Malware (short for ‘malicious software’) is software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. For a business, malware can have a major impact on its brand and its customers.
Customers are the lifeblood of any business. Without them, there is no business. So, when something threatens those customers, it can have long-term effects on the reputation and the financial stability of a business. Malware can come in a variety of forms and have a variety of impacts, all of them bad for a brand and its customers.
Some of the functions malware carries out are:
- Stealing credentials & personal data
- Stolen usernames and passwords for banking sites can be used to withdraw money.
- Personal information, like date-of-birth and address details, can be used for identity theft.
- Siphoning computer power
- Computer resources can be used for things like bitcoin mining
- Infecting and corrupting files
- Locking and encrypting files to ransom
- Known as ‘Ransomware’, this is encryption software that is loaded onto a computer or network which systematically locks all files. The hacker then demands a ransom to unlock them.
Trojans are a type of malware used to obtain credentials, or personal details. The criminals do not cherry-pick. They will take whatever passwords they can get their hands on, by scanning the computers of your business and your customers. Password stealers lying dormant on a machine, will kick into action when you try and visit a page that asks for a password. The DNS (Domain Name System) of a local machine may also get hijacked to point to a rogue location, therefore redirecting all web traffic to a fake site controlled by the hacker.
Importance of Understanding Malware
The more you understand about what the malware is doing, the better you can protect your business and your customers from it. This allows you to:
- educate, inform, and advise customers that a particular attack is going around
- improve your brands’ defensive position against malware threats
- protect your customers’ accounts against financial or identity-based loss
Communication is the key. Customers who are aware of potential computer threats would be more likely to spot an attack and report it, therefore improving the awareness of other customers and also allowing your cyber-defence team to react quicker.
At FraudWatch International, our Malware specialists use several tools and methods to analyse malware threats for our clients. Sandboxing is one technique we use. This is where the malware is executed in a controlled environment and is automatically analysed. This controlled environment can be constructed to simulate the geo-target. It also allows for bulk-processing and enables baiting to occur, which makes the malware more willing to execute. But what happens when automatic analysis fails? Malware sometimes comes with built-in fail-safes to detect automated environments. Cybercriminals are often highly skilled and know how to implement tricks to avoid detection in the lab. This is where our skilled malware analysts get involved. They can perform static analysis instead, which means the malware is analysed without actually running it. The source code is analysed line-by-line to determine all the pieces of the attack.
FraudWatch assists with a Malware Bust
FraudWatch International has clients all over the world and we assist them on a daily basis to remove cyber threats against their brands. One of our success stories, relates to a UK bank and a request that came from a London Police Investigation.
As part of an investigation by London Police, a hacker was arrested, and their computer was seized. Code on the computer revealed a bank’s name, and they were asked to analyse or provide comment on it. The bank happened to be one of our clients, and they sent the request to us.
We provided a detailed analysis of the code, looked back through all the malware and phishing we had dealt with in the past to determine if there were any similarities or signatures that matched the sample that was found. We found several examples of malware and executed phishing and provided a detailed technical report back to both our client and London police for them to use in their investigation and prosecution of the criminal.
Removal of Malware can be complex
Malware does its best to stay in your system as long as possible by using obfuscation and stealth techniques. There is no antivirus (AV) software available today that can detect 100% of Malware. In fact, out of the 70+ antivirus scanners currently used by VirusTotal, only 3-6 detections are made for newly created Malware.
Removing Malware (assuming it has already been detected by your AV software) can also be difficult. Malware often detects the presence of AV software and tries to disable it. For infected files, a complex procedure of disinfection (removing Virus/Trojan body from originally clean file) is required and does not always happen automatically once malware is detected.
Detecting a virus requires significantly less time than providing reliable disinfection, which can take several days or even weeks.
Protecting Your Brand against Malware Distribution
The best plan of attack is to stop the malware getting out in the first place. There are several methods you can use as protection.
- If email spoofing is used to spoof your brand and trick your clients, DMARC (Domain Message Authentication Reporting and Conformance) is something you can implement.
- Inform and educate your clients about the methods you use to contact them, so they can recognise fakes.
- Employ the services of a cyber security company to:
- Actively monitor criminal networks and marketplaces to detect upcoming attacks
- Reverse and research previous cases and predict Malware’s future actions – like forcing Malware to download its updates in a lab to get the latest attack vector before it turns on your customers