Which malware type is installed in the BIOS of a machine which means?
|
Malware, short for “malicious software,” is any unwanted software on your computer that, more often than not, is designed to inflict damage. Since the early days of computing, a wide range of malware types with varying functions have emerged. At its core, malware exploits existing network, device, or user vulnerabilities, posing as little a risk as annoying advertisements to the much more damaging demand for millions of dollars in ransom. Show
This article dives into the lexicon of malware, offering descriptions, protections, and examples of each. Table of Contents
Best Practices to Defend Against MalwareAs you browse the myriad of malicious software featured in this article, we offer tips for how best to defend against each type. In general, here are some of the most frequent best practices to protect against malware:
Here are some common and not so common malware threats and how to defend against them. AdwareAdware, also known as malvertising, is a type of malware that downloads or displays advertisements to the user interface. Rather than stealing data, adware is more of an irritant forcing users to see unwanted ads. Most users are familiar with adware in the form of unclosable browser pop-ups. Users sometimes unknowingly infect themselves with adware installed by default when they download and install other applications. How to Defend Against AdwareInstall an antivirus solution that includes anti-adware capabilities. Disable pop-ups on your browsers, and pay attention to the installation process when installing new software, making sure to un-select any boxes that will install additional software by default. Examples of Adware Malware AttacksWhile there are hundreds of adware versions, some of the most common examples include Fireball, Appearch, DollarRevenue, Gator, and DeskAd. These adware strains often present themselves as a video, banner, full screen, or otherwise pop-up nuisance. Also Read: Yahoo Malware Attack: Malvertising Is the Silent Killer BackdoorsA backdoor is a trojan that offers an attacker remote access into the victim’s device. Most device or software manufacturers place backdoors in their products intentionally and for a good reason. If needed, company personnel or law enforcement can use the backdoor to access the system when needed. However, in a bad actor’s hands, a backdoor can do anything the user does. Backdoors can also be installed by other types of malware, such as viruses or rootkits. How to Defend Against a BackdoorBackdoors are among the most challenging types of threats to protect against. Experts say the best defense is a multi-pronged network security strategy that includes a firewall, anti-malware software, network monitoring, intrusion detection and prevention (IDPS), and data protection. Examples of Backdoor Malware AttacksBecause backdoors are often intentionally built into products, the number of instances they’ve been used maliciously is numerous. In 2005, Sony BMG delivered millions of CDs with a rootkit that monitored listening habits and unintentionally left a backdoor to the device for cybercriminals. In 2017, more than 300,000 WordPress websites were affected by a malicious plugin that allowed an attacker to place embedded hidden links on victim websites. Bots and BotnetsBots are software performing automated tasks, making attacks known as “botnets” deadly for victims. In cybersecurity, a bot typically refers to an infected device containing malicious software. Without the user’s knowledge or permission, a bot can corrupt the device. Botnet attacks are targeted efforts by an army of bots, directed by their bot herder. How to Defend Against BotnetsOrganizations can help prevent their computers from becoming part of a botnet by installing anti-malware software, using firewalls, keeping software up-to-date, and forcing users to use strong passwords. Network monitoring software can also help determine when a system has become part of a botnet. Always change the default passwords for any IoT devices you install before extended use. Examples of Botnet Malware AttacksAttackers often use botnets to send out spam or phishing campaigns to carry out distributed denial of service (DDoS) attacks. However, a growing number of botnet attacks are used against IoT devices and their connected networks. Additional features of botnets include spam, ad and click fraud, and spyware. In 2008, the Kraken botnet with 495,000 bots infected 10% of the Fortune 500 companies. This instance of a botnet attack was also the first where malware went undetected by anti-malware software. In 2016, the Mirai botnet attack left most of the eastern U.S. with no internet. With over 600,000 devices, this botnet exposed just how vulnerable IoT devices could be and led to the IoT Cybersecurity Improvement Act of 2020. Browser