What are Malware and Spyware and How to Protect Your Business Against Them
Table of Contents
Companies worldwide face a tsunami of cyberattacks, many of which rely on malware infection. In 2024, US companies alone dealt with around 1.9 billion malware incidents. The staggering volume of threats has been attributed to increasingly sophisticated and AI-assisted cyberattacks that manipulate employees with favored methods, such as phishing and smishing.
Understanding malware and how it works can help a company prevent cyberattacks. Here, we explore this most insidious threat so that you can protect your organization.
Malware Definition
Malware is malicious software used to cause harm to computing resources or exploit an individual or business. These harms and exploits vary depending on the type of malware.
Malware is an umbrella term that covers all types of malicious software, including the following:
- Viruses: Malicious programs that are spread using legitimate files, like email attachments.
- Worms: Self-replicating malware that spreads without intervention.
- Trojans: Includes Remote Access Trojans (RATs) and backdoors. It looks like a legitimate program but performs malicious activities once installed.
- Spyware: Once installed, collects sensitive data and sends this back to the hacker.
- Adware: Delivers unwanted ads and may contain trackers that send data back to a spammer.
- Ransomware: Encrypts files and documents and demands a ransom for the decryption key. Increasingly, it also steals data and uses this as leverage to obtain the ransom.
- Botnets: Malware that is installed, en masse, to devices. The botnet herder then uses this malware to carry out activities like a DDoS attack.
- Keyloggers/Stealers: Malware that is specifically used to steal login credentials and other sensitive data. In Q4 2024, stealers were the top malware threat.
- Cryptojackers: Installed on computers and used to mine Bitcoin without the user's consent.
- Fileless Malware: Designed to evade detection; malware that is not dependent on creating files with signatures.
Top Malware Types From 2024 (by Uploads)
Source: AnyRun
What is Spyware
Spyware is a type of malware. However, spyware can be subdivided into the following types:
- Infostealers: once installed, infostealers will gather sensitive data and send it back to a hacker. This type of spyware can also exploit browser vulnerabilities to collect personal information from online services and forums that the victim uses.
- Keyloggers: used to capture keystrokes and some keyloggers take screenshots. The information collected can be highly sensitive and include credentials, website activity, and social media activity.
- Password stealers: focused on stealing login credentials.
- Banking trojans: designed to steal financial login credentials.
Brief History of Some Infamous Malware Infections
Over the last few decades, malware volumes have increased exponentially:
Total Amount of Malware and Potentially Unwanted Applications (PUA)
Source: AV-Test showing the total amount of malware and Potentially Unwanted Applications (PUA)
How Can Malware Impact Your Business?
Malware targets businesses of all sizes, including small, to medium-sized companies (SMEs), with 43% of cyberattacks targeting SMEs. The cost of a malware infection varies depending on the attack type. Costs include downtime, reputation damage, non-compliance fines, and damage to IT systems. The initial malware infection may lead to many types of cyberattacks, from data breaches to ransomware infections to stolen corporate information.
For example, malware that steals login credentials can lead to a data breach, which costs an average of $4.88 million.
A phishing email can lead to a ransomware infection. Ransomware recovery costs an average of $2.73 million.
Spyware can lead to lost sensitive company data, cyber theft, and compromised Intellectual Property (IP). The theft of patents and trade secrets by a competitor could result in a company going out of business.
Small businesses are not immune to the staggering costs of a cyberattack. Researchers have found that an SMB loses around $8,000 – $20,000 for every day of downtime. Indirect costs from compliance can be just as eye-watering, coming in at around $20,000 – $50,000 for providing credit monitoring to consumers post-breach.
The types of attacks by malware that leave a business vulnerable include the following:
Credential Theft
Info stealer malware stole 3.9 billion passwords and infected 4.3 million computers. Stolen credentials open the network door. Once access is granted, ransomware, data theft, IP theft, and many other forms of cyberattack and scams are possible.
Data Theft
Some malware will stealthily exfiltrate sensitive data over many months.
