Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Seven Kinds of Malware, and all Arrive by Social Engineering

    Businessman selecting a digital padlock with a world map on the backgroundNaked Security outlines seven different categories of malware and describes how each of them through social engineering techniques can affect your organization. Some or all of these functionalities are often packaged together in the same piece of malware, but it’s helpful to examine them one by one in order to understand the damage they can cause.

    1. The first on the list is the keylogger, which records data from your keyboard and sends it to the attacker. Keyloggers allow attackers to steal your passwords along with any other sensitive data you’ve typed, such as financial details.
    2. Another type of malware is the data stealer, which uses data-matching patterns to search your computer for valuable files. Data stealers can automatically recognize things like payment card and bank account numbers, email addresses, passwords, and much more. They can also identify browser databases that store your passwords, personal information, and browser authentication tokens.
    3. A third variant is the RAM scraper, which can steal data from your computer’s temporary memory. Like data stealers, RAM scrapers can recognize valuable data when they see it. Some pieces of sensitive data—like credit card CVV codes, plaintext passwords, and decryption keys—are never saved to disk for security reasons. RAM scrapers allow attackers to intercept these data before they’re erased.
    4. A bot is a fourth type of malware which gives an attacker control over your computer. In many cases, your device will then be incorporated into large network of bots on different devices called a botnet. Attackers use botnets to launch massive automated attacks and spam campaigns. Bots also have the ability to receive updates, so the attacker can change the malware’s functionality whenever they desire.
    5. Next on the list is the banking Trojan, which is malware that targets financial information. Banking Trojans usually contain keyloggers and data stealers, and they often use web form injection to trick victims into entering their payment details into fraudulent data fields. Popular banking Trojans like Emotet, Trickbot, and Dridex are sophisticated and versatile pieces of malware that are used for much more than just stealing bank account details.
    6. A sixth variant is the remote access Trojan (RAT), a stealthy tool that grants an attacker access to your computer. In some cases, RATs can activate your webcam without turning on the light that indicates the webcam is active.
    7. Finally, ransomware is malware that encrypts your files and demands a ransom in exchange for the decryption key. Ransomware attacks have grown extremely sophisticated in recent years, with attackers hacking into networks and meticulously setting up the malware in order to cause as much damage as possible.

    The one common thread that connects all of these types of malware is the method of their delivery. Phishing is the most frequent mechanism by which malware enters an organization’s network. New-school security awareness training can enable your employees to avoid falling for social engineering attacks.

    Naked Security has the story: https://nakedsecurity.sophos.com/2019/12/28/7-types-of-virus-a-short-glossary-of-contemporary-cyberbadness/

     

    Return To KnowBe4 Security Blog

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    PST ResultsHere's how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry

    Go Phishing Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/phishing-security-test-offer

    Topics: Social Engineering, Phishing, Security Awareness Training

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews