Get up to speed on the latest and ‘not-so-greatest’ types of malicious software
Malware. Frequently in headlines accompanying words like “data breach,” “cyberattack” and “ransomware,” malware is a word that has rapidly become commonplace in our digital world. The uphill battle of dealing with new malware, or malicious software, is about as palatable to infosec professionals as drinking the chunky, curdling milk that you accidentally left in the back of your fridge for the last three months.
Different types of malicious software are the bane of business IT systems everywhere and come in many forms — and many existing ones are continually evolving into new threats to avoid detection.
But what exactly qualifies as malicious software? And, moreover, what are the latest cyber threats in the world of malware that have been making headlines?
Let’s hash it out.
What qualifies as malware?
If you were to gather a group of infosec professionals and ask them what qualifies as “malware,” you’re likely to get a variety of answers. For some, the term refers to worms or trojans. For others, it could be adware, spyware, or even a computer virus. To put it in general terms, malware is any type of malicious software, program, or file that is harmful in nature.
That’s a pretty generic definition for something highly complex and comprehensive. After all, although some types of malware are static in nature, others are continually changing — such as polymorphic malware or metamorphic malware. It’s a seemingly all-encompassing categorization.
Even Microsoft tends to be pretty general in their definition of malware: “Malware is the overarching name for applications and other code, i.e. software, that Microsoft classifies more granularly as malicious software or unwanted software.” That helps a bit but not too much. Let’s look a little deeper at what they mean.
When it comes down to it, Microsoft lumps most types of malicious software into 13 categories:
- Macro viruses
- Password stealers
- Rogue security software
- Trojan clickers
Unwanted software, on the other hand, refers to those that:
- Don’t allow users to choose whether they’re active,
- Don’t allow users to control whether they’re active,
- Don’t allow users to install or remove them; and/or
- Contain advertising and advertisements.
It’s interesting to note that Microsoft is careful to differentiate malware from what they refer to as “potentially unwanted applications,” or PUAs. PUA software categories include marketing and advertising software, Torrent software, cryptomining software, bundling software, etc. However, other tech companies tend to include cryptomining software among their malware listings rather than discounting them as other types of unwanted applications.
Regardless of how you define it. Regardless of how it’s distributed or propagates — whether it’s via malicious browser extensions, malicious spam emails, URL phishing, droppers or downloaders — new malware (and old ones that are evolving) are serious threats to consumers and businesses alike regardless of their size, industry, or geological location.
Let’s take a look at a few of the latest malware threats in 2018 and 2019:
Evolving & new malware: 3 types of malicious software that have been making headlines
There are many variants of existing and new malware cropping up every day — which we’ll discuss more later in the article. Some of the latest malware threats pose threats to business’s data and customers’ personal information. Others, such as the Triton malware (which exploits vulnerabilities that exist in industrial safety instrumental systems and controllers) and WannaCry ransomware (a worm that continues to plague healthcare organizations by targeting Windows vulnerabilities), pose physical danger that can endanger the lives of thousands or potentially millions of people.
As you can imagine, though, it’s virtually impossible to write an article that’s comprehensive enough to encompass them all. (Nobody’s got time for that!) As such, what we’re going to do is choose three of the top families from the latest malware data and discuss what they are, what they do, and why they are such immense threats to organizations around the world.
New malware #1: The evolution of Emotet
Emotet, which started in 2014 as a run-of-the-mill banking Trojan, continues to evolve and expand its market share as a distributor of other malware such as IcedID and TrickBot. In its Top 10 Malware January 2019 report, the Center for Internet Security (CIS) describes Emotet as “a modular infostealer that downloads or drops banking trojans.” Although its ranking has changed from month to month, Emotet continues to have a regular presence in CIS’s Top 10 Malware list.
