The total cost of damage caused by malware in 2015 was about $502 billion in 2019 that jumped to $2 trillion. And it’s expected to hit $6 trillion in 2021. To put that into perspective, that’s more than the entire retail sales of all of the United States.
Needless to say, there is a lot of money being made in cybercrime and malware and it’s only going to increase. We should dive into what malware, actually, is the different types of malware that there are, and the ones that you’re more likely to run into, and then how they work. And so with all of that, how we can avoid them.
Truthfully, in the digital and connected world that we live in, malware is just something that we’re going to have to deal with and it’s actually pretty prominent, so I feel like the more we know about it, the more we know how it works, the better off we are at avoiding it, and the less frankly that we have to worry about it.
So first off, what is malware? Technically the term comes from a combination of the word malicious and software, but that’s a pretty broad term I mean by that definition I could include from your prose, where it crashes on purpose because it’s evil, so bit defenders definition is software that has a bad intention as far as your personal information, computer, and operating system are concerned.
Now, of course, the first type of malware that is associated with that definition is viruses. But to be completely honest, that term and malware get used interchangeably, and that’s not really right, we need to address that real quick. A virus is an application that can copy itself by attaching its code to other files on the system. Think like how a cold infects the cell in your body, hence the name, the worst of these would then do this and spread from computer to computer damaging and compromising the integrity of each infected computer for malware to be a virus, it needs to be able to infect files in this way and, honestly, since they corrupt files, they are easily identified by computers and anti-malware software so they actually aren’t really used very often by hackers nowadays they’re counting for less than 1% of the global threats according to MIT defenders studies, so all viruses are a type of malware the two terms should not be used interchangeably.
And actually, the chances of you coming across a virus nowadays are actually pretty high.
So, what are the most common malware types today that are causing the most damage? First up, we have keyloggers. These are essentially the malware equivalent of someone looking over your shoulder while you’re at the ATM entering in your PIN code to withdraw money. This software is installed on an infected computer and intercepts, everything you type and puts it into a log.
The name, along with screenshots and mouse clicks, etc. In some cases, and then sends that log to its owner.
Occasionally, essentially giving them your logins for things like your bank site e-commerce site for your credit card info email logins, which they can then use to log into other financial accounts, etc.
Frankly, keyloggers are difficult to detect, especially on shared computers like in a cafe, a library, a hotel, etc.
And this is why you should avoid logging in to anything terribly sensitive on any of these types of computers and on your own computer, being careful not to download files from places or people that you don’t know, can help limit your exposure.
Next up is ransomware, and this one has become very popular recently is all over the news. According to a study by Bitdefender in 2015 ransomware costs $315 million worth of damage and some estimates have organizations and individuals paying out over 11 points 5 billion in 2019, and is only expected to continue to increase.
And the idea behind ransomware is essentially that it infects your computer and then proceeds to encrypt all of the data on it, so you can no longer view or retrieve it, then the program requires you to pay a ransom usually between $100-300 in some form of hard to trace currency like Bitcoin, in order for you to encrypt the files and give you access to them again.
Now, the way that they are spread is again very similar to other versions of malware, usually, in some sort of cleverly crafted email that has an attachment in the form of an invoice and delivery note resumes or some other type of file related to what’s in the email, some ransomware though, can also be disguised as advertising banners on some websites that use exploits for known vulnerabilities in usually older versions of browsers, and then crash the browser and install their code, and some of you have been found installing illegal downloads found on popular torrent websites as well.
Now of course, again, be careful with any files through email or sites you don’t know or trust, but because this malware also has been known to infect computers in other ways, you should take some other precautions as well, firstly, backup your important files regularly to a drive that is not constantly connected to your computer.
There’s a lot of ransomware out there that is able to encrypt attached storage as well, by the way.
Next, make sure that your computer is completely up to date as well as whatever browser you are using a lot of times they use exploits that are then patched in newer versions of both of these things so being on the latest version can also help.
Another one the most common types of malware that you’ve probably also heard of is called phishing and technically it’s not its own software so I don’t know if it’s technically malware or whatever, it’s really popular, so we’re going to include the idea behind this is that just like the hobby, fishing, that the name is based on an attacker will send out various emails, instant messages and even put links on social networks forums, etc, in the hopes that someone will fall for it.
Click it and end up giving up some valuable information.
A common example of this is you receive an email supposedly from your bank, it will have your bank logos on it and other visual cues to make it seem like it is actually your bank sending the message. It’s not, and it’ll maybe have some sort of threat that if you don’t click the link within it and validate some personal info, your account will be suspended or something of that nature.
Then, when you click on the link, it takes you to a fake site that looks like the correct one and you’ll put in your login credentials for example, and then, voila, the cybercriminal now has that info and can use it to access your real bank transfer money out of it, etc.
Now, since they’re relying on conning you into clicking a link usually a good way to protect yourself is to just learn to recognize these emails with a few telltale signs. Firstly, the emails generally have spelling or grammar mistakes and most of the time they aren’t from a native English speaker, they’re usually not personal.
A lot of financial institutions like banks have policies, where they never asked for any information from you via email so automatically there’s a good chance that your bank also has that policy, and any email coming in pretending to be from them is automatically fake, if you do give an email like that though and you want to just confirm all you have to do is call your bank’s customer support number, the one on their actual website, don’t do anything that’s in the email itself, and just ask them, Is this real did this come from.
You know, besides that spam filters are your first line of defense and if you’re using any sort of modern email service. These are already in place and removing some of these messages before they reach your inbox, if any accounts use support two-factor authentication though, you should also use that, this is usually in the settings of your account and when turned on, it requires a unique code to be sent to your phone for you to input every time you log in, or there are special authenticator apps that you can use as well.