear ambitions for years.
While no state has officially taken credit for the attacks, it’s believed Stuxnet was the work of US and Israeli cyber forces.
Since that first instance of publicly reported malware attacks by nation states, cyber warfare has become a tool used by governments around the world. It’s widely suspected that nation-state actors were behind attacks against a Ukrainian power plant, but it isn’t just physical systems and infrastructure which are targets for cyber warfare.
Meanwhile, actors on all sides of diplomatic divides continue to undertake cyber espionage campaigns against potentially useful targets.
How do you protect against malware?
Some of the most basic cybersecurity practices can go a long way to protecting systems — and their users — from falling victim to malware.
Simply ensuring software is patched and up to date, and all operating system updates are applied as quickly as possible after they’re released, will help protect users from falling victim to attacks using known exploits.
Time and again, delays in patching have led to organisations falling victims to cyberattacks, which could’ve been prevented if patches had been applied as soon as they were released.
One of the reasons the UK’s National Health Service was so badly impacted by the WannaCry outbreak was because, despite warnings that they should be applied, vast swathes of systems hadn’t been patched weeks after a security update for protecting against the EternalBlue exploit was available.
It’s also common for cyber espionage campaigns to leverage exploits for which fixes have long existed and still successfully compromise targets — because nobody bothered to apply the patches. The lesson to be learned here is that sometimes it might seem time-consuming and inconvenient to apply patches — especially across a whole network — but it can prove to be an effective barrier against malware.
Installing some form of cybersecurity software is also a useful means of protecting against many forms of attack. Many vendors will update their programs with new threat intelligence, which is applied to scan for and detect new malware on a weekly or even daily basis, providing as much protection as possible from malware, should something attempt to break into the system.
For example, visitors to watering-hole sites should be protected from attacks, while suspicious or dangerous files received via email can be quarantined.
User training should also be offered in order to ensure everyone using your network is aware of the cyber threats they could face on the internet.
Teaching users about safe browsing and the dangers of phishing emails, or to be wary of what they download and click on, can help prevent threats from getting to the point of even being downloaded. Users take a lot of criticism from some as a weakness in cybersecurity, but they can also form the first line of defence against malware attacks.
