{"id":51031,"date":"2021-05-25T19:59:52","date_gmt":"2021-05-25T15:59:52","guid":{"rendered":"https:\/\/www.msp360.com\/resources\/?p=51031"},"modified":"2024-11-21T18:26:11","modified_gmt":"2024-11-21T14:26:11","slug":"types-of-malware-attacks-msps-should-protect-clients-from","status":"publish","type":"post","link":"https:\/\/www.msp360.com\/resources\/blog\/types-of-malware-attacks-msps-should-protect-clients-from\/","title":{"rendered":"Types of Malware Attacks MSPs Should Protect Clients From"},"content":{"rendered":"<p>As MSPs continue to upscale their clients\u2019 cybersecurity resources, cybercriminals are seemingly not taking it lying down. They are, instead, increasingly responding with more sophisticated types of malware attacks. <!--more-->So much so that in 2019, for instance, 66% of managed service providers surveyed in a <a href=\"https:\/\/www.statista.com\/statistics\/700944\/global-msp-client-ransomware-attack-by-ransomware-families\/\" target=\"_blank\" rel=\"noopener noreferrer\">global study<\/a> revealed that their clients had been hit by the famous CryptoLocker malware, while 49% had been affected by the WannaCry malware.<\/p>\n<p>Other prevalent types of malware attacks that were reported include CryptoWall (34%), Locky (24%), Petya (17%), CryptXXX (14%), and NotPetya (12%).<\/p>\n<p>Now, because of such worrying trends, we\u2019ve decided to prepare a comprehensive guide that highlights all the common types of malware attacks that MSP clients are experiencing today.<br \/>\nBut, before we dive into all that, let\u2019s get the basics right. What exactly is malware?<\/p>\n<div class=\"table-of-content \">\n\t\t\t\t<p>Table of Contents<\/p>\n\t\t\t\t<ul><\/ul>\n\t\t\t\t<\/div>\n<h2>What Is Malware?<\/h2>\n<p>From the word itself, you can already tell that malware is somewhat a compound term derived from \u201cmalicious\u201d plus \u201csoftware\u201d. And that\u2019s precisely what it means.<br \/>\nIn essence, malware refers to all forms of malicious software developed by hackers to attack and infiltrate computer systems. Some of the common types of malware include adware, worms, Trojan horses, spyware, ransomware, and viruses.<br \/>\nLet\u2019s look into each one of them.<\/p>\n<h2>Common Types of Malware Attacks<\/h2>\n<h3>Adware<\/h3>\n<p>Adware is an intrusive piece of software developed to deliver display ads such as pop-ups and website banners. You\u2019ll mostly find this type of malware embedded in freeware or free service websites, through which it seeks to generate revenue from ad viewership.<\/p>\n<p>Real-world examples of adware include DeskAd, Gator, DollarRevenue, Appearch, and Fireball.<\/p>\n<h3>Malvertising<\/h3>\n<p>While adware focuses on generating revenue from intrusive ads, malvertising is a type of malware that uses legitimate ads as camouflage. That means it appears as a legitimate ad, and then proceeds to deploy once you interact with the ad.<\/p>\n<p>Consider, for instance, an ad banner that redirects you to a malicious site when you click on it.<\/p>\n<p>Other real-world examples of malvertising include malware on landing pages, malware within Flash videos, malware within a pixel, and malware that is injected post-click.<\/p>\n<h3>Hybrids<\/h3>\n<p>Hybrids are usually a blend of two or more different types of malware attacks. You might, for instance, come across a Trojan horse that uses malvertising to disguise itself.<\/p>\n<p>Another common type of hybrid is bots, as they typically rely on botnets to launch distributed denial of service attacks, infiltrate devices, send spam, and steal data.