- I have a firewall and am 100% secure from external attacks.
- I have antivirus, and I will not be attacked by any viruses.
- I have both firewall and antivirus, and I’m fully secure.
- No one will target me. I’m the lucky one who won't ever be attacked.
Does any of this sound familiar? While many organizations are banking on firewalls and antivirus solutions to protect them, in reality, there is no such thing as 100% security. No system is ever entirely safe.There will always be a chance of successful malware attacks due to policy misconfigurations, human mistakes, or malicious insider threat, and even security products are vulnerable or can go down. Regardless of the protections already in place, organizations are still required to equip themselves with employees with proper incident handling skillsets and knowledge, and to always be prepared for the security incidents or malware outbreaks.
Before you understand how to handle a malware outbreak, you first must have a basic knowledge of what malware is and how it gains access to networks and compromises servers. Let us discuss what types of Malware are.
Types of Malware
Some people think that any malicious executable files that impact servers are the malware – but they’d be wrong, as malware is a collective name for several malicious software variants. It includes malicious software that intends to steal sensitive information, makes files unreadable, affects server performance by consuming CPU and memory, or instructs the victims’ machine to listen to a controller’s command. There are mainly four types of Malware categories as:
- Phishing Emails
- Worms and vulnerabilities
- Backlink, iFrame and drive-by download
- Brute force attack
How Does Malware Transmit?
If organizations understand how malware is transmitted or spread, they could review their attack surfaces from time to time, and remediate any risks as necessary. Let’s have a look how each type of Malware transmits.
As most of us know, phishing emails are one of the most common social engineering tricks used to spread malware or viruses. According to Webroot.com, “Phishing is a type of online scam where criminals impersonate legitimate organizations via email, text message, advertisement, or other means, to steal sensitive information. This attack is usually done by including a link that will appear to take you to the company’s website to input your information – but the website is a clever fake, and the information you provide goes straight to the crooks behind the scam.” It usually involves an innocent victim who lacks security awareness for this attack to be a success.
2.Worms and Vulnerabilities:
Worms and the vulnerabilities are another common malware type attackers use to infiltrate a system. Worms exploit vulnerabilities, especially using a remote command execution vulnerability to access applications, operating systems, and firmware. It’s easier for malware to propagate and spread to neighboring machines if software and patches are not being applied and updated on a regular basis.
3.Backlink, iFrame and Drive-By Download:
Some employees like to visit non-work-related websites, increasing the risk of being attacked and infected by backlink, iframe and drive-by download. These are different types of Malware found in many non-work-related websites like online gambling, adult sites, community forums, online streaming, and many others, which are littered with hidden backlinks or malicious codes. Employees are tricked into clicking on malicious content, leading to drive-by download. The files usually masquerade as legitimate word documents or PDF files that, when clicked, will run background process on downloading additional files – which are usually dropper, malware or trojans.
4.Brute Force Attack:
A fourth common malware transmission method is the brute force attack. This method is very commonly used by hackers when organizations have exposed high-risk ports or services, like;
- Desktop protocol (TCP/3389),
- Secure shell (TCP/22) or
- Server message block (TCP/445) services, to the Internet.
Attackers can perform dictionary attacks or crack the administrator password to gain access to the victims’ machine. Although some organizations customize their service port to a random port number, such as TCP/23456, this method is ineffective at defending against attack, as attackers can use various service probing tools against all ports on an organization's IP address range. It is easy to fingerprint the services running behind a specific port, and once these services have been identified, attackers can fine-tune and proceed with different attack strategies accordingly.
How Sangfor rescue from various types of malware attacks?
Sangfor experts help you to keep your network safe and secure from different types of malware, with an Incident response team available 24x7 . As a special year end promotional package, we are offering Incident Response (IR) services at a special discounted rate for a limited time. Let us help protect your business in this unprecedented time. Click Here to learn more about IR services and how Sangfor can help you.
Sangfor Technologiesis an APAC-based, global leading vendor of IT infrastructure solutions specializing in Network Security and Cloud Computing. Visit us at www.sangfor.com to learn more about Sangfor’s Security solutions, and let Sangfor make your IT simpler, more secure and valuable.