Common Types of Malware and Attacks that Occurred in 2018

Mar Wed, 2019

Common Types of Malware and Attacks that Occurred in 2018 Image

Malware or malicious software can come in many different forms with the sole purpose of harming your system, network, and devices through program or software code. In their 2018 State of Malware report, Malwarebytes found malware authors targeted organizations over consumers with overall business detections of malware rising 79 percent due to an increase in backdoors, miners, spyware, and information stealers. With the proliferation of creative threat actors finding ways to breach organizations’ systems, small and medium sized businesses, their vulnerabilities are becoming prime targets for malware attacks. Before diving into the top malware attacks that occurred in 2018, lets discuss the top 10 common types of malware you should be aware of.

Types of Malware

  1. Virus: software that replicates itself by modifying other computer programs and inserting its own malicious code, infecting systems.
  2. Worm: similar to viruses, it replicates itself in order to spread to another computer, relying on security failures on the target computer to access it.
  3. Trojan: as the name stems from what occurred in Ancient Greece, the trojan misleads the users of its true intent, disguising itself as legitimate software, which once installed on the computer, provides unauthorized access to attackers.
  4. Adware: a type of malicious software that presents unwanted advertisements, shown as pop-ups to the user collecting data and invading privacy.
  5. Spyware: like it sounds, its malicious software that infiltrates your device without you knowing and observes and collects data on the users’ activities.
  6. Ransomware: the type of malware you hear often in the news, attacks your systems, networks, or devices, locking you out and/or encrypting files and requesting payment of a ransom to regain access.
  7. Rootkit: a type of malware technique that uses a kit of software tools to gain root access – or administrative privileges- over a system, while remaining hidden to the user and operating system.
  8. Keylogger: malicious program for recording computer user keystrokes to steal passwords, login credentials, and other sensitive information.
  9. Malicious cryptomining: also referred to as cryptojacking, is installed through a trojan, and allows the attacker to use your computer and system to mine cryptocurrency such as Bitcoin and Monero – utilizing your CPU cycles and operating system to make money.
  10. Exploits: often linked to malvertising, is an attack on a computer system which allows the attacker to take advantage of vulnerabilities and take over control, causing unanticipated behavior to occur.

2018 Malware Attacks

Last year marked the year of new trends rising in malware attacks, including rentable malware or malware-as-a-service, which are harder to trace and pays others to do the development of the malicious program. AlienVault conducted its own research on major threat actors in 2018 and found that the top 10 malicious actors were found in North Korea (two groups), Russia (three), Iran (two), China (two), and India (1), with threat actors exploiting vulnerabilities in web application servers and IoT devices. Notable malware attacks that occurred in 2018 include:

  • GandCrab: a ransomware that utilizes exploit kits sich as RIG, GrandSoft, and Fallout to distribute malware through malvertising campaigns and demanding ransom through the cryptocurrency Dash. Bitdefender reports over $300 million was made through this ransomware attack with demands ranging from $600-$700,000.
  • SamSam ransomware: SamSam ransomware, also known as MSIL/SAMAS.A or SamsamCrypt is associated with a bad actor named GOLD LOWELL, or a group named Ransom.SamSam. This group prides itself on targeting specific organizations, infecting numerous machines and making SamSam appear like a legitimate process. This allows the SamSam infection to hide in plain sight and avoid triggering any alarms. In 2018, SamSam infected Allscripts, the City of Atlanta, and the Colorado Department of Transportation.
  • VPNFilter: a modular IoT malware program from the hacker group Fancy Bear APT, that was secretly on a wide array of routers and network attached devices since 2016. It was capable of DDoS attacks, device bricking, data exfiltration, and cyber espionage, and was most infected devices were found in Ukraine.
  • Coinhive: a cryptcurrency mining service that relies on a small piece of computer code to be installed on websites, which was pitched to website owners as a way to make money from visitors without the use of advertisements, has now emerged as the top malware threat of cryptojacking, compromising over 400 Drupal sites.

For more information on how you can protect your organization from malware and enhance your cyber security, contact our security professionals at contactus@secuvant.com or 855-732-8826.