HijackerA browser hijacker also called “hijackware,” noticeably changes the behavior of your web browser. This change could be sending you to a new search page, slow-loading, changing your homepage, installing unwanted toolbars, directing you to sites you did not intend to visit, and displaying unwanted ads. Attackers can make money off advertising fees, steal information from users, spy, or direct users to websites or apps that download more malware. How to Defend Against a Browser HijackerBe careful when installing new software on your system. Many browser hijackers piggyback on wanted software, much like adware does. Ensure you install and run anti-malware software on your system and maintain high-security settings for browser activity. Because hijackware is related to your browser, therein lies the solution to exterminating a browser hijacker. If your antivirus software fails to notice a new strain, you can reinstall the browser. If that fails to work, clearing the contents of the device might be required. Examples of Browser Hijacker Malware AttacksA handful of notable browser hijackers are Ask Toolbar, Conduit, CoolWebSearch, Coupon Saver, GoSave, and RockTab. These browser hijackers typically come in the form of an added toolbar, and because it’s often included in the software download, users rarely recognize it’s potential harm. BugBugs are a generic term for flaws in segments of code. All software has bugs, and most go unnoticed or are mildly impactful to the user. Sometimes, however, a bug represents a severe security vulnerability, and using software with this type of bug can open your system up to attacks. How to Defend Against BugsThe best way to minimize potentially nasty bugs is consistent updates for your software. With vulnerabilities at the top of software vendors’ minds, they are quick to release patches to prevent user systems damage. For organizations writing or configuring their code, it’s imperative to follow best practices for secure code and potentially seek third-party review. Examples of Bug Malware AttacksBecause bugs are often the root vulnerability that enables malware, almost every attack has something to do with a bug-related exposure. Also Read: What is a Bug Bounty? How to Set Up a Bug Bounty Program CrimewareSome vendors use “crimeware” to refer to malware that is criminally executed and often financially benefits the attacker. Much like malware, it is an inclusive category that encompasses a wide variety of malicious software. Unlike ransomware, it might be a criminal operation that does not involve the collection of a ransom. As a term, crimeware encompasses much of the malware types listed in this article. How to Defend Against CrimewareBest network security practices are essential, including using anti-malware, firewalls, intrusion prevention and detection (IPDS), network and log monitoring, data protection, security information and event management (SIEM), and threat intelligence. Cybersecurity vendors like Panda Security suggest the best way to defend against crimeware is using a combination of antivirus, anti-spyware, firewalls, and threat detection technology. Examples of Crimeware Malware AttacksBecause crimeware is an umbrella term for most malware types, the examples are endless. Some malware technologies like keyloggers and backdoors come with the product design for later maintenance of the device. All crimeware programs are inherently malicious, and their successful activation is prosecutable. KeyloggersA keylogger is a software program that records all of the keys a user touches. This exposed data includes everything from emails and documents typed to passwords entered for authentication purposes. By obtaining sensitive authentication access, attackers can break into the vendor network or user account. How to Defend Against a KeyloggerGood password hygiene is one of the best ways to prevent access to keyloggers. Using strong passwords that you update regularly can go a long way towards keeping you safe. You should also use a network firewall and an anti-malware solution. Examples of Keylogger Malware AttacksKeylogging is legal and widely enforced by vendors working with sensitive information. Employers can enable a keylogger through hardware or software to detect any criminal or unethical behavior on company systems. For malicious keyloggers outside your organization, initial access to a device or user’s account would be necessary. A strain of keylogger malware dubbed LokiBot notably increased in 2020. CISA reported that LokiBot “employs Trojan malware to steal sensitive information such as usernames, passwords, cryptocurrency wallets, and other credentials.” Malicious Mobile AppsIn the sea of apps available today, not all of them are desirable, and the problem is even more acute with third-party app stores. While app store vendors try to prevent malicious