Malware is software that uses malicious code to infiltrate and take over networks, computers and mobile devices. Cybercriminals committing malware attacks are mostly driven by a profit motive and, to a lower degree, attempts to improve their reputation in the hacking community.
Malware attacks aim to steal data and carry out identity theft, cause service disruptions and support espionage. The data can range from financial data to healthcare records as well as personal passwords and emails, creating unlimited possibilities for the cybercriminal to access all sorts of information.
Malware is a widely used cybercrime tool that is constantly evolving. It is very diverse and exists in hundreds of thousands of variants. ENISA, the EU’s cybersecurity agency, reports a detection of around 230 000 new strains of malware every day.
The three most common malware domains observed in 2020 on customer networks belong to the following malware families:
Nymaim is a malware strain used for spreading ransomware and other types of malwares, including banking trojans. Nymaim displays a localized lock screen while it downloads additional malware. It is typically reaching the user by sending phishing emails via an established email marketing service that contains links to malicious content.
Pykspa is a worm that spreads via Skype by sending messages to other Skype users with downloading links containing malware. Once downloaded, Pykspa extracts personal information and communicates with its command-and-control servers using a domain generation algorithm.
Popad is a malware delivered to the user’s browser via an advertising network provider. Once malicious advertisement reaches a user’s browser (e.g., when users visit websites which use this malware’s ad network service) it starts to perform in-browser crypto jacking. Once this malicious service is installed, whenever the user browses the internet, unwanted advertisements will pop-up on the web pages visited. These ads are aimed to promote the installation of additional questionable content including browser toolbars, optimization utilities and other products, generating pay-per-click revenue for the publisher.
What we do at cyan to prevent malware attacks
- We protect customers from malware infection by identifying and blocking malicious sites and domains which are distributing malware and viruses.
- We render malware harmless by detecting their command & control servers and by blocking all communication of devices with the servers.
- Our endpoint security uses virus scanners to detect and remove viruses and malware.