Ransomware Infection
Ransomware not only encrypts system files and documents, but this malware is also likely to exfiltrate data before encrypting it. The data is then used to leverage payment of the ransom.
Account Compromise
Stolen credentials lead to compromised accounts. Once an attacker has control of an account the door is open. Even the credentials of personnel without privileged access, provide a route into a network. Cybercriminals use techniques like lateral movement, whereby legitimate system tools are used to escalate privileges until they access sensitive network areas.
Physical System Damage
Malware can cause physical computing systems to fail because of overheating or corrupting the hard drive.
Slowing Down of Devices
Some malware, such as cryptojackers, use large amounts of computer memory, which slows the device down and can crash apps. The result is that the computer becomes impossible to use, and productivity is impacted.
How Can Spyware Impact Your Business?
Adware
Annoying pop-up ads are one thing, but adware can pilfer data and slow down computers. It can even redirect your employees to malicious websites that are infected with more malicious malware.
Credential Theft
Keyloggers and info stealers are designed to steal login credentials, which leads to more sinister malware infections, including ransomware.
Sensitive Data Theft
Spyware variants are used to steal sensitive corporate data, including intellectual property and financial details.
Monitoring
Spyware is stealth malware that lurks on a network and sends intelligence back to a hacker.
Examples of Malware Attacks
Bay & Bay is a family-owned trucking and logistics company (ransomware)
The SMB was infected with Conti ransomware a second time in 2021 after an initial infection in 2018. The ransomware exploited a known vulnerability in the Microsoft Exchange server. Bay & Bay refused to pay the ransom as the company had put network segmentation and secure backups in place. However, the company still had to deal with almost two days of downtime. The first attack, in 2018, resulted in lost production for 1.5 weeks.
Salt Typhoon hacking group - 2024 (spyware)
The Chinese state-sponsored Salt Typhon hacking gang targeted US telecommunication providers using stolen credentials. The result was a series of breached networks and, ultimately, the installation of JumbledPath malware used to monitor networks. US authorities confirmed that the Salt Typhoon breached Verizon, AT&T, and Lumen Technologies successfully.
SolarWinds Breach – 2020 (backdoor malware)
Malicious code was implanted into software updates from supply chain member SolarWinds. The cyberattack affected more than 18,000 companies. SolarWinds Orion business software updates were then used to distribute malware. The final costs to SolarWinds and the extended supply chain impacted by the malware were estimated at over $100 million, with $40 million directly falling on SolarWinds.
How Networks and Devices Become Infected with Malware and Spyware
Cybercriminals use various methods to open security gaps that allow the installation of malware on a network. The following are some of the most popular and successful:
Phishing - Malicious Links
Phishing emails and smishing often contain a link that if clicked takes the victim to a spoof website. Victims are encouraged to enter login credentials or other sensitive data. The website may also be infected with malware; if there is a vulnerability in the browser or other app the malware can be executed and installed.
Phishing-Infected Attachments
Some phishing emails contain malware-infected attachments. If the recipient opens the attachment, the malware installation is initiated.
Drive-by-Downloads
Cybercriminals can infect legitimate websites with malware. This type of malware vector is particularly concerning as the individual does not need to click a link or download anything to initiate malware installation. This type of cyberattack exploits vulnerabilities in browsers or other apps.
Software Vulnerability Hacking
Software vulnerabilities are flaws in the code of apps and system software. Hackers exploit these vulnerabilities to gain access to and control of a device or network. Zero-day vulnerabilities are ideal for exploitation as they are flaws that the vendor has not yet patched.
Compromised External Drives
USB flash drives continue to be targeted by hackers intent on stealing company secrets and other sensitive data. Recent research found that the number of such attacks has increased three-fold.
Unsecured Wi-Fi
Working within an unsecured public Wi-Fi network opens the door to malware infection; if a cybercriminal connects to the same unsecured Wi-Fi, they can initiate malware infection on your device and/or steal login credentials.
