-
Drop us a line
info@elvt.io
-
Give us a call
(202) 945-4833
-
USA Based
Mon - Fri
When tackling cybersecurity issues it helps to make a distinction between the behavior and goals of malware (as defined in the payload that is inserted), and the path and infiltration method by which it is delivered and distributed, known as the vector. Typically these two can often be mixed and matched together so that the actor can bake the perfect type of malware for their end goals, which makes understanding the options very important.
Imagine your computer systems are a city, and malware is an invading army. The “payload” is the specific weapons and strategy that the army uses to conquer the city. This could be anything from stealing your files, holding your data for ransom, or simply wreaking havoc on your operating system. The Payload dictates the ‘what’ in the malware’s mission, whether it’s data destruction, financial gain, or information theft.
This category of malware is commonly known as “wiper malware.” The primary objective of this malware is to cause maximized, direct damage to systems, files, and data. It often renders the infected system inoperable by deleting or overwriting critical files and required operating system components, and is mostly dedicated to disrupting operations and being harmful for harm’s sake, with no other goal. It is also sometimes inherently uncontrollable and can spread in unpredictable ways.
Example: Shamoon – Targeted Saudi Aramco and destroyed thousands of computers.
Ransomware encrypts or deletes files, steals data and eventually demands ransom for return or decryption. It causes data loss, monetary harm, and operational disruption while generating direct financial gain for the threat actor. Ironically, some Scareware flavors of this class convey a threat message that is not even ‘real’, and ransom is requested without actually doing any real damage, using flash messages and simulated error messages.
Example: WannaCry – Infected more than 200,000 computers across 150 countries, demanding a ransom in Bitcoin.
Worms, as in ‘this whole thing is infested with worms,’ are the type that play the long game. They often use infected devices to systematically form a network of bots for performing a wide array of malicious tasks and create a launching off point for further harm. The intended actions could include performing Distributed Denial of Service (DDoS) attacks on websites, untraceable spam / ad distribution; and widespread time-based or remotely triggered disruption.
This type of self-replicating malware spreads through networks and aims to cause rapid, widespread infections. However, it does not always initially cause direct, visible harm. A robust self-replicating malware doesn’t require user interaction to propagate. It exploits vulnerabilities in systems or networks to spread from one host to another, often causing network congestion and eventually even delivering payloads that could be more harmful, such as ransomware or remote access trojans.
Example: Conficker – Created a large botnet and exploited millions of Windows computers.
These less dangerous flavors of malware are designed to gather information from a system or user, often without their knowledge. It then transmits that information to a remote attacker for use in ad revenue generation, identity theft or analytics and profile tracking.
Example: Zango – Delivered unwanted pop-up ads and collected user information for marketing purposes.
This type of malware is often also referred to as Nuisance Malware. It is designed to cause irritation, disruption, and inconvenience without necessarily causing severe harm or stealing sensitive information. The goal of this malware is to create chaos and confusion among users ‘for the LOLz’. They tend to contain a moniker or tag of who is responsible, akin to real-life graffiti.
Example: MEMZ – Displayed distracting and often humorous messages and animations on the infected computer.
This is how they get in. If the payload is the weaponry, the vector” is the secret tunnel or the spy that the army uses to get inside the city walls undetected. It’s the ‘how’ in the malware’s mission. From seemingly innocent email attachments to bleeding edge zero-day vulnerabilities and even low-tech social engineering, the vector is the delivery method. Learning about vectors is essential to understand how to fortify your systems against various types of infiltration.
This, by far, is the most common vector today. Most malware spreads through email attachments, malicious script files, or simple infected downloads from compromised websites that are executed on client devices. If the computer can be fooled into running some software, and especially if the user gives it escalated access, the doors are wide open to any payload.
Use email filtering solutions
Be cautious of email attachments and links
Keep your browser and extensions updated
These types of sophisticated malware sources utilize newly discovered software vulnerabilities before patches are made available. They find ways to gain unauthorized access and even control over systems, often undetected before it’s too late. Their ability to spread by exploiting vulnerabilities in systems or networks allows them to silently deliver payloads of various types.
Regularly update all software
Use a robust intrusion detection system
Employ virtual patching solutions
A common low-effort form of malware that masquerades as legitimate software in order to get past both user scrutiny and security controls. They can steal sensitive information, provide unauthorized access, etc, but usually by the user willingly using it.
Spyware, often bundled with seemingly harmless downloads
Adware and Malvertising, distributed through software bundling and value-add marketing, through malicious advertisements, or through fake security alerts on compromised websites
Scareware
Only allow downloaded software from trusted sources
Run frequent anti-malware scans
Be cautious of software that asks for excessive permissions
Sometimes the easiest vector is the human one. Simple social engineering can be used to compromise people who have access by saying a few words. This, in turn, compromises the isolated system as severely as an insider threat would do from the inside.
Educate employees about phishing and other social engineering tactics
Limit access to sensitive data
Use multi-factor authentication (MFA)
Just getting to be in the same room as a target system is the golden ticket. Here, infecting systems through malicious USB drives or other physical media is effortless. USB drives can also be used to exfiltrate data from a security facility. Meanwhile physical keyloggers, directly installed on a system through physical access to the I/O, can seamlessly steal passwords and even let an attacker act in the same room.
Even with the proverbial “air gap”, breaches can still occur through simple vectors tied directly to the personnel crossing the barrier with a dangerous device.
Use physical security measures like locks and restricted access areas
Disable USB ports and other peripherals where not needed
Employ surveillance systems
Some of these are also classified as APTs (Advanced Persistent Threats): Sophisticated attacks for long-term data theft, PII scraping or intellectual property compromise. These often come in the form of keyloggers and spyware, but most dangerously as rootkits, which conceal malicious activities by altering low level system functions and are often completely undetectable. They can monitor precise user activity, collect sensitive data and cause other compromising situations. This class of malware is especially insidious since it can stay dormant for long periods of time.
Use specialized anti-rootkit tools
Keep systems and antivirus software updated
Conduct regular audits for unauthorized activities
Understanding the multifaceted world of malware requires dissecting its two main components: Payload and vector. The payload serves as the destructive force or purpose behind the malware, targeting various elements like data, finances, or operations. The vector is the infiltration method, serving as the covert or overt gateway for the malware to enter, deploy its payload and extract your data.
Studying the different types of payloads and vectors, you can employ a more robust defense strategy. Whether it’s a destructive virus causing mayhem or a subtle spyware stealing your data, knowing is half the battle. The other half is a well-planned, comprehensive cybersecurity strategy.
Contact Elevate today to schedule a consultation and learn how we can tailor tech solutions to fit your unique needs and goals.