What is Malware? Types & Prevention

what is malware
Written by Kaitlyn Graham

What is Malware?

Short for “malicious software,” malware is developed by hackers and covertly installed onto an organization’s digital services and systems. Malware is one of the most prevalent threats to computers and computer systems, and it takes many forms including ransomware, viruses, worms, spyware, adware, and Trojan horses.

Malware can gain entry to your network in many ways. For example, an employee can unknowingly introduce malware into your organization by clicking on a link in a phishing email or downloading content from a suspicious website. Vulnerabilities, such as unpatched systems, are also a common target of malicious programs. 

Once malware has penetrated the network, threat actors can use it to steal information, encrypt systems, spy on users, and remove files. Certain malware can also spread laterally through the organization causing widespread business disruption. It can help attackers to steal money, disrupt operations, degrade performance and shut down access to critical IT resources.

Common Types of Malware

Let’s look at the most common types of malware:

1. Ransomware

Ransomware is the most popular and fastest growing form of malware. According to the 2022 Verizon Data Breach Investigations Report, ransomware breaches increased 13% in a single year – a jump greater than the past five years combined. The dollar amount extorted by cybercriminals is also on the rise. The average ransom has increased by 171% in the last year.

Ransomware occurs when a cybercriminal or nation state uses malware to encrypt a victim’s data until a ransom is paid. Thanks to ransomware-as-a-service tools, these attacks require little technical knowledge and are inexpensive to execute. Ransomware attack vectors include phishing emails, malicious code hidden in web scripts, ads and pop-ups, messaging apps, text messages, and social engineering tactics.

Some example Ransomware incidents:

2. Virus

A virus is a type of malware (often transmitted via email) that attaches itself to a program that supports macros, such as Microsoft Excel. The virus then lays dormant until that program is opened, at which point the virus code is executed. A virus can be programmed to steal or corrupt data, spam the victim’s email contacts, and automatically infect other systems on a network. 

3. Worm

A worm is a piece of software that infects a device via a downloaded file or network connection. Unlike a virus, a worm does not need a host program to propagate. Instead, once a connected device is infected, a worm will scan the network for security holes, replicate itself onto vulnerable machines, and keep spreading ad infinitum.

4. Spyware

As the name suggests, spyware is a form of malware that runs on a computer without the user’s knowledge. Working in the background, it monitors online activity and gathers sensitive data then forwards it to a third-party malicious actor. 

Spyware is often used to steal passwords, financial information, or credentials. Spyware is very difficult for users and organizations to detect and can cause significant damage.

5. Adware

Adware is a type of malware that monitors a user’s online activity and serves up targeted advertisements. Individuals encounter adware each time they browse the internet. It is not always harmful. However, when used maliciously it can contain spyware and be used to sell personal data to threat actors.

6. Trojan

A Trojan horse is malware that disguises itself as a useful or interesting software program. Once downloaded, a trojan can install spyware, access sensitive data, steal account information, demand money, and more.

Malware Prevention with Dark Web Intelligence

Malware prevention is a class of technologies designed to identify and block malware in web traffic or email attachments or to block access to URLs that that are known to surreptitiously download malware to a user’s device. Malware prevention solutions also include dark web monitoring technologies that can identify new malware code as it emerges on dark websites. This intelligence allows security teams to block malware via firewalls or by triggering playbooks in SIEM, SOAR and VM platforms.

Malware prevention technologies rely on superior threat intelligence to identify and understand the latest malware threats – what they look like, how they operate and how they are deployed. To gather intelligence about malware threats as early as possible, security teams must look to the dark web. This is the place where new malware threats first surface on underground forums, illicit marketplaces, code repositories and paste sites. By constantly and covertly monitoring sources on the deep and dark web, security teams can develop the insights they need to protect their organizations against malware – before it has been deployed or downloaded.

How dark web monitoring informs malware prevention

Cybercrime is a business that thrives on the dark web. This is the part of the internet that search engines can’t penetrate and where privacy and anonymity are highly protected. Consequently, it’s a place where cybercriminals can go to acquire tools to mount attacks, buy and sell compromised credentials and stolen data, exchange information on tactics and techniques, post proof-of-concept exploit code and discuss strategies in underground forums.

The amount of criminal activity on the dark web makes it a rich source for threat intelligence. By covertly monitoring dark sites, security analysts can get clear and timely insight into the nature of threats, the profiles of threat actors, and the tactics, techniques and procedures (TTPs) they prefer.

This level of threat intelligence can be extremely valuable in malware prevention. For example, most malware detection solutions only recognize new malware once it is sold and weaponized, or once it has already been used in an attack. Cyber teams can stay ahead of malware threats by monitoring and identifying it when it is initially offered for sale on the dark web. Using covert methods, they can extract the malware hash in its preliminary phase, then block it on firewalls or trigger playbooks on SIEM, SOAR or vulnerability management platforms before anyone else has even downloaded it.

What Can You Do to Protect Against Malware?

The malware threat is rising, but there are best practices you can follow to minimize the risk to avoid becoming a victim. For instance, remediating vulnerabilities in a timely manner, reducing attack surface exposure, and maintaining a relentless focus on security hygiene can measurably reduce the likelihood of a malware attack.

Because no organization is immune from malware, use Bitsight to continuously monitor your digital environment for vulnerabilities and regularly apply software patches and proper configuration management protocols. Both can contribute to a heightened risk of malware if left unattended. You can also use Bitsight’s data advantage to discover machines that may already be compromised and identify user behavior that could introduce malicious software onto your network.

Bitsight Cyber Threat Intelligence offers access to the broadest dark web monitoring capabilities in the industry. By collecting data from 10x more dark web sources and extracting data 24x faster than competitors, Bitsight delivers the intelligence that security teams need to effectively protect their organizations from malware, phishing attacks, ransomware and other emerging threats.

Finally, since supply chains are emerging as a common avenue for ransomware attacks, take steps to maintain a continuous view of your vendors’ security postures.

Stay Ahead with Proactive Threat Hunting

Arm your security team with the tools, techniques, and insights to uncover hidden threats. Learn to identify risks early and strengthen your defenses with actionable intelligence.