Glossary

The term malware is a compound word made from the phrase Malicious Software. A significant proportion of all cybersecurity activity and cyberattacks includes malware deployment by criminals and the defense against them. These malware attacks aim to bypass security to steal data, get financial gain, or cause damage to IT systems and disrupt operations within the targeted organization. Common examples of malware include ransomware, viruses, worms, and spyware. Many others exist, as outlined in our separate article titled What are the types of malware attacks?

It should be noted that no operating systems are immune from malware attacks. All software has bugs, and every operating system in use in 2022 has vulnerabilities and malware designed to exploit them. Microsoft Windows, Apple macOS, Apple iOS, Google Android, and all variants of Linux have had malware designed to attack them. The best assumption for any IT system and its core software is that they need to be protected from malware.

The protection needed is not just from cybercriminals with the programming and technical skills required to write malware. Many cybercriminal groups create malware that anyone can use, and they sell or license this on the dark web and other places using the software as a service model. It is mostly ransomware that uses this model, such as the widely reported Colonial Pipeline attack in 2021, which used ransomware-as-a-service to infect and shut down the pipeline control systems.

Why Do Malware Attacks Happen?

Malware attacks happen for several reasons:

Financial gain - this is the direct driver behind many malware attacks, especially ransomware attacks that look to extort payments from organizations whose systems have been encrypted and are unusable. In addition to extortion via ransomware, cybercriminals try to get financial gain via the theft of digital assets such as credit card details they can use. They can also sell credit card details and valuable data such as system account details and personal information on the dark web. Cryptojacking malware that uses infected systems to generate cryptocurrencies is another way criminals aim to make money from malware. The sale of zero-day exploits is another way for attackers to get financial returns. See the malicious activity section below for more on this.

Data theft - the theft of data of all types is another significant driver behind malware attacks. Data of all kinds has value to someone, especially any stolen data that contains personally identifiable information (PIP). This data can be sold to other criminals on the dark web who often use it to plan more sophisticated attacks against organizations via targeted spear-phishing campaigns. Information that has value when stolen via malware infections includes intellectual property about a business’s products and operations. Data that is stolen before the encryption stage of a ransomware attack is often used to further blackmail attacked organizations with the threat that it will be released publicly unless a blackmail fee is paid, in addition to any ransomware demand.

State-backed espionage - cyberattacks from nation-state-based groups are increasingly common. They use malware to attack and disrupt the IT systems of foreign governments and the essential operational technology used to manage and control vital systems in the other country. They also attack corporate systems belonging to companies in the target countries to steal intellectual property secrets to pass to businesses at home or cause damage to foreign companies. These state-backed attacks are often disguised as coming from cybercriminals to hide the fact that they are espionage. The attack on Ukraine’s power grid control systems using the NotPetya malware in 2017 was a state-based cyberattack by Russia disguised as a ransomware attack. State-backed attacks also often target overseas dissidents and news organizations that tell an alternative narrative to what an authoritarian state wants people to hear.

Political activism (hacktivism) - activists use malware attacks to target organizations they disagree with within other countries. These attacks can have unintended consequences when the malware they deploy spreads beyond the attacked organization and country to cause collateral damage to systems across the global internet.

Malicious activity - some people just deploy malware to cause damage. They enjoy the challenge of bypassing security systems in an organization, and when they have unauthorized access, they cause damage to advertise their success. The underground market for functional zero-day exploits that provide access to IT systems has a downward pressure on this activity. Anyone who has a way to bypass security can sell it on the dark web (or on a grey market well known in hacker circles). Not causing damage and advertising that an exploitable flaw exists allows them to sell the exploit for a significant return.

Defending Against Malware

The range of solutions offered by Critical Insight is needed to deliver a comprehensive cybersecurity defense strategy for an organization. For a deep dive into how to protect your organization from ransomware in particular and malware more generally, see What is Ransomware, and How Do I Prevent It? by Critical Insight’s CISO Mike Hamilton.

See also: Malware Attacks