apps from becoming available, some inevitably slip through. These apps can steal user information, attempt to extort money from users, gain access to corporate networks, force users to view unwanted ads, or engage in other undesirable activity types. How to Defend Against a Malicious Mobile AppUser education is one of the most powerful tools for preventing malicious mobile apps. By avoiding third-party app stores and investigating app data before downloading, users can significantly mitigate this risk. Deploying mobile anti-malware and a company-wide mobile security plan is essential for large organizations. Examples of Malicious Mobile App Malware AttacksDuring the 2019 holiday season, the Barracuda research team analyzed 4,200 Android apps related to shopping, Santa, and games. Of these, 165 apps had excessive permission requests, 35 contained adware, and 7 exhibited evident malicious redirecting. While this case study is just a snapshot, vigilance in the app store is required. Also Read: Types of Mobile Malware & Solutions Phishing and Social EngineeringPhishing and social engineering are a type of email attack that attempts to trick users into divulging passwords, downloading an attachment or visiting a website that installs malware on their systems. More targeted efforts at specific users or organizations are known as spear phishing. Because the goal is to trick the user, attackers will research the victim to maximize trick potential, often using spoofing to make the email seem legit. How to Defend Against PhishingBecause phishing relies on social engineering — tricking users into doing something — employee training is one of the best defenses against these attacks. Users should deploy anti-spam and anti-malware solutions, and staff should know not to divulge personal information or passwords in email messages. Training about downloading attachments or clicking website links in messages, even if they appear to come from a known source, is imperative given phishing attackers often pretend to be a company or person known to the victim. Email is also usually how ransomware works. Examples of Phishing Malware AttacksPhishing TypeDescriptionDeceptive PhishingMost common type, using an email headline with a sense of urgency from a known contact. This attack blends legitimate links with malicious code, modifies brand logos, and evades detection with minimal content.Spear PhishingAs noted, spear phishing targets specific users or organizations by exploring social media, recording out-of-office notifications, compromising API tokens, and housing malicious data in the cloud.WhalingEven more targeted than spear phishing, whaling targets chief officers of an organization by infiltrating the network, exposing the supply chain, and following up the malicious email with a phone call to give it legitimacy.VishingTargeting victims over the phone, vishing is the use of Voice over Internet Protocol (VoIP), technical jargon, and ID spoofing to trick a caller into revealing sensitive information.SmishingSmishing also targets phone users, but this one comes in the form of malicious text messages. Smishing attacks often include triggering the download of a malicious app, link to data-stealing forms, and faux tech support.PharmingMoving away from trying to trick users, pharming leverages cache poisoning against the DNS, using malicious email code to target the server and compromise web users’ URL requests.
RAM ScraperRAM scraper malware, also known as Point-of-Sale (POS) malware, harvests data temporarily stored in a system’s memory, also known as random access memory (RAM). This type of malware targets POS systems like cash registers or vendor portals where an attacker can access unencrypted credit card numbers. While this sensitive payment data is only available for milliseconds before passing the encrypted numbers to back-end systems, attackers can still access millions of records. How to Defend Against a RAM ScraperOrganizations can help prevent RAM scraper attacks by using hardened POS systems and separating payment-related systems from non-payment systems. Usual precautions such as anti-malware software, firewalls, data encryption, and complying with any relevant standards or regulations for protecting customer data are a must. Examples of RAM Scraper Malware AttacksSince 2008, RAM scraping has been a boon for retailers. A handful of years later, the now-infamous spyware dubbed BlackPOS led to the compromise of 40 million Target customers and 56 million Home Depot customers. Heading into the 2020s, a few notable RAM scraping malware families are FrameworkPOS, PoSeidon/FindStr, FighterPOS, and Cabanak/Anunak. RansomwareIn recent years, ransomware has quickly become one of the most prevalent types of malware. The most common malware variants encrypt a system or specific files, pausing any work from being done until the