<\/p>\n<p>Real-world examples include Kelihos, Mariposa, Waledac, Zeus, and Conficker.<\/p>\n<h3>Ransomware<\/h3>\n<p>Ransomware is designed to take over a computer system by encrypting its files, after which it proceeds to demand a ransom from the computer user. The objective here is to convince victims to send money in order to gain access to their blocked files.<\/p>\n<p><span class=\"further-reading \">Further reading<\/span> <a href=\"https:\/\/www.msp360.com\/ransomware-protection\/\">Stay safe from ransomware<\/a> with MSP360<\/p>\n<h4>Common Types of Ransomware<\/h4>\n<p>The thing about ransomware is it comes in various forms and strains. You might particularly want to look out for these notoriously common variants:<\/p>\n<ul>\n<li><strong>ZCyptor<\/strong>: Tends to act like a worm. It distributes itself through external drives, and then proceeds to encrypt files in the infected computers.<\/li>\n<li><strong>WannaCry<\/strong>: Has so far managed to hit more than 125,000 companies across over 150 countries. It specifically capitalizes on Microsoft\u2019s EternalBlue to attack Windows systems.<\/li>\n<li><strong>CryptoLocker<\/strong> \/ <strong>TorrentLocker<\/strong>: Distributed via spam emails, after which it encrypts infected files via an AES algorithm.<\/li>\n<li><strong>TeslaCrypt<\/strong>: Deploys itself after taking advantage of Adobe vulnerabilities. And, just like CryptoLocker, TeslaCrypt encrypts files using an AES algorithm.<\/li>\n<li><strong>Spider<\/strong>: Comes in the form of malicious macros concealed in a Word document, which is usually distributed as a debt collection notice via spam emails.<\/li>\n<li><strong>Ryuk<\/strong>: Reportedly responsible for <a href=\"https:\/\/www.helpnetsecurity.com\/2020\/11\/03\/ryuk-ransomware-2020\/\" target=\"_blank\" rel=\"noopener noreferrer\">over 30% of 2020s ransomware attacks<\/a>, Ryuk goes for critical files in organizations.<\/li>\n<li><strong>Petya<\/strong>: Makes the OS unbootable by encrypting all the files, including the master boot record.<\/li>\n<li><strong>NotPetya<\/strong>: Designed to completely destroy files without demanding ransom.<\/li>\n<li><strong>Locky<\/strong>: Often distributed via spam email as a scrambled \u201cinvoice\u201d, which then tricks victims into encrypting their files by enabling macros.<\/li>\n<li><strong>KeRanger<\/strong>: Possibly the first comprehensive malware that was developed specifically to target and lock macOS applications.<\/li>\n<li><strong>Jigsaw<\/strong>: Once it encrypts files, Jigsaw proceeds to progressively delete them until the ransom is settled.<\/li>\n<li><strong>GoldenEye<\/strong>: Tends to target human resource departments. Once it\u2019s downloaded, it deploys through a macro, which then goes ahead and encrypts files while overriding the master boot record with a custom boot loader.<\/li>\n<li><strong>Crysis<\/strong>: Uses a strong algorithm to attack and encrypt files on network, removable, and fixed drives.<\/li>\n<li><strong>CryptoWall<\/strong>: Comes in the form of a Trojan horse concealed in spam or exploit kits.<\/li>\n<li><strong>Cerber<\/strong>: Designed specifically to attack users running cloud-based Microsoft 365.<\/li>\n<li><strong>Bad Rabbit<\/strong>: Disguises itself as an Adobe Flash update on malicious websites.