Let’s imagine a scenario where a client presents a file, and they are unsure if it’s malware and what capabilities it has. Where does this malware fit in the kill chain?
Is it the initial patient zero machine that will go online and download more malware code? What is this malware’s specimen capability?
Understanding what the malware is capable of is one of the main purposes of malware analysis or reverse engineering. You also have to ask: What is the attacker’s intention?
If it’s malware specifically for ransom, they are trying to encrypt for files and ask for money. If its purpose is to install other stolen PI data, then its intention is larger than just quick financial gain. Knowing the intention of the attacker helps you understand where else this malware is infecting your environment.
Types of Malware
Malware is a very general category, and there are few subtypes within it:
This malware is designed to freeze files and, as the name suggests, demand ransom from its victims in exchange for releasing the data; successful attackers realized that they could take it a step further by demanding money but not releasing the data. Instead, attackers demand another payment, and the cycle continues.
Paying up might seem like the only solution to dealing with ransomware, but the fact is, once you pay, the attackers will keep asking for more.
Top 10 Biggest Ransomware Attacks (2021):
- Accenture Ransomware Attack – August 2021
- Acer Ransomware Attack – March 2021
- Apple Ransomware Attack – April 2021
- Colonial Pipeline Ransomware Attack – May 2021
- JBS Ransomware Attack – June 2021
- Kaseya Ransomware Attack – July 2021
- Klisters AG Ransomware attack – November 2021
- Kronos Ransomware Attack – December 2021
- Planned Parenthood Ransomware Attack – December 2021
- Shutterfly Ransomware Attack – December 2021
This is Software that downloads, gathers, and presents unwanted ads or data while redirecting searches to certain websites.
Bots are automatic scripts that take command of your system. Your computer is used as a “zombie” to carry out attacks online. Most of the time, you are not aware that your computer is carrying out these attacks.
When a system is compromised, rootkits are designed to hide the fact that you have malware. Rootkits enable malware to operate in the open by imitating normal files.
Suggested Read: [Cyber Attack] Top Industries Reporting Data Breaches
Spyware transmits data from the hard drive without the target knowing about the information theft.
6. Remote Access Tool (RAT)
After your system is compromised, RAT helps attackers remain in your systems and networks. RAT helps criminals to obtain your keystrokes, take photos with your camera, and/or expand to other machines.
One of the most dominant features of this type permits the malware to transfer all of this information from the victim to the attacker in a protected way, so you are not even conscious you are being spied on.
Some popular RAT tools are:
- Poison Ivy RAT
- BlackShades RAT
- Quasar RAT
- Darkcomet RAT
A virus pushes a copy of itself into a device and becomes a part of another computer program. It can spread between computers, leaving infections as it travels.
Similar to viruses, worms self-replicate, but they don’t need a host program or human to propagate. Worms utilize a vulnerability in the target system or make use of social engineering to fool users into executing the program.