Over the last couple of weeks, our blog has looked at various elements of security, wether it's how best to secure your iPhone or ways to handle those all important passwords. Today we're going to take a look at Malware, what it is, how it works and then later in the week how to protect yourself against it.
What is it?
Malware is simply the all-encompassing term for any kind of Malicious software, so it includes viruses, worms, ransomware, spyware, botnets and trojan horses, to name but a few. Malicious software generally has one of two objectives; either to steal data, wether its account passwords to be sold, credit card information for fraud or private documents for industrial espionage, or to control data either to be held to ransom or to corrupt and disrupt the operations of businesses or governments.
How does it work?
As Malware comes in a variety of forms it doesn't all work in the same way, but there is a 7 point kill chain that encompasses all Malware. Some types of malware may use 1 or 2 points on the kill chain and others may use all 7, so let's have a look at this all important kill chain.
1. Recon - This is where an attacker can manually, or using an automatic program, find out details about a potential target through social media and business networking sites. This information can be used for lures in the next stage.
2. Lure - This if often an email or social media post that has a link on it to some other media that you may be interested in. If effective recon has been done, lures can be tartged at your particular intrest or a seemingly ligitimate email from your bank.
3. Redirect - The link or image when clicked would now redirect you to a different website which could include obfuscated scripts, prompts to download an update of a seemingly legtimate programm or analyse a target system.
4. Exploit kits - Exploit kits are small bits of software that scan the targets system for backdoors, vunerabilities and zero day threats and then use these to download keyloggers, malware or other advanced tools used by attackers.
5. Dropper files - Dropper files are small files that can remain dormant on your computer for a few weeks before activating to avoid detection. They can scan your system for potential valuable files and may also contain downloaders for future malware.
6. Call home - Once a system is infected it can call home to the atackers Command and Control (CnC) server. The CnC server can then send further intructions, tools or malware to the infeected machine. This is the first time there is a direct link between the infected system and the attacker.
7. Data theft - This is the final stage of the kill chain and the ultimate goal of most attacks is the theft of valuable data either for financial profit or use in other attacks.
As previously mentioned not every kind of attack uses all of the stages of the kill chain, but almost every attack will use at least one of the stages in the kill chain.
So why is this kill chain important? Well, as the old adage goes 'knowledge is power' if we understand how threats work we can better protect ourselves from them. Later this week we will post some techniques to protect yourself from Malware.
If you are concerned about any Malware or security issues , please don't hesitate to get in touch either by emailing firstname.lastname@example.org or calling the office on 01173251505.