<\/li>\n<\/ul>\n<p><span class=\"further-reading \">Further reading<\/span> <a href=\"https:\/\/www.msp360.com\/resources\/blog\/ransomware-attack-scenarios-and-how-to-be-protected\/\">Ransomware Attack Scenarios<\/a><\/p>\n<div class=\"call-to-action\">\n<div class=\"call-to-action__left\" style=\"width: 40%;\"><img decoding=\"async\" src=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2020\/06\/Ransomware-Awareness-Poster-Pack-2.png\" alt=\"Poster Pack\" \/><\/div>\n<div class=\"call-to-action__right\" style=\"width: 60%;\">\n<div class=\"call-to-action__title\">MSP's Ransomware Awareness Poster Pack<\/div>\n<div class=\"call-to-action__text\">\n<p>4 white-label posters to help you educate your end-users on how not to get hit by ransomware.<\/p>\n<\/div>\n<!--HubSpot Call-to-Action Code --><span class=\"hs-cta-wrapper hs-cta-deferred\" id=\"hs-cta-wrapper-38530902-54cb-489c-9f02-772612f0072d\" data-portal=\"5442029\" data-id=\"38530902-54cb-489c-9f02-772612f0072d\"><span class=\"hs-cta-node hs-cta-38530902-54cb-489c-9f02-772612f0072d\" id=\"hs-cta-38530902-54cb-489c-9f02-772612f0072d\"><!--[if lte IE 8]><div id=\"hs-cta-ie-element\"><\/div><![endif]--><a href=\"https:\/\/cta-redirect.hubspot.com\/cta\/redirect\/5442029\/38530902-54cb-489c-9f02-772612f0072d\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" class=\"hs-cta-img\" id=\"hs-cta-img-38530902-54cb-489c-9f02-772612f0072d\" style=\"border-width:0px;\" src=\"https:\/\/no-cache.hubspot.com\/cta\/default\/5442029\/38530902-54cb-489c-9f02-772612f0072d.png\" alt=\"CTA\"><\/a><\/span><\/span><!-- end HubSpot Call-to-Action Code -->\n<\/div>\n<\/div>\n<h3>Phishing<\/h3>\n<p id=\"last\">Phishing attacks are orchestrated through fraudulent attacks that disguise themselves as legitimate messages\/websites\/web forms from a reputable company. If you fall for it, you end up submitting private information like credit card digits, passwords, etc.<\/p>\n<div id=\"slidebox\"><span class=\"close\">\u00a0<\/span><!--HubSpot Call-to-Action Code --><span class=\"hs-cta-wrapper hs-cta-deferred\" id=\"hs-cta-wrapper-4a146d91-d63d-4e82-9aab-1f5f0c43f780\" data-portal=\"5442029\" data-id=\"4a146d91-d63d-4e82-9aab-1f5f0c43f780\"><span class=\"hs-cta-node hs-cta-4a146d91-d63d-4e82-9aab-1f5f0c43f780\" id=\"hs-cta-4a146d91-d63d-4e82-9aab-1f5f0c43f780\"><!--[if lte IE 8]><div id=\"hs-cta-ie-element\"><\/div><![endif]--><a href=\"https:\/\/cta-redirect.hubspot.com\/cta\/redirect\/5442029\/4a146d91-d63d-4e82-9aab-1f5f0c43f780\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" class=\"hs-cta-img\" id=\"hs-cta-img-4a146d91-d63d-4e82-9aab-1f5f0c43f780\" style=\"border-width:0px;\" src=\"https:\/\/no-cache.hubspot.com\/cta\/default\/5442029\/4a146d91-d63d-4e82-9aab-1f5f0c43f780.png\" alt=\"CTA\"><\/a><\/span><\/span><!-- end HubSpot Call-to-Action Code --><\/div>\n<h4>Types of phishing<\/h4>\n<p>There are three primary types of phishing attacks:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.msp360.com\/resources\/blog\/spear-phishing-prevention\/\"><strong>Spear phishing<\/strong><\/a>: This is a phishing attack that, instead of randomly going for a large group of people, happens to target a specific individual. Hence, it comes in the form of a personalized message.<\/li>\n<li><strong>Whaling<\/strong>: This is a much more professional-looking fraudulent message that targets a company\u2019s top-level executives.<\/li>\n<li><a href=\"https:\/\/www.msp360.com\/resources\/blog\/clone-phishing\/\"><strong>Clone phishing<\/strong><\/a>: Clone phishing entails creating fraudulent messages by reproducing past copies of legitimate emails.<\/li>\n<\/ul>\n<p>Real-world examples of phishing include wire transfer scams, Craigslist money scams, wire transfer scams, deactivation scares, Nigerian scams, tech support scams, and SEO trojans.