Naked Security outlines seven different categories of malware and describes how each of them through social engineering techniques can affect your organization. Some or all of these functionalities are often packaged together in the same piece of malware, but it’s helpful to examine them one by one in order to understand the damage they can cause.
- The first on the list is the keylogger, which records data from your keyboard and sends it to the attacker. Keyloggers allow attackers to steal your passwords along with any other sensitive data you’ve typed, such as financial details.
- Another type of malware is the data stealer, which uses data-matching patterns to search your computer for valuable files. Data stealers can automatically recognize things like payment card and bank account numbers, email addresses, passwords, and much more. They can also identify browser databases that store your passwords, personal information, and browser authentication tokens.
- A third variant is the RAM scraper, which can steal data from your computer’s temporary memory. Like data stealers, RAM scrapers can recognize valuable data when they see it. Some pieces of sensitive data—like credit card CVV codes, plaintext passwords, and decryption keys—are never saved to disk for security reasons. RAM scrapers allow attackers to intercept these data before they’re erased.
- A bot is a fourth type of malware which gives an attacker control over your computer. In many cases, your device will then be incorporated into large network of bots on different devices called a botnet. Attackers use botnets to launch massive automated attacks and spam campaigns. Bots also have the ability to receive updates, so the attacker can change the malware’s functionality whenever they desire.
- Next on the list is the banking Trojan, which is malware that targets financial information. Banking Trojans usually contain keyloggers and data stealers, and they often use web form injection to trick victims into entering their payment details into fraudulent data fields. Popular banking Trojans like Emotet, Trickbot, and Dridex are sophisticated and versatile pieces of malware that are used for much more than just stealing bank account details.
- A sixth variant is the remote access Trojan (RAT), a stealthy tool that grants an attacker access to your computer. In some cases, RATs can activate your webcam without turning on the light that indicates the webcam is active.
- Finally, ransomware is malware that encrypts your files and demands a ransom in exchange for the decryption key. Ransomware attacks have grown extremely sophisticated in recent years, with attackers hacking into networks and meticulously setting up the malware in order to cause as much damage as possible.
The one common thread that connects all of these types of malware is the method of their delivery. Phishing is the most frequent mechanism by which malware enters an organization’s network. New-school security awareness training can enable your employees to avoid falling for social engineering attacks.
Naked Security has the story: https://nakedsecurity.sophos.com/2019/12/28/7-types-of-virus-a-short-glossary-of-contemporary-cyberbadness/