Understanding the Latest Malware Techniques

Trillions of dollars are spent on cybersecurity, but it seems malware breaches continue to grow in part thanks to ransomware, rootkits, persistent malware and firmware malware. I’m sure you’ve at least heard these terms before, but do you really understand them and how they are most likely to affect your advanced cyber threat prevention strategy?

What is Ransomware?

According to Kim Komando, ransomware is:

“…a form of malware that keeps users from accessing critical files stored on their infected gadget. To be more technical, there are two primary types of ransomware out there: blockers and cryptoblockers. What's the difference?

Blockers merely prevent access to certain programs or functions. For example, it may block access to a web browser, apps or operating system. Cryptoblockers, on the other hand, actually encrypt your data.

When it comes to desktop computers and laptops, cryptoblockers are most commonly used. However, when it comes to mobile devices, blockers are the preferred choice for hackers. A single click on a malicious link or attachment is all it takes to infect your device with ransomware.”

There are thousands of documented ransomware variants. WannaCry alone is credited with impacting 200,000 victims and 300,000 computers by encrypting files and demanding between $300 and $600 in bitcoin “ransom.”

What are Rootkits?

Once malware obtains root (administrator) credentials, it can install software (called a rootkit) and then even hide the intrusion as well as maintain privileged access. With this level access, the cybercriminal has full control over a system which means that existing software can be modified, including software that might otherwise be used to detect and/or circumvent it. This form of malware is very difficult to detect once infected, so prevention is the ideal form of protection.

What is Persistent Malware?

Persistent malware seems to act like an incurable disease for your technology. Every time your anti-virus product cleans it from your system, it finds a way to re-instantiate. Particularly, when rootkit-based malware is involved, it can achieve persistence by hiding in areas of your hard drive that might be inaccessible to the operating system to evade detection and prevent scanners from locating it.

What is Firmware Malware?

Wayne Rash recently reported in his eWeek article titled “New Russian Malware Can Embed Itself in PC Firmware” a new form of firmware-based malware called LoJax.

“The LoJax software, developed by Russian hacking group Fancy Bear, which has been tied to the Russian intelligence organization, works by using a series of tools developed by the Russians that first examine the code running in the victim computer’s UEFI (the uniform extensible firmware interface), to determine if it can be infiltrated. If it can, then the malware loader copies the code, adds its own malware and then flashes the computer’s firmware to embed the code.”

What Can You Do About It?

The best defense is a great offense. Stay educated on what is current on both sides of the equation: the malware as well as the prevention side. Learn more here.