How to Prevent Malware Attacks
Malware is probably the cyberthreat non-cyber security professionals know best. Its visibility is due to its success: Malware is a ubiquitous and ever-evolving danger to computers, networks, and organizations worldwide. In 2019, experts identified around 150,000 new malware variants. By 2020, that number jumped to 270,000. The threat posed by malware grows every year, so security teams must learn the latest on how to prevent malware attacks.
This article will explain what malware is, review the different types of malware, provide some recent examples of malware attacks, and give you an up-to-date list of malware prevention tips.
Jump to a section…
What Is Malware?
Malware is malicious software used by cybercriminals to disrupt, damage, or exploit an endpoint or network. Malware can be used to steal or destroy data, encrypt information, spam users, spy on users, extort money, take over a system, or change how a system works. Malware can access computers or networks using various methods, including infected email attachments, advertisements, applications, and websites.
Before we dive into the ways to prevent malware, let us look at the different types of malware.
What Types of Malware Are There?
The list below covers the significant categories of malware that all cybersecurity professionals should know.
Viruses: The classic form of malware, viruses function much like their biological namesake. They can infect an endpoint, proliferate throughout the system, and change how it works. They can also multiply and spread from system to system in a network.
Worms: Worms behave much like viruses, infecting, multiplying, and spreading through network endpoints. Unlike viruses, they do not need to be attached to a program or activated by a user to metastasize — an attribute that makes them particularly destructive.
Ransomware: This increasingly popular malware uses encryption to block legitimate users from being able to access their systems, devices, or information. The attacker will only return control to the rightful users only if their demands are met. To add pressure, cybercriminals often threaten to destroy or release the data.
Spyware: This is malicious software that can steal data and monitor user activity, like specific keystrokes. Spyware can also tap into computer cameras and microphones. The data gathered using spyware could be valuable or could help break into the system — for example, when log-in information is stolen.
Adware: While not as dangerous as the other types of malware on this list, adware can cause a high degree of frustration. Once adware infects a computer, the user’s online activity data is compromised and used to force the user to view advertisements.
Trojans: Like the battle strategy of legend, trojans disguise themselves as something a user wants, like a software update, to gain access to a system. This can open the gates to additional cyber attacks like ransomware or spyware.
Rogueware: Much like trojans, rogueware lures users into comprising their systems through a ruse. In this case, the counterfeit is a malware alert. Once the user clicks on this notice, the device is infected.
Knowing the different types of malware is just the starting point for ensuring overall network security. Watch our webinar Zero Trust: The Most Overused, Misused & Abused Cybersecurity Phrase Today for actionable advice on prevention and protection.
Examples of Malware Attacks: Ransomware
As we mentioned above, the use of ransomware in malware attacks has snowballed in recent years. Statista reports that there were 304M ransomware attacks in 2020 — up from 184M in 2017. Here are a few ransomware attacks that have grabbed headlines:
- Hades ransomware struck three major organizations since December 2020.
- DarkSide ransomware attacks shut down Colonial Pipeline in May 2021.
- A Conti ransomware attack blacked out the Health Service Executive’s IT systems in May 2021.
- The ransomware group Babuk hit Houston Rockets in April of 2021.
Ransomware attacks have become adept at disabling the security software running inside target endpoints. This was particularly notable in the Hades cases, where the malicious actors knocked out both the antivirus and the endpoint detection & response (EDR) software that was in place. As we will cover later in this article, this is an important reason why it is essential to include edge protections in your security stack that are unable to be corrupted by infected endpoints.
How to Prevent Malware Attacks
Cyber security professionals should use security software, strong password practices, multi-factor authentication, employee education, and microsegmentation technologies to protect their organization from the spread of malware. They should also enforce safe browsing and email client use, keep IT systems and software up to date, and eliminate unused programs. Malware prevention is a full-court press, requiring several elements working in tandem to maximize protection.
Now, let us take a look at each of these malware prevention best practices in turn.
Use security software: Security software is an essential part of your malware defense, but not the only one. Anti-malware, anti-ransomware, and newer technologies like MDR/XDR help detect threats and protect your devices. Your tools should safeguard browsers, endpoints, servers, and network from compromise.