victim pays a ransom to the attacker. Other forms of ransomware threaten to publicize sensitive information within the encrypted data. How to Defend Against RansomwareOften organizations can mitigate ransomware attacks by having up-to-date backups. If their files become locked, they can simply wipe the system and reboot from an offline backup. Organizations should train users about the threat, patch their software as necessary and install all the usual security solutions. Some instances of ransomware appear so dire that many organizations and individuals resort to paying the ransom. Examples of Ransomware Malware AttacksWith vendors and organizations increasingly moving online, more data is at risk of exposure. Attackers know this and often take advantage of small to mid-sized organizations with weaker network security, requesting an amount they know the organization can afford. Notable examples from the 2010s included CryptoLocker, Locky, WannaCry, Hermes, GandCrab, and Ryuk. Rogue Security SoftwareRogue security software is a form of ransomware or scareware. An attacker enabling this method tricks users into thinking their system or device is at risk. The malware program will present itself as a fake security tool to remove the problem at a cost. In actuality, the user pays up and the artificial security software installs more malware onto their systems. How to Defend Against Rogue Security SoftwareAs with most other malware forms, you can prevent most rogue security software from being installed on your system by using a firewall and anti-malware solution and by being careful when clicking on links or attachments in email messages. Also, organizations should educate users about the threat as rogue security software attackers have become particularly good at social engineering. Examples of Rogue Security Software Malware AttacksSome of the most common rogue security software attacks have come in spam campaigns and adware. However, a different infection vector for this malware is the technique known as Black Hat SEO. By following the most popular keywords on the internet through public records like Google Trends, attackers use malicious scripts to generate websites that appear legitimate. RootkitRootkits are one of the most insidious malware types because they allow attackers to have administrator-level access to systems without the users’ knowledge. Once an attacker has root access to a network, they can do almost anything with the system, including recording activity, changing system settings, accessing data, and mounting attacks on other systems. How to Defend Against a RootkitYou can prevent most rootkit infections by installing appropriate security software (anti-malware, firewall, log monitoring) and keeping your operating system and other software up-to-date with patches. You should be careful when installing any software on your system and when clicking email attachments or links. If a rootkit infects your system, it can be nearly impossible to detect and remove; in many cases, you may have to wipe your hard drive and start over from scratch to get rid of it. Examples of Rootkit Malware AttacksRootkit TypeDescriptionBootkit rootkitA type of kernel-mode rootkit infecting boot functionality during computer startup, subverting the kernel upon powering on.Firmware rootkitFirmware is often used by organizations, however, their persistent presence in the router, network card, hard drive, or BIOS makes detecting it difficult if used maliciously.Kernel-mode rootkitThis rootkit alters the very core of your system, the kernel. Resembling device drivers or loadable modules, they operate at the same security level as the OS, giving the appearance of credibility.Virtual rootkitAlso known as a hypervisor, this rootkit hosts the target OS as a virtual machine (VM). It can forgo modifying the kernel and subvert the OS.User-mode rootkitThis rootkit can alter security settings, allowing the attacker to replace executables and system libraries and modify interface behavior.Also Read: Top 5 Rootkit Threats and How to Root Them Out SpamIn IT security, spam is unwanted email. Usually, it includes unsolicited advertisements, but it can also have attempted fraud or links or attachments that would install malware on your system. Most spam emails contain:
