What type of malware spreads across the network once installed on a system?

What Is Malware? 

Malware is malicious software that is deployed by a threat actor to wreak havoc on an organization or individual. Malware is usually found attached to emails, embedded in fraudulent links, hidden in ads, or lying in-wait on various sites that you (or your employees) might visit on the internet. The end goal of malware is to harm or exploit computers and networks, often to steal data or money.

All it takes is one wrong click by one employee for the malware to install itself and begin to execute its program. 

Malware attacks are on the rise, especially in the wake of the pandemic. The total number of attacks has risen to a staggering 10.4 million a year. In addition, threat vectors and attack types are changing. Supply chain and ransomware attacks are skyrocketing, and bad actors are getting organized — ransomware gangs and malware-as-a-service are more common now than pre-pandemic. 

It’s important to note that many malware attacks are initiated through social engineering or phishing attacks. While there are tools individuals and organizations can, and should, employ to prevent malware attacks, training users is of the utmost importance because they are the targets of social engineering.  

What Are the Most Common Types of Malware Attacks? 

1) Adware 

Adware — commonly called “spam” — serves unwanted or malicious advertising. While relatively harmless, it can be irritating as adware can hamper your computer’s performance. In addition, these ads may lead users to download more harmful types of malware inadvertently. To defend against adware, make sure you keep your operating system, web browser, and email clients updated so they can block known adware attacks before they are able to download and install. 

2) Fileless Malware 

Unlike traditional malware, which uses executable files to infect devices, fileless malware doesn’t directly impact files or the file system. Instead, this type of malware uses non-file objects like Microsoft Office macros, PowerShell, WMI, and other system tools. According to recent research, 40% of global malware is  fileless.

In addition, fileless malware increased by almost 900% year-over-year in 2020. A notable example of a fileless malware attack was Operation Cobalt Kitty, in which the OceanLotus Group infiltrated several corporations and conducted nearly six months of stealthy operations before being detected.  

Because there’s no executable file, it is difficult for antivirus software to protect against fileless malware. The best way to limit what fileless malware can do is to limit users’ credentials. By employing least privilege access, where users are only given the rights and privileges needed to do a specific task, an organization also limits the risk of fileless malware. Multi-factor authentication (MFA), as well as employing a zero trust network access (ZTNA), can also limit the attack surface for fileless malware. 

3) Viruses 

A virus infects other programs and can spread to other systems, in addition to performing its own malicious acts. A virus is attached to a file and is executed once the file is launched. The virus will then encrypt, corrupt, delete, or move your data and files. 

To defend against viruses, an enterprise-level antivirus solution can help you protect all your devices from a single location while maintaining central control and visibility. Make sure that you run full scans frequently and keep your antivirus definitions up to date. 

4) Worms 

Like a virus, a worm can duplicate itself in other devices or systems. Unlike viruses, worms do not need human action to spread once they are in a network or system. Worms often attack a computer’s memory or hard drive. To protect yourself against worms you should make sure every device is updated with the latest patches. Technology like firewalls and email filtering will also help you detect files or links that may contain a worm. 

5) Trojans 

A trojan program pretends to be a legitimate one, but it is in fact malicious. A trojan can’t spread by itself like a virus or worm, but instead must be executed by its victim, often through social engineering tactics such as phishing. Trojans rely on social engineering to spread, which puts the burden of defense on users. Unfortunately, In 2022, involved the human element. Security awareness training is crucial for protecting against trojans, as employees are both the targets and the first line of defense against these kinds of attacks. 

6) Bots 

A bot is a software program that performs an automated task without requiring any interaction. Bots can execute attacks much faster than humans ever could.

A computer with a bot infection can spread the bot to other devices, creating what’s known as a botnet. This network of bot-compromised machines can then be controlled and used to launch massive attacks — such as DDoS attacks or brute force attacks — often without the device owner being aware of its role in the attack. Bots are also used for crypto mining on specific hardware. One way to control bots is to use tools that help determine if traffic is coming from a human user or a bot.

For example, you can add CAPTCHAs to your forms to prevent bots from overwhelming your site with requests. This can help you identify and separate good traffic from bad. Site traffic should always be monitored, and organizations should make sure they’re using updated browsers and user agents. 

7) Ransomware 

Arguably the most common form of malware, ransomware attacks encrypt a device’s data and holds it for ransom. If the ransom isn’t paid by a certain deadline, the threat actor threatens to delete or release the valuable data (often opting to sell it on the dark web).

Ransomware attacks have increased by 13 percent year-over-year, and are some of the most newsworthy malware types due to their impact on hospitals, telecommunications firms, railway networks, and governmental offices. Ransomware gangs, as well as individual actors, are continuing to see the payoff in targeting high-value organizations like supply chains and critical infrastructure.

In the beginning of 2022, the Costa Rican government was attacked by ransomware, affecting finance and other government services to such a degree that a state of emergency was declared. 

Employing an MDR solution can help an organization not only monitor their networks but act fast in case of an attack. In addition, security awareness training can help users detect and prevent suspicious activity.  

8) Spyware 

Cybercriminals use spyware to monitor the activities of users. By logging the keystrokes a user inputs throughout the day, the malware can provide access to usernames, passwords, and personal data. Spyware often leads to credential theft, which in turn can lead to a devastating data breach. It often originates in corrupt files, or through downloading suspicious files. 

• Keyloggers are a common kind of spyware that monitors and records users’ keystrokes. With this kind of spyware, hackers can steal credentials as well as credit card numbers and other data that may be entered into a system through typing. 

In addition to antivirus software, training employees and employing multi-factor authentication can be used to prevent spyware or the resulting credential theft.  

9) Mobile Malware 

As the name suggests, mobile malware is designed specifically to target mobile devices. This kind of malware has become more common not just with the proliferation of smart phones, but with the increase of mobile and tablet use by organizations and employees.

Mobile malware can employ several tactics, including spying and recording texts and phone calls, impersonating common apps, stealing credentials (for banking accounts or other applications), or accessing data on the device. Mobile malware often spreads through smishing (also known as SMS phishing).  

This is where, once again, security awareness training can be crucial — since many employees utilize their mobile devices for work.  

10) Rootkits 

Rootkits were not originally designed as malware, but they have become a common attack vector for hackers. A rootkit allows a user to maintain privileged access within a system without being detected.

In short, rootkits give a user administrative level access while concealing that access. To prevent rootkits from doing damage, organizations need to revoke privileged access and employ a zero trust approach, where ever used must be verified. Organizations should also employ multi-factor authentication to prevent single credential access.  

Defending Against Malware

No matter what form malware comes in, it’s an ever-present threat to your organization, systems, and most valuable assets. We always recommend taking a proactive approach and investing in your security environment, through either a security operations partner like Arctic Wolf® Managed Detection and Response (MDR) or a proactive solution like Arctic Wolf® Managed Risk.   

Learn more about malware and other emerging threats with our 2022 Trends: The State of Cybersecurity. 

Learn about how security operations can protect your organization from malware threats with our Comprehensive Guide to Security Operations. 

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.

What are the 3 types of malware attacks?

Which type of malware replicates themselves across a network?

What are the 4 types of malware?

What is the most common method a malware uses to spread through a network?