The Malware Plague
Threat actors use malicious software, commonly referred to as malware, to execute malicious activities on a host computer. These malicious activities include data exfiltration, identity theft, and compromise of the corporate network. The proliferation of connected devices and the fact it is virtually impossible to run an enterprise without one has led to an increase in the number of cyber-attackers using malware.
Malware can be in the form executable code or scripts. There are many types of malware, but computer viruses and computer trojans are the most common. Threat actors don’t have to create their own malware or find vulnerabilities. They can instead obtain them via the dark web. There is a greater demand for sophisticated malware used by state-sponsored threats actors and organized crime syndicates.
Malware Trends. With the advancements in malware design, a new threat has emerged in the form of polymorphic malware. Polymorphic malware is malware which runs once and never runs again, making it difficult for antivirus providers.
Threat actors realized the benefits of using malware to attack financial institutions early on. Once malware reached the target endpoint threat actors were able illegally to transfer funds from the target to accounts controlled the threat actor. Threat actors also focused on using malware to attack ATMs, as ATMs are connected to corporate networks.
This article will teach you about malware classes and give you an overview of some of the most common malware families used in cyber attacks on the financial services industry.
Categories of malware
Table of Contents
It is crucial to be able to distinguish between the various malware types that threat actors use during cyber attacks. You can only build prevention capabilities by understanding the differences between computer viruses and computer Trojans.
End users assume that malware is limited to computers. However, it is important to realize that malware can affect any connected device, even smartphones and other industry appliances.
Depending on the threat actor’s objectives, they might use a particular malware family or a combination. Security teams should align their Indicators of Compromise to the cyber attack kill chains.
The attack kill chain describes the steps taken by threat actors to launch a cyberattack with malware. The attack kill chain is illustrated in the following diagram:
Computer virus
A computer virus is a virus that is very similar to a biological infection. This is why it is one of the most popular malware families.
Computer viruses can insert themselves into files or processes on a computer to perform malicious actions. They can also replicate themselves by altering other computer programs.
A computer virus can infect executables and scripts, documents, and even boot sectors. Multipartite viruses are computer viruses that can infect multiple targets, such executables, documents, and boot sectors.
Computer worm
A computer worm is a self replicating payload that can spread quickly in the network. Although computer viruses and computer worms are similar in their approach, the main difference is that computer worms do not require human interaction to spread throughout the network. Threat actors can combine the characteristics of a computerworm and a computer virus.
This was most evident in 1999 when the Melissa love letter was sent. The Melissa love letter was an electronic mail that was sent to
