Seven Kinds of Malware, and all Arrive by Social Engineering

Businessman selecting a digital padlock with a world map on the backgroundNaked Security outlines seven different categories of malware and describes how each of them through social engineering techniques can affect your organization. Some or all of these functionalities are often packaged together in the same piece of malware, but it’s helpful to examine them one by one in order to understand the damage they can cause.

  1. The first on the list is the keylogger, which records data from your keyboard and sends it to the attacker. Keyloggers allow attackers to steal your passwords along with any other sensitive data you’ve typed, such as financial details.
  2. Another type of malware is the data stealer, which uses data-matching patterns to search your computer for valuable files. Data stealers can automatically recognize things like payment card and bank account numbers, email addresses, passwords, and much more. They can also identify browser databases that store your passwords, personal information, and browser authentication tokens.
  3. A third variant is the RAM scraper, which can steal data from your computer’s temporary memory. Like data stealers, RAM scrapers can recognize valuable data when they see it. Some pieces of sensitive data—like credit card CVV codes, plaintext passwords, and decryption keys—are never saved to disk for security reasons. RAM scrapers allow attackers to intercept these data before they’re erased.
  4. A bot is a fourth type of malware which gives an attacker control over your computer. In many cases, your device will then be incorporated into large network of bots on different devices called a botnet. Attackers use botnets to launch massive automated attacks and spam campaigns. Bots also have the ability to receive updates, so the attacker can change the malware’s functionality whenever they desire.
  5. Next on the list is the banking Trojan, which is malware that targets financial information. Banking Trojans usually contain keyloggers and data stealers, and they often use web form injection to trick victims into entering their payment details into fraudulent data fields. Popular banking Trojans like Emotet, Trickbot, and Dridex are sophisticated and versatile pieces of malware that are used for much more than just stealing bank account details.
  6. A sixth variant is the remote access Trojan (RAT), a stealthy tool that grants an attacker access to your computer. In some cases, RATs can activate your webcam without turning on the light that indicates the webcam is active.
  7. Finally, ransomware is malware that encrypts your files and demands a ransom in exchange for the decryption key. Ransomware attacks have grown extremely sophisticated in recent years, with attackers hacking into networks and meticulously setting up the malware in order to cause as much damage as possible.

The one common thread that connects all of these types of malware is the method of their delivery. Phishing is the most frequent mechanism by which malware enters an organization’s network. New-school security awareness training can enable your employees to avoid falling for social engineering attacks.

Naked Security has the story:

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Has Gone Nuclear Webinar

Get the latest about social engineering

Subscribe to CyberheistNews