Malicious Mobile Apps
Mobile apps can be used to carry malware, installing malicious software onto a device that installs the app. Bank trojans are an example of mobile malware – the trojan looks exactly like a mobile banking app. If a user accesses the banking app to carry out a financial task, the login credentials entered will be stolen and used to access the real bank. A real-life example of this is the Emotet banking trojan that targeted small companies.
How Malware Evades Detection
Modern malware uses various tactics to evade detection by anti-malware tools. For example, some malware can detect protective measures, such as code being executed within a sandbox. If the malware identifies AV software attempting to prevent it from executing, it can change tactics, morph, or stop the installation. Other methods used to evade detection include fileless malware, which leaves no traces on a system; these and others are the reason that conventional AV software struggles to detect malware.
Trends in Malware and Spyware That Should Concern Business Owners
Malware-as-a-Service (MaaS)
Malware-as-Service (MaaS) uses a SaaS subscription model, providing all the elements needed to carry out a malware-based cyberattack. Researchers have found that 57% of all cyber threats are propagated by MaaS.
AI-assisted malware
Check Point's "Global Threat Index" 2024 found that artificial intelligence (AI) is being used to create more advanced and sophisticated malware. Cybercriminals are using generative AI to help write malware code, create believable phishing messages, identify targets, and gather intelligence.
Ways To Prevent Malware and Spyware Infection
Protecting your organization against the harms from the many types of malware can be achieved using a defense-in-depth approach. This approach uses multiple layers of protective measures and security tools. Amongst the most important are the following:
Advanced and AI-Enabled Anti-Malware
Cybercriminals create malware that is designed to evade detection by traditional, signature-based, anti-malware / antivirus software. These adaptive techniques are found in polymorphic and fileless malware. AI-enabled anti-malware solutions apply AI to the detection and isolation of malware. These advanced forms of AV software use various forms of AI, including behavioral analysis, machine learning, and conventional techniques such as sandboxing and signature analysis to identify and remove evasive malware strains.
Advanced Anti-Phishing and Anti-Spam (including sandboxing)
Anti-phishing solutions have advanced significantly to handle the massive volumes of sophisticated phishing that target businesses. These solutions typically use multiple layers of technologies to capture and contain phishing. Technical layers include heuristic spam filters based on AI that can perform real-time threat analysis to identify emerging threats.
Regular and Timely Patching
Many malware infections rely on exploiting software vulnerabilities. These flaws in browsers and other apps can allow attackers to execute malware packages remotely. Software vendors issue patches to fix these flaws, so you must patch software regularly. However, it is also worth noting that "zero-day" vulnerabilities—vulnerabilities that have not yet been patched by a vendor—are increasingly being used to circumvent security. AI-enabled security solutions are designed to identify zero-day threats.
Security Awareness Training
Many malware infections start with a phishing email or smishing (SMS text message phishing). Security awareness training teaches employees how to spot phishing and smishing messages. The training packages often come with simulated phishing campaigns. These fake phishing messages further educate employees on the psychological tricks used by cybercriminals, such as manipulating people into clicking malicious links or opening infected attachments.
MFA
Multi-factor authentication (MFA) adds a layer of protection when accessing corporate apps and data. It includes measures such as a biometric or mobile app code entered after a password. New passwordless systems are beginning to replace passwords altogether while maintaining good security.
Data Encryption
Data should always be encrypted during transfer and when stored.
Secure Data Backups
Use regular and secure backup systems that are ransomware-proof for all of your corporate data.
Table of Contents
- What are Malware and Spyware and How to Protect Your Business Against Them
- Malware Definition
- What is Spyware
- Brief History of Some Infamous Malware Infections
- How Can Malware Impact Your Business?
- How Can Spyware Impact Your Business?
- Examples of Malware Attacks
- How Networks and Devices Become Infected with Malware and Spyware
- How Malware Evades Detection
- Trends in Malware and Spyware That Should Concern Business Owners
- Ways To Prevent Malware and Spyware Infection