<\/p>\n<p><span class=\"further-reading \">Further reading<\/span> <a href=\"https:\/\/www.msp360.com\/resources\/blog\/top-5-common-cybersecurity-attacks-msps-should-know-in-2024\/\">Top 5 Common Cybersecurity Attacks MSPs Should Know in 2024<\/a><\/p>\n<h3>Rootkit<\/h3>\n<p>Rootkit malware is capable of bypassing security systems and gaining unauthorized access to data without detection. That means an attacker can remotely compromise your system without leaving any sign of infiltration.<\/p>\n<p>Real-world examples of rootkit include Rkit, Adore, and Knark.<\/p>\n<h3>Spyware<\/h3>\n<p>Spyware keeps tabs on your activities while running stealthily in the background. In this way, they often manage to piece together keystrokes and harvest sensitive data.<\/p>\n<p>Real-world examples of spyware include BlazeFind, Internet Optimizer, ISTbar\/AUpdate, 180search Assistant, Gator (GAIN), and CoolWebSearch.<\/p>\n<h3>Trojan Horse<\/h3>\n<p>A Trojan horse, or trojan for short, tends to remain concealed while disguising itself as a legitimate application. Consequently, it manages to trick victims into installing the malware into their systems.<\/p>\n<p>Notable examples of Trojan horse malware include Tiny Banker Trojan, ZeroAccess, MEMZ, DarkComet, Magic Lantern, and FinFisher.<\/p>\n<h3>Virus<\/h3>\n<p>A virus is any malware that, upon activation, manages to replicate within the system, and then spread the infection to other connected devices.<\/p>\n<p>Some of the famous real-world examples of computer viruses include Melissa, Win32.Cabanas, Bizatch virus, and WinVir Stuxnet.<\/p>\n<h3>Worm<\/h3>\n<p>Unlike viruses, a computer worm is capable of replicating itself and spreading independently. That means it can go ahead and wreak havoc without human activation.<\/p>\n<p>Real-world examples of computer worms include Anna Kournikova, MyDoom, and ILOVEYOU.<\/p>\n<h3>Social Engineering<\/h3>\n<p><a href=\"https:\/\/www.msp360.com\/resources\/blog\/social-engineering-prevention\/\">Social engineering attacks<\/a> attempt to manipulate victims through psychological tricks. And, in particular, attackers are quite fond of preying on human emotions to trick their victims.<br \/>\nSome of the common real-world social engineering techniques include pretexting, scareware, and baiting.<\/p>\n<h3>Fileless Malware<\/h3>\n<p>Just as the name suggests, fileless malware isn\u2019t distributed as an independent file. Instead, it manages to infect computers by concealing itself within genuine programs. This allows it to run in the background without leaving any footprint.<\/p>\n<p>Real-world examples of fileless malware include Astaroth, Misfox, WannaMine, Operation Cobalt Kitty, and The Dark Avenger.<\/p>\n<h2>Malware Chart for MSPs<\/h2>\n<table>\n<tbody>\n<tr>\n<td><b>Malware Type<\/b><\/td>\n<td><b>What It Does<\/b><\/td>\n<td><b>Real-World Example<\/b><\/td>\n<\/tr>\n<tr>\n<td>Adware<\/td>\n<td>Delivers intrusive display ads such as pop-ups and website banners.<\/td>\n<td>DeskAd.<\/td>\n<\/tr>\n<tr>\n<td>Malvertising<\/td>\n<td>Uses legitimate ads as camouflage.<\/td>\n<td>Malware within Flash videos.<\/td>\n<\/tr>\n<tr>\n<td>Hybrid<\/td>\n<td>A blend of two or more different types of malware attacks.<\/td>\n<td>Zeus.<\/td>\n<\/tr>\n<tr>\n<td>Ransomware<\/td>\n<td>Encrypts computer files, after which it proceeds to demand a ransom.<\/td>\n<td>CryptoLocker.<\/td>\n<\/tr>\n<tr>\n<td>Phishing<\/td>\n<td><span style=\"font-weight: 400;\">Fraudulent messages disguised as legitimate.<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Nigerian scams.<\/span><\/td>\n<\/tr>\n<tr>\n<td>Rootkit<\/td>\n<td>Gains unauthorized access to data without detection.<\/td>\n<td>Knark.<\/td>\n<\/tr>\n<tr>\n<td>Spyware<\/td>\n<td>Monitors your activities while running stealthily in the background.<\/td>\n<td>Gator.