Navigate the current cyber risk landscape with Coalition’s Cyber Threat Index 2024Get the report
Cyber Incident? Get Help

What is a malware attack?

Incident-Response Hero

Overview

Malware — a portmanteau of “malicious software” — can cause tremendous damage to businesses. Malware attacks occur when bad actors infiltrate networks and leave viruses, worms, trojans, ransomware, or spyware behind, causing financial and reputational damage while crushing productivity.

To learn more about how to defend your business from malware attacks, download Coalition’s Cybersecurity Guide.

Why malware matters


In an age where the average business user receives over 120 emails daily, it’s too easy for malware to infiltrate a network. All it takes is a phishing email that convinces an unsuspecting user to download a malware file disguised as a PDF to cripple a business network.

No company is too small to be a victim of a malware attack. Knowing how to prevent a malware attack starts with learning about the different types of malware that can make their way into your organization — and what you can do to fight back.

What are the 10 common types of malware-based attacks?


Here are the 10 most common types of malware-based attacks:

  1. Ransomware

  2. Adware

  3. Trojan

  4. Residential proxy

  5. Worm

  6. Spyware/keylogger

  7. Process injection/fileless malware

  8. Remote access trojan (RAT)

  9. Cryptojacking

  10. Mobile malware

1. Ransomware

Ransomware is malware that uses encryption to prevent companies from accessing their data and other business-critical systems until a ransom is paid. In May 2021, Colonial Pipeline was the victim of a ransomware attack and had to pay 75 bitcoin — $4.4 million — to restore operations.  While the FBI was able to help the oil company reclaim a big chunk of that ransom, these attacks are quite common due to lucrative potential payouts. In an era of remote and hybrid workforces, hackers have more remote worker endpoints to exploit

2. Adware

Adware is software that displays advertising and other sales materials in your browser as popup ads or applications. Generally speaking, adware commandeers end users’ browsers and tricks them into clicking on fraudulent ads.  Attackers also use a version of this technique called scareware to trick users into believing their systems are hacked and that the only way to fix it is by buying more software, which often contains malware.

3. Trojan

A banking trojan is malware that gives malicious actors access to important data. Typically, trojans — which spread through environments like worms — can harvest all network passwords from a system, capturing passwords stored in web browsers, and intercepting network traffic. They also are used to steal banking credentials entered by an end user and capture credentials and data from email clients.  Another common example of a trojan malware attack is Emotet, an advanced modular banking trojan that primarily functions as a downloader of other banking trojans.

4. Residential proxy

A residential proxy is an intermediary network that enables threat actors to use what appear to be real residential IP addresses in specific geographic areas while launching attacks from elsewhere. For example, a hacker in Eastern Europe can use a residential proxy network to appear to be an internet user in Oklahoma. Recently, the FBI warned that hackers are increasingly using residential proxy networks and malware to launch credential-stuffing attacks, where bad actors use previously exposed login credentials en masse in hopes of gaining access to sensitive accounts. 

5. Worm

A worm is malicious software that spreads across networks and has self-replicating capabilities. All it takes is one employee to download an infected file or a bad actor to exploit a remote vulnerability to wreak havoc on an organization’s network. Famous examples of worms include Stuxnet, which targeted industrial control systems, and the Morris worm, which impacted organizations like Harvard, Princeton, Stanford, Johns Hopkins, and NASA. 

6. Spyware/keylogger

As the name suggests, spyware is a type of keylogging software that records user behavior and is primarily used to collect usernames and login credentials. For example, after a keylogger is installed on an employee’s computer, a bad actor can access to all mission-critical systems that the user accesses, and even their own financial and social media accounts. Recently, hackers used RedLine Stealer to steal usernames and passwords stored in web browsers like Chrome and Edge. Once those credentials were stolen, hackers could use them to commit additional crimes or sell them on the dark web. This attack illustrates the importance of using encrypted password managers and practicing good password hygiene.

