What is malware?
A malware attack is a common cyberattack where malicious software executes unauthorized actions on the victim’s system. The malicious software (a.k.a. virus) can perform many specific types of attacks such as ransomware, spyware, command and control, and many more.
Malware discussion typically encompasses three main aspects:
- Aim: Why malware is designed and what they want to achieve!
- Delivery to target mechanism: How the malware is delivered to the target machine!
- Hiding Privacy: How the malware avoids detection from the network and other loopholes!
Malware is created with an objective in mind. While it could be said that the objective is “limited only to the imagination of its creator,” this will focus on some of the most common objectives observed in malware.
Stealing data, credentials, payment information, etc. is a recurring crime in the realm of cybercrime. Malware focused on this type of theft can be extremely costly to a person, company, or government target that falls victim.
Actively working privately to cause problems for a target’s operation is another objective seen in malware. From a virus on a single computer corrupting critical OS files to the physical self-destruction of many systems in an installation, the level of “disruption” can vary. And there is also the scenario where infected systems are directed to carry out large-scale Distributed Denial Of Service(DDOS) attacks.
Some of the malware is focused on directly extorting money from the target client. Scareware uses empty threats to “scare” the target companies into paying a huge ransom. Ransomware is a type of malware that attempts to prevent a target from accessing their data until the target company “pays up.” It has become enough of a threat to the public as well as to some of the companies, for which they had to deliberately purchase Bitcoin, just in case they get hit by a ransomware attack and thereby resulting in paying the ransom.
Types of Malware Attack Vectors
There are mainly three types of malware attack vectors:
- Trojan Horse: A trojan horse relies on the user to download via email attachment and run it on the target.
- Virus: A virus is a type of self-propagating malware that infects other files or operating systems of a target via code injection.
- Worm: Malware that is designed to propagate itself into other systems is called a worm.
Indian it firms and their current state
Despite the data being encrypted, it was breached in 91% of the cases, and 66% of the organizations hit by ransomware and were forced to pay the ransom.
“Nearly 30% of the IT managers who were surveyed in India were able to recover their data from backups without paying the ransom. Every organization in India that paid the ransom did not get their data back,” noted the report, and added that on a global level the case was different.
The report by Cyber-protection firm Acronis also revealed that 56 percent of Indian companies reported that their IT costs had increased significantly to counter attacks in the past months – exactly two times the global average. As per the record, ransomware continues to be the leading threat in India with Maze ransomware accounting for nearly half of all known cases in 2020.
“Some attackers might also attempt to delete or otherwise sabotage backups to make it harder for victims to recover data and increase pressure on them to pay,” said Wisniewski citing the Maze ransomware attack.
Cybersecurity in India: In its Security Endpoint Threat Report 2019, technology giant Microsoft revealed the cyberthreat statistics in India. According to the report, India was among the countries that have the highest encounters of cryptocurrency mining and drive-by download attacks in 2019. The findings were based truly on an analysis of various data sources, which include as many as 8 trillion threat signals that Microsoft receives and analyses every day. The analysis covered a period of 12 months, from the month of January to December last year.
Microsoft Security Report: Malware and Ransomware attacks in India
As per the report, malware attacks experienced by the Asia Pacific Region at an encounter rate of 1.6 times higher than the global rate, while the region witnessed ransomware attacks at a rate 1.7 times higher than the rest of the world.
Microsoft India’s Group Head and Assistant General Counsel of Corporate, External and Legal Affairs, Keshav Dhakad said in a statement that while the overall cyber hygiene in the country has taken a turn for the better, there is much of all that remains to be done. He added that typically, due to excessive use of unlicensed software piracy and the proliferation of websites that offer free software or content has to lead to high malware encounters. To prevent this, consumer education is highly important.
Cryptocurrency mining: India records second the highest encounter rate in the region
The encounter rate of cryptocurrency mining in India itself decreased 35% as compared to 2018, which is a good sign but still stood at a rate 4.6 times higher than the global average, according to the report. The highest encounter rate in the Asia Pacific region was in Sri Lanka, which was the only country ahead of India.
Dhakad said that even after all the efforts of cybercriminals have been refocused to other areas of cybercrime, mainly due to the fluctuations in the value of cryptocurrency and with the increase in time needed to generate it, the attackers will still exploit users in areas where cyber awareness is low.
Drive-by download attack continued to be on the high curve in India
According to the reports, the volume of drive-by download attacks declined by 27% in the Asia Pacific region as compared to 2018. Such attacks are being carried out by downloading malicious code into the computer of an unsuspecting user when they fill up a form or visit a website. The code is then finally used by the attacker to steal financial information or the user’s passwords.
Even after there was a general decline in the attack across the region, the report found an upward curve of 140% in these attacks. The reports stated that along with the important financial hubs of Hong Kong and Singapore, India also witnessed a high attack volume which is three times much higher than the regional and the global average.
Coronavirus pandemic and cybersecurity
Since the pandemic broke out so far for so many days, the data collected by the Microsoft Intelligence Protection team showed that every country had witnessed at least one attack themed around COVID-19. The report added that the volume of such attacks being successful and is seemingly increasing in countries that have been hit by the pandemic, due to the rising fear and desire for information.
Dhakad said that according to the tech giant’s data and analysis, the threats which have been themed around COVID-19 are mostly retreads of attacks that have been used previously, with only a few bit changes to link them to the pandemic. This translates to the attackers that how using their existing malicious infrastructure to capitalize on the pandemic-induced fear in the minds of the people.
Best Practices against Malware Attacks:
The following are the best practices that can help to prevent a malware attack from succeeding, done by a malware attack.
Continuous User Education
Training the users on best practices for avoiding malware, as well as how to identify potential malware (i.e. phishing emails, unexpected applications, etc.) can go a long way in protecting an organization. Periodic, unannounced exercises, such as intentional phishing campaigns, can help keep users aware and observant, and up-to-date.
Use Reputable A/V Software versions
When installed, a suitable A/V solution will detect (and remove) any existing data malware on a system, as well as monitor for and mitigate potential malware installation or activity while the system is running. It will be important to keep it up-to-date with the vendor’s latest definitions and signatures.
Ensuring If the Network is Secure
Gaining control access to systems on your organization’s network is a great idea for many reasons i.e. Use of smart technology and methodologies—such as using a firewall, IPS, IDS, and remote access through VPN—will help minimize the attack surface of your organization exposes. Physical system isolation is usually an extreme point of measure for most organizations and is still vulnerable to some attack vectors.
Regular Website Security Audits
Scanning your organization’s websites regularly for vulnerabilities (i.e. software with known bugs, server, service, or application misconfiguration) and detecting if known malware has been installed can keep your organization secure, protect your users, protect customers and visitors.
Create Regular, Verified Backups
Having a regular and day-to-day basis offline backup can be the difference between smoothly recovering from a destructive virus or ransomware attack. The main key here is to actually have a regular backup that is verified to be happening on the expected regular basis and is usable for restore operations. Old and outdated backups are less valuable than recent ones, and backups that don’t restore properly are of no value.