<\/td>\n<\/tr>\n<tr>\n<td>Trojan horse<\/td>\n<td>Remains hidden while disguising itself as a legitimate application.<\/td>\n<td>DarkComet.<\/td>\n<\/tr>\n<tr>\n<td>Virus<\/td>\n<td>Upon activation, manages to replicate within the system, and then spread the infection to other connected computers.<\/td>\n<td>Melissa.<\/td>\n<\/tr>\n<tr>\n<td>Worm<\/td>\n<td>Replicates itself without activation and spreads independently across devices.<\/td>\n<td>MyDoom.<\/td>\n<\/tr>\n<tr>\n<td>Social engineering<\/td>\n<td>Manipulates victims through psychological tricks.<\/td>\n<td>Pretexting.<\/td>\n<\/tr>\n<tr>\n<td>Fileless malware<\/td>\n<td>Hides within genuine programs and runs in the background without leaving any footprint.<\/td>\n<td>The Dark Avenger.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>How To Protect Your Business from Malware<\/h2>\n<p>So far, we\u2019ve seen that MSP clients are still falling victim to different types of malware, despite leveraging cybersecurity tools and strategies such as pop-up blockers, email filters, antivirus software, and <a href=\"https:\/\/www.msp360.com\/resources\/blog\/endpoint-detection-and-response\/\">endpoint detection platforms<\/a>. These alone are proving not to be sufficiently effective in combating the increased cases of malware attacks.<\/p>\n<p>Hence, you might want to take a different approach and adopt a multi-layered framework \u2013- one that combines cybersecurity tools with <a href=\"https:\/\/www.msp360.com\/resources\/blog\/bcdr-business-continuity-vs-disaster-recovery\/\">disaster recovery and business continuity solutions<\/a>.<\/p>\n<p>You could, for instance, put together firewalls, <a href=\"https:\/\/www.msp360.com\/resources\/blog\/end-user-training-guide-for-msps\/\">end-user training<\/a>, anti-malware and antivirus software, email and web filtering, along with patch and update management, network monitoring, plus managed detection and response services.<\/p>\n<h2>And as the Last Line of Defence...<\/h2>\n<p>To top it all off, consider reinforcing your cybersecurity framework with managed backup. This is where you adopt an automated backup solution such as <a href=\"https:\/\/www.msp360.com\/managed-backup\/\">MSP360 Managed Backup<\/a>, and then use it to streamline all your backup and monitoring tasks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As MSPs continue to upscale their clients\u2019 cybersecurity resources, cybercriminals are seemingly not taking it lying down. They are, instead, increasingly responding with more sophisticated types of malware attacks.<\/p>\n","protected":false},"author":53,"featured_media":51035,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[877,884],"tags":[],"class_list":["post-51031","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-articles","category-msp-business-articles"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/51031","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/users\/53"}],"replies":[{"embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/comments?post=51031"}],"version-history":[{"count":13,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/51031\/revisions"}],"predecessor-version":[{"id":58996,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/51031\/revisions\/58996"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/media\/51035"}],"wp:attachment":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/media?parent=51031"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/categories?post=51031"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/tags?post=51031"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}