This malware is used to steal data and user credentials, deliver malicious payloads, and to spread to other connected computers via their networks within minutes. It also spreads beyond networks by brute force, malicious emails, and even malicious URLs. According to the Spamhaus Project:
“Spamhaus Malware Labs have tracked approximately 47,000 Emotet infected machines emitting around 6,000 distinct URLs to compromised websites serving as infection vectors. This makes Emotet the most actively distributed malware at the moment, accounting for almost 45% the total number of URLs used for this purpose.”
According to Symantec’s 2019 Internet Security Threat Report (ISTR), this self-propagating malware accounted for 16% of financial trojans in 2018, up from 4% the previous year. Furthermore, “Emotet was also being used to spread Qakbot, which was in 7th place in the financial trojans list, accounting for 1.8 percent of detections.”
Emotet, much like Kovter, Dridex, and NanoCore, uses “malspam” (malicious spam) as its primary infection vector, according to CIS, through it is known to use multiple attack vectors.
[Insert a CTA for the Email Security Best Practices eBook — maybe something along the lines of “Protect your organization from unsolicited malicious emails by implementing these X email security best practices.”]
New Malware #2: The emergence of SpeakUp
SpeakUp, a backdoor trojan that is distributed using Linux server exploits, is a new threat that has been emerging this year. According to research from Check Point, what makes SpeakUp such a big threat is that it’s “capable of delivering any payload and executing it on compromised machines, and evades detection by all security vendors’ anti-virus software.”
Well, that’s comforting. Considering that Linux is used exclusively by enterprise servers, this poses a significant and scalable threat to businesses.
So far, SpeakUp has been targeting servers around the world, including Amazon Web Services (AWS) hosted machines. Thus far, however, this new malware appears to primarily be infecting machines in East Asia and Latin America. While this is good news for companies in the U.S. and Canada, it may only be a matter of time before SpeakUp has something to say about its impact on North American servers.
New malware #3: Agent Smith’s infiltration
This type of Android malware exploits Android operating system (OS) vulnerabilities in mobile devices to install tainted or malicious copies of installed mobile apps such as WhatsApp, Flipkart, and several others. The latest malware is used to not only display fake ads but also to spy on the device’s user(s) and steal their banking information.
PC Mag reports that, so far, this new malware for Android has infected 25 million devices. While some victims of the malicious software are in the U.S. (estimated 300,000 devices) and U.K. (137,000 devices), the malware primarily appears to target mobile users in the India and the surrounding countries.
Trend Micro identifies Agent Smith as AndroidOS_InfectionAds.HRXA. The company also links it to AndroidOS_HiddenAds.HRXA and AndroidOS_Janus.ISO because of the vulnerabilities it exploits within the Android OS.
Frequency of malware detections: looking at the numbers
The rate of emergence of new malware variants has been a virtual rollercoaster over the past few years. The numbers vary greatly from source to source. For the sake of this article, we’re going to look at numbers presented by Symantec.
For example, Symantec’s 2019 ISTR states that there were:
- 357,019,453 new variants discovered in 2016 (a 0.5% increase over the previous year);
- 669,947,865 new variants discovered in 2017 (an 87.7% increase over 2016); and
- 246,002,762 new variants discovered in 2018 (a 63.3% decrease from 2017).
However, the percentage of groups using malware is on the rise. The ISTR 2019 report indicates that the number of groups using destructive malware increased by 25 percent in 2018. Furthermore, the report shows that while the overall number of ransomware infections has shown a steady decline (20% year-on-year), enterprise detections actually increased by 12% in 2018.
With hundreds of thousands of new malware variants coming out every year — and those are just the ones we know about — it should be no surprise that malware continues to be viewed as one of the ongoing top threats to organizations. Malware is a threat to companies, governments, and consumers alike. It targets networks, servers, IoT, and mobile devices alike, and in some cases can propagate itself to new victims.
The best thing that any organization can do to protect itself is to use reliable cyber security measures, promote user awareness training, use HTTPS for your website domain, and to implement email security measures and best practices.
What are you doing to protect your organization from the latest malware?
As always, leave any comments or questions below…