How to Defend Against SpamMost email solutions or services include anti-spam features. Using these capabilities is the best way to prevent spam from showing up on your systems. If your inbox contains thousands of unread emails and a dozen subscriptions no longer pertinent, do yourself a favor and unsubscribe. Examples of Spam Malware AttacksSpam might be one of the most universally understood forms of malware. As billions of users enable email for their everyday lives, it makes sense that malicious actors try to sneak into your inbox. Some of the most common types of spam emails include fake responses, PayPal, returned mail, and social media. All of which are disguised as legitimate but contain malware. SpywareSpyware is any type of software that gathers information about someone without their knowledge or consent. For example, website tracking cookies that monitor a user’s browsing history is considered a form of spyware. Other types of spyware might attempt to steal personal or corporate information. Government agencies and law enforcement often use spyware to investigate domestic suspects or international threat actors. It is challenging for the user to detect spyware symptoms ranging from performance issues to unusual modem activity. How to Defend Against SpywareInstall anti-spyware software on your computer. Luckily, anti-spyware capabilities are included in most antivirus or anti-malware packages nowadays. Using a firewall and caution when downloading software is a must. And finally, scanning for potential threats at least once a week can be a lifesaver. Examples of Spyware Malware AttacksSpyware often comes in the form of adware, trojans, keyloggers, and rootkits. Some of the best-known spyware strains include CoolWebSearch, Gator, Internet Optimizer, TIBS Dialer, and Zlob. For example, CoolWebSearch uses Internet Explorer vulnerabilities to direct traffic to advertisements, infect host files, and rewrite search engine results. TrojansIn computer security, a trojan is any malware that pretends to be something else but serves a malicious purpose. For example, a trojan might appear to be a free game, but once installed, it might destroy your hard drive, steal data, install a backdoor, or take other harmful actions. How To Defend Against a TrojanBecause trojans use social engineering for targeted attacks, educating users is imperative. Caution when installing new software or clicking email links and attachments is the name of the game. Organizations can defend against most trojans with security software such as anti-malware software and sufficient firewalls. Examples of Trojan Malware AttacksTrojan Type DescriptionArcBomb trojanShort for “archive bomb”, this trojan is built to slow, freeze, or overwhelm the computer’s performance by using malcrafted archive headers, repeating data, and identical files in the archiveBackdoor trojanSee Backdoor for reference. A remote user with control of your device can act as you, steal data, and corrupt files.Banking trojanAppearing as your bank, these trojans are built to steal your financial account information, exploiting your data and using your money.Clicker trojanTrojans that are activated upon click. Victims are usually the recipient of adware, but can also be redirected to malicious websites.DDoS trojanSee DDoS for reference. These trojans execute a DDoS attack on a target website.Downloader trojanTrojans that can download or install updated versions of malware.Dropper trojanInstalls trojans to prevent detection of malware or install additional malware; increasingly harder to detect for antivirus software.Exploit trojanPertinent to our looks at bugs, exploit trojans target vulnerabilities in the code of application software.FakeAV trojanBy simulating the appearance of an antivirus program, these trojans ask you to pay for the detection and removal of threats that don’t really exist.Game thief trojanThese trojans target the login and user account data of online gamers.Instant messaging trojanBy stealing your credentials for instant messaging services like native SMS apps, Skype, Facebook, WhatsApp, and more, attackers can capture your account’s data.Mailfinder trojanSearching through your computer, this trojan harvests email addresses that it can use for additional malware.Notifier trojanThis trojan alerts attackers to when an infected device is online, therefore giving the attacker access to IP address, open port number, and other sensitive information.Proxy trojanOften used for mass spam mailings, this trojan gives attackers access to the victim computer’s internet resources.Password stealing trojanPrograms built to search systems files for username and password information.Ransom trojanLike ransomware, this trojan encrypts your files or causes a noticeable change in your computer’s functionality. Restoration of performance or data comes at a price.Rootkit trojanSee Rootkit for reference. This trojan aids in the hiding of malicious software, concealing its activities and prolonging the infection.SMS trojanThese trojans target cellular devices, using their access to a device to send messages without regard for how much it might cost the device owner.Spy trojanSimilar to spyware, trojan spy software monitors your computer through keylogging, screenshots, and application authentication.VirusesWhile some refer to malware and viruses interchangeably, a virus is a specific type of malware that requires human activation — a click on an attachment, image, link, or even a file you access every day. Often hidden, a click by staff could unknowingly boot up a virus. Viruses infect a device and then attempt to spread to other devices and systems. As far as damage to the user goes, a virus can perform several undesirable commands. These include:
