It's a malware jungle out there. Mounting cyber-attacks and successful data breaches, along with constantly evolving malware, have made us wary about, well, basically everything in our email. Clicking unknown links, downloading email attachments, enabling macros in office documents… the specter of malware lurks everywhere. And that specter moves and changes so quickly along a constantly-shifting threat landscape that people must now approach malware safety as a lifelong learning journey. Static guidelines won’t cut it.
Neither will the old line of malware safety thinking: “As long as I have my antivirus on, don’t download any attachments or enable macros on received documents, I’m safe, right?” Times have changed. As you’ll see below, just visiting a website can compromise your computer; and one wrong move could paralyze your whole company.
By mapping the different ways that malware can infect your device, you’ll be be better oriented to stay malware-free.
Understanding the malware infection process means understanding how hackers get past the antivirus and human firewalls. They typically breach defenses either through social engineering or drive-by download.
In social engineering, the attacker presses emotional triggers to manipulate users into unwise actions, like downloading a malicious attachment from an email.
Drive-by downloading happens when malicious code is downloaded to the victim’s computer without their knowledge or consent.
Some encounter social engineering on a daily basis in the form of phishing emails. These email scams are, after all, attackers' top malware delivery method. Attackers typically manufacture a sense of urgency, from subject line to email body, to induce an ill-considered action. “Urgent! Hurry! Quickly! immediately!” are common stress-inducing triggers for attention phishes.
Infecting a computer with malware requires manipulating the user into clicking or downloading one or more of the following from the phishing email:
The below methods are the most common vectors of malware infection via phishing attacks.
In credential harvesting attacks, attackers try to steal user credentials by spoofing landing pages into which someone would normally login. If one’s email account gets compromised:
Below you can see a typical phishing email. It claims that your email password is about to expire and you must change it immediately. If you click the link, you’ll likely be redirected to a clever-but-fake website created to steal your username and password to use for malicious purposes later on.
Although email security protocols block some attachments automatically for security reasons, malicious emails still get through. Here are the most common types of malware in malicious email attachments:
These kinds of documents don’t usually contain malware themselves. But rather, they contain a link that redirects the user to a malicious website, where the machine will be infected. Malicious attachments could also resemble a legitimate service containing login fields that, if filled in, would then compromise the user’s credentials and infect the machine.
Ransomware is one of the most dangerous forms of malware out there. Thrust into the spotlight with the infamous Colonial pipeline attack by the cyber gang DarkSide, ransomware has had a whole black market economy spring up around it that mimics traditional corporate kidnapping-for-ransom. It can have devastating financial and reputational consequences. This malicious software infects and encrypts computers with a password, locking out access and extorting ransom money, often in hard-to trace cryptocurrency, to unlock the files.
Check out our previous blogpost about ransomware to learn more.
Spyware is malicious software that collects information about a user without their knowledge or consent. That information-- such as visited websites, credit card information, and so on-- is then sent to a hacker for malicious purposes.
Keylogger is a dangerous and invisible malware that records every keystroke of the user. This can result in compromised credentials, exposed credit card info, and much more.
This is the type of malware often found in tainted office documents like Microsoft Excel or Word. If a user receives files that contain macros, they should be treated with caution.
Scripts found in malicious macros could potentially:
And the worst part of it all is that the user won’t notice anything out of the ordinary, which makes this a textbook example of a drive-by download: “Downloading an application without user’s knowledge or consent.”
Just browsing a website is dangerous nowadays; using antivirus and not downloading anything won’t keep you entirely safe. Danger potentially lurks in malicious or compromised websites themselves in the form of ExploitKits.
ExploitKits, or EK’s, are hugely automated tools that are often placed in malicious or compromised websites that search for vulnerabilities in the user’s browser. They are currently one of the most-used methods of mass malware due to ease of use.
Upon visiting a compromised website, the EK automatically profiles if the user’s browser is patched and if any current exploits are available to use against that user’s browser. If the browser is fully patched to the latest version and no exploits are available, the exploit kit discontinues and the user is left alone. But when an exploit is discovered, a payload is sent to the host computer, which works as a file downloader for malware, which then infects the user’s machine.
This shows why keeping your browser updated is extremely important.
Stay protected against ExploitKits with these 3 tips:
It’s a digital jungle out there and malware is lurking everywhere, and in various forms. Online security should be taken as seriously as any other sort of safety precautions before traversing dangerous territory.
Fortunately, we can stay protected by following these 6 guidelines:
The Threat Analysis Team examines tens of thousands of reported phishing emails, including ones like these, a week–and have captured tens of millions of threats to date. They cluster the threats, rate them, and incorporate the nasty ones into our training simulations in real time to ensure our training stays at the cutting edge of the constantly-evolving threat landscape. Hoxhunt users are thus drilled on spotting and reporting the latest actual threats making the rounds, removing potentially catastrophic threats from your system with every push of the Hoxhunt reporting button.