7. Process injection/fileless malware

Unlike more common malware attacks, fileless malware isn’t file-based; instead, malicious scripts are memory-based, which makes them much harder to identify and easier to execute in the background. For example, an employee might click on a link in a phishing email that loads a script into their computer’s memory. Once that happens, hackers can capture and share confidential credentials and sensitive information.  According to Norton, there are three primary types of fileless malware attacks:

  • Windows registry manipulation, which uses normal Windows processes to implement fieless code into a machine’s registry. An example of this is Kovter, which captures and takes control of unsuspecting user’s machines and uses them to commit click fraud.

  • Memory code injection, which occurs when bad actors hide malicious scripts in a normal application’s memory, like PowerShell and WMI. Since these programs are supposed to be running on an employee’s machine, they’re often able to elude malware detectors.

  • Script-based techniques, including Operation Cobalt Kitty, where a group of hackers targets a select group of employees with spear-phishing emails containing Word documents with malicious scripts.

8. Remote access trojan (RAT)

A remote access trojan is software that enables bad actors to control someone else’s device or computer from another location. In most cases, hackers dupe employees into downloading RATs alongside business applications or files or get them to click on duplicitous links in phishing emails. Once a hacker has control of an individual’s computer, they can steal all important data and use that device to launch any number of additional attacks.

9. Cryptojacking

One of the latest malware trends is cryptojacking, which occurs when bad actors commandeer computers and use them to mine cryptocurrency without the end user knowing. Since mining for cryptocurrency is resource-intensive and requires a lot of electricity, this is an easy way for bad actors to force companies to pay for the energy needed to mine cryptocurrency while they collect the rewards (e.g., bitcoin or ethereum).  Good news: Coalition insures against this.

10. Mobile malware

Mobile malware is malware that — you guessed it — targets mobile devices. These days, with so many employees working on the go or working remotely, hackers are increasingly exploiting this attack vector to gain access to sensitive business information and user credentials. In addition to ensuring business devices are protected against malware, it’s also important that your employees know their personal devices can be targeted, particularly if they’re being used for work purposes.

What are malware prevention steps?


While you can’t entirely eliminate the likelihood a bad actor will use malware against your organization, you can implement a few foundational cybersecurity practices that help prevent such attacks, including:

  • Enabling multi-factor authentication (MFA)

  • Implementing security awareness training for your employees

  • Scanning for malicious software

Enabling multi-factor authentication

Also known as two-factor authentication (2FA), multi-factor authentication is a security mechanism that provides an additional layer of protection to ensure that only authorized users access company systems and devices. For example, a user might log into an account using their credentials and then be prompted to enter a temporary one-time password using an app like Google Authenticator. As a result, bad actors will have a much harder time gaining access to company networks even if they have an employee’s legitimate credentials.

Implementing security awareness training for your employees

Since malware trends are constantly evolving and hackers regularly change tactics, employees need to stay up to date on potential threats and understand exactly what to do in the event they think they’re being attacked. The easiest way to do this is to implement a security awareness training program and hold regular training sessions to ensure everyone knows what common attacks and methods look like, how to identify them, and how to respond.

Scanning for malicious software

Unfortunately, traditional antivirus software can’t detect all types of malware; some are designed explicitly to avoid detection, like fileless malware. To protect against malware attacks, companies can use endpoint detection and response (EDR) tools that collect data from all endpoints in an organization’s network, analyze it, and alert on potential suspicious activities. With a robust EDR system, organizations can stop threats before a human has time to respond to them.

How do you respond to malware attacks?


If you believe your organization is infected with malware, attempt to isolate the infected system and contact your IT team and your cyber insurance provider. Powering down devices can help prevent the malware from spreading through the network. The Cybersecurity and Infrastructure Security Agency (CISA) offers a list of additional steps you should take when responding to malware attacks. Are you looking to beef up your cybersecurity stance and take a proactive approach to protect against malware? Coalition can help.  Take our free automated scanning and monitoring tool, Coalition Control, for a spin today to find your organization’s cyber risk and learn how to fix it.