How to Defend Against a VirusAny internet-enabled system in your network should have antivirus software installed and up-to-date. Deploying a firewall is essential, but use care when clicking on email attachments or URL links. Inspecting website security by its SSL is imperative to avoid visiting unknown or untrusted websites. Major antivirus software vendors include Avast, AVG, BitDefender, ESET, Kaspersky, Norton, Panda and Sophos, and Micorosft offers free Windows protection in the form of Microsoft Defender. Examples of Virus Malware AttacksVirus TypeMethod of Breach Boot sector virusInfects the boot sector of the Master Boot Record (MBR) of hard disks, activating every time you start your computer.Browser hijacker virusSee Browser hijacker for reference, this virus takes control of browser settings and redirecting traffic to malicious websites.Direct action virusReplicates and infects files of folders, most often .exe and .com files, activating when the file is accessed.File virusTargets both files and the operating system (OS), this virus can reformat the hard drive and damage programs by amending existing code.Macro virusWritten into macro language like VBA, once an application is infected, the infection can spread when shared to other devices.Multipartite virusTargets both the boot sector and the system’s programs, this speedy virus spreads by unauthorized activitiesPolymorphic virusDifficult for anti-malware to detect, this virus is quick to change identifiable file traits or encryption keys, changing the appearance of the code.Resident virusConceals itself in the computer’s RAM, and can spread to any programs opened while infected.Script virusThrough a vulnerability in the web browser — think malicious ads and links — this virus injects scripting into an organization’s web page to access sensitive information.Also Read: Antivirus vs. EPP vs. EDR: How to Secure Your Endpoints WormsA worm is similar to a virus because it spreads itself, but a worm does not need an attacker’s permission for activation. Instead, it is a standalone piece of malware that extends within a system or network. Like viruses, it can cause just as much damage to the device. How to Defend Against WormsAs with viruses, the best way to prevent worm infections is with antivirus or anti-malware software. And as always, users should only click on email links or attachments when confident of the contents. Examples of Worm Malware AttacksWorm TypeHidden InEmail wormEmail content (attachment or advertisement)Downloads wormDownload files or FTP filesInstant Messaging wormMobile or desktop instant messaging programsInternet wormCorrupted website’s HTMLIRC wormInternet relay chat channels and roomsFile Sharing/P2P wormPerson-to-person file-sharing networkNetworks wormCarried in network packets or any shared access device, drive, or file in the network
Prepare For All Malware TypesIf you’ve made it this far, you know the forest of malware is dark and deep. Today’s league of malicious actors aren’t relying on the traditional forms of malware. They’re consistently seeking more robust strains that can outdo your network security and current anti-malware or antivirus solutions. Being aware of the dangers that lie in different types of malicious software comes first. As a cybersecurity professional, it is your responsibility to stay mindful of malware trends and actively respond to pertinent vulnerabilities. Which malware type is installed in the BIOS of a machine which means operating system level tools Cannot detect it rootkit?A firmware rootkit uses device or platform firmware to create a persistent malware image in hardware, such as a router, network card, hard drive, or the system BIOS. The rootkit hides in firmware, because firmware is not usually inspected for code integrity.
Is BIOS a type of malware?BIOS Malware Attacks
BIOS-level malware usually rewrites the BIOS code and injects a malicious one. Because BIOS is located in memory rather than in the hard drive, this type of malware can't be detected using regular antivirus.
What are the 4 main types of malware?What Are the Most Common Types of Malware Attacks?. 1) Adware.. 2) Fileless Malware.. 3) Viruses.. 4) Worms.. 5) Trojans.. 6) Bots.. 7) Ransomware.. 8) Spyware.. How common is BIOS malware?BIOS/UEFI (firmware) virus's exist but are very rare. Researchers have demonstrated in a test environment proof of concept viruses that could modify the flash BIOS or install a rootkit on the BIOS of some systems so that it could survive a reformat and reinfected a clean disk.
|
