Previously, we discussed how malware is more that “just” a virus, it can really wreak havoc on your systems. There are many forms of malware as well, making spotting it that much more difficult. Another part of the problem lies in the mobile devices we carry around because they don’t have anti-viral or anti-malware programs attached to them. Without those protections and without our vigilance around what we download, malware can have a seriously negative impact on our devices.
Society has become too busy to look any deeper than the surface when it comes to apps on phones and tablets. The systems put in place by app stores (Google Play, Android Marketplace, App Store, etc.) could never scan every line of code and determine what each line of code is for in an automated system. Instead, they weed out bad programs over time. Which means you may be an unlucky guinea pig, yet people have lost vigilance in this arena. We update apps and agree to terms and permissions without reading them, assuming it’s all legitimate.
It doesn’t have to be as extreme as a nation state or an app with privacy fears around it like TikTok, it could be something seemingly innocuous like a fancier calculator or a program that edits photos in a specific way. You use it once and then it just sits on your phone for years. You don’t use it, but it stays updated and malware could be included in those update packages. But we’re so busy, we don’t have time to look at it, so we just accept the permissions and end up giving access blindly.
Malware is an incredibly effective attack vector. The goal of an attacker is to gain access to someone’s system. If you can gain access to someone by gaining access to their physical computer or device and then access what they are doing on their device, you can then gain all the information you need to do the things they do in their life.
All an attacker needs is a back door. If they can get in a back door they can install key loggers and all sorts of other loggers that even record what the victim is doing in their home – manipulate their webcams, smart devices, baby monitors (nothing is out of reach). Once they’re in, they’re in. And as long as they can keep getting back in, they can stay there for years. The easiest way to do that is by having a packaged payload via malware that allows you to do that. Which is why malware is so effective. Why hack when all you need is someone to click a link.
Even so, using off the shelf malware is not as effective because it has a signature and is blocked by most anti-virus and anti-malware programs. However, people don’t always have those programs either. It’s also possible to alter the code and signatures of malware packages enough so that they are unique, not to mention that unique packages can always be written. As if back door malware wasn’t hard enough to protect against, there’s always front door malware too. This happens when people download an app because they want to play some variant of a game like Candy Crush with some special, different icon, and the download includes a back door to all of their data.
Preventing malware can be difficult today, especially since nefarious packages can be hidden inside the code of everyday apps we use, or they can be socially engineered to look like legitimate brands. The best thing to do is stop downloading things you don’t know for sure (100%) are safe, especially if you don’t understand who the source is and don’t trust the app store to have done diligence for you. Make sure what you are downloading has been well-reviewed. You should always employ anti-virus and anti-malware software programs on your personal systems, including phones and tablets, especially if you are file sharing between devices. Practice good cyber-hygiene, meaning don’t click on links or share files, don’t accept files from other people, verify everything you do to the best of your ability.
Even if you do all of the right things, it’s still possible to get infected with malware. So what should you do if that happens? If you or your company are attacked because someone has malware, good incident response is imperative. The number one thing to do when being attacked, whether it’s malware or something else, is to isolate the breach without shutting down. You want to leave the machine on and connected to the broad internet so you can track and trace and find the source and radius of attack. But you want to ensure that it’s isolated down to its own system so the malware isn’t infecting every device on your network.
You can remove critical functions or secure any sensitive data from that machine, but, for all intents and purposes, that box is now your sandbox. This is where you’re going to fight off the attackers. You may have multiple sandboxes to try and figure out what is going on, but isolation is the number one response to an attack with any form of malware. It is ultimately the way you will figure out how to inoculate a system against the malware, and how to eradicate whatever damage has been done.
Malware is a term that encompasses a number of nasty things that can do anything from spam your system to rendering it unusable. The best way to prevent malware is with anti-virus and anti-malware software, in conjunction with proper cyber-hygiene. Be wary of what’s out there, be skeptical of anything that looks even the slightest bit off. Do your due diligence. And if you do get infected, make sure to isolate that device without killing it so you have a chance to track down the perpetrator. Cybercrime is real! Don’t be a victim.