Implement anti-lateral movement: When ransomware makes it through all your other defenses, and eventually it does, one of the first things it does is to look for other devices to attack. If the malware evades the first device, it is likely to spread to all the other devices on the network. Using anti-lateral-movement technology (like Byos) stops devices from being able to spread the malware across the network. Obviously, it is much easier to recover from one device being ransomed vs. bring down your entire network.
Use strong passwords and secure authentication: Make sure you employ best practices for password construction. Passwords should be longer than eight characters and use various letters, numbers, cases, and symbols. Your password should be unique and refreshed regularly. They also shouldn’t be recorded anywhere that is discoverable. Because managing all this data can be a headache, considering using a password manager to keep your credentials organized.
Also, because even the most robust password can be stolen, use multi-factor authentication to add another layer of security so that privilege escalation can be protected against during the initial stages of a malware compromise.
Educate your users: While not necessarily part of the security team, every user on your network plays a vital role in protecting the organization from cybercrime. The only way users can fill those shoes is if they are cybersecurity literate. Your users should learn common cyber threats, cybersecurity best practices, important trends, warning signs, and how to report something they find suspicious. By holding regular training sessions that cover these vital topics, you effectively multiply the size of your security force.
Enforce safe browsing and email: You can neutralize much of the threat malware poses by making sure users follow safe browsing practices and keep an eye out for strange-looking emails. Make certain users scrutinize any emails they receive, looking for unfamiliar email addresses, unusual formatting or spelling in the text, or odd requests — like sharing confidential information. Users should apply equal scrutiny when it comes to internet use. They should never connect to a public wifi network or visit any website that doesn’t have “HTTPS” in the URL.
Maintain up-to-date software in use and look for shadow IT: Make sure to install any new version of whatever software, systems, browsers, etc., you use almost immediately. As updates often include new security features and fewer vulnerabilities, failing to do so is opening your network up to attack. The other components of this strategy is to make sure you remove any technologies that are no longer in use as older software often has numerous vulnerabilities, and look for shadow IT (those technologies used outside of IT’s control) to further reduce the likelihood of compromise.
The Byos Secure Gateway Edge uses edge microsegmentation and hardware-enforced isolation to maximize the defensibility of each endpoint in your network. Affording features like lateral movement prevention, ransomware killswitch, and protection from exploits often found on Wi-Fi networks outside IT’s control, the Byos Secure Gateway Edge is a comprehensive containment solution for the rampant spread of malware within today’s networks.
Putting Malware Prevention Techniques into Action
We hope this article has given you a thorough overview of how to prevent malware attacks. The networks of cybercriminals who create malware are constantly ideating and testing new attack methods. It is crucial for security professionals to adopt a holistic approach to building, maintaining, and evolving their cyber defenses.
Above all else, hardware-enforced microsegmentation is integral to preventing endpoints from connecting to rogue access points before the attackers have a chance to get a foothold. Combining physical and cybersecurity measures, the Byos Secure Edge is a microsegmentation solution that makes your endpoints invisible to attackers. Ready to learn more? Get started.
What is malware?
Malware is malicious software used by cybercriminals to disrupt, damage, or exploit an endpoint or network. Malware can be used to steal or destroy data, encrypt information, spam users, spy on users, extort money, take over a system, or change how a system works.
How does malware get on a computer?
Technically, this is called “initial access” by cybersecurity professionals. Malware initially gains access through methods such as infected emails and websites, your web browser ads, infected mobile apps, and vulnerabilities in your operating, applications and stored files. Those vulnerabilities can be unknown to computer manufacturers, or they may be known but are unpatched on a computer making it still vulnerable.
How does malware spread across a network?
The technical term for this is called “lateral movement” and refers to malware being programmed to search for other vulnerable devices and then spread by usually by using the same attack that was used to attack the first infected computer. But there are other ways that hackers can attack other types of devices as well, once they gain access.
How can I prevent malware?
Because malware can get initial access and spread across the network in so many ways, there are many things that must be done to prevent this. The most common preventions include regular patching of computers and applications, using a combination of endpoint protection software, use of strong passwords and multi-factor authentication, and malicious email protections. For more information, contact Byos or take this free network security assessment for specific actions and solutions that you can take to learn where you stand today with the defenses you have in place today.
What about security awareness training and free versions of antimalware software?
These are certainly good practices, but as the increasing number of successful attacks show, they are inadequate to prevent the many different ways that hackers can exploit the computers and users once they target you. The best approach is to prevent hackers from using their most common tactics against you.