Focus on Malware

  • Published: Tuesday, March 22, 2022

Not all malware is ransomware, but all ransomware is malware. Malware is software that is maliciously designed to disrupt or gain unauthorized access to a computer system. Ransomware is a form of malware that adds an additional threat by encrypting files and blocking access until a ransom is paid to the crooks.

Ransomware stories make headlines because they are typically detrimental to an organization in terms of data loss, recovery costs, disruption of services and reputation. Other forms of malware can have as great of an impact. The payoff for the cyber criminal may not be in the form of currency but rather in the theft of data and personal or sensitive information.

How does malware occur? Typically users are tricked into clicking or installing a program they shouldn't. Sometimes the malicious program can be hidden inside of other software the user installs. The poisonous code can then execute and worm its way around in the system, spreading itself and covertly collecting information. The devastation malware can cause ranges from annoying to malevolent.

Here are some of the recent malware activities and what damages each can inflict.

  • TrickBot is spread primarily through phishing campaigns. Trickbot's original design was to steal financial data but has since become more sophisticated to include credential stealing and may drop other malware.
  • Cyclops Blink has primarily been deployed to target WatchGuard's devices. This malware can collect and exfiltrate device information that can enable it to conduct attacks on others. 
  • Gh0stCringe is known as a remote access trojan (RAT). It targets Microsoft SQL and MySQL and preys on servers with weak security configurations. It will connect to a command and control server (C&C, C2) to receive commands for performing malicious actions. One activity is a keylogger, which will log the user's keystrokes for the purpose of stealing login credentials and/or other sensitive information.
  • Emotet was originally developed as a banking trojan, much the same as TrickBot. The evolution of Emotet includes spamming and other malware delivery. Once infected with Emotet, the malware will begin spamming everyone in the contacts list in hopes of infecting more devices. It uses commonly used passwords to brute-force its attacks.
  • CaddyWiper erases user data and partition information from mapped drives. This newest infection is being actively deployed in Ukraine. It will avoid destroying data if it detects the system is a domain controller. This will aid in the persistence of the virus by establishing a presence within the organization.

How to avoid becoming a victim:

  • Keep hardware and software up to date by deploying the latest patches.
  • Train users how to detect and report suspicious emails.
  • Use strong passwords.Longer equals stronger. Use passphrases; they're easier to remember and harder to break.
  • Don't click on links embedded in emails or open attachments from unknown or unsolicited senders. 
  • Install anti-virus software.