Malicious code, also known as malware, is any piece of software that deliberately damages your systems or causes them to malfunction (as opposed to a software bug that may unintentionally do these things). The reasons for this may be simple mischievousness, curiosity, or a proof of skill for bragging rights. Unfortunately, the development and deployment of malicious software is more often driven by sinister motivations such as data and IP theft, ransom, blackmail, or sabotage for profit — and you are the target.
This comprehensive guide explains the different types of malicious code, how malware can make its way onto your computers, phones, and other devices, as well as the impacts on individuals and organizations. It will also explain best practices and provide practical steps for protecting against malicious code and the cybersecurity threats used to deliver it.
Types of malicious code and the damage they cause
Malicious code is classified according to its behavior and purpose. Computer malware started as simple, relatively harmless programs that replicate themselves across systems using network connections, and even storage devices like floppy disks and USB drives. This behavior evolved to take advantage of new technologies and explore new ways to damage systems.
The modern cybersecurity landscape includes malicious code such as:
- Viruses are an umbrella term for malware that, when executed, replicates itself and spreads from file to file or system to system. Examples include the ILOVEYOU virus which was spread by email attachment and Elk Cloner, the first virus to spread via floppy disk.
- Worms are a specific type of computer virus that spread over networks without necessarily requiring user action to infect a machine. Computer worms are capable of damage and widespread in order to become newsworthy. For example, MyDoom (used to send spam email from infected machines) and Conficker (a worm that rapidly spread and infected servers, but was never actually fully utilized) infected millions of machines, and caused billions of dollars in damages.
- Rootkits allow attackers to maintain a presence on infected computers after infection. This malicious code lives at the lowest levels of your operating system, hiding from antivirus and security software. This can allow them to re-infect systems after they have been cleaned up, and some rootkit infections can be effectively permanent.
- Trojan horses (or just trojans) are malicious software disguised as legitimate software with the goal of tricking you into opening them (hence their namesake). Once executed, they open or create paths for attackers to circumvent protections (like firewalls) and gain access to your computer or network. Famous trojans include the Zeus trojan that steals banking information from Windows computers, and Emotet which is used to infiltrate a system and then download additional malware.
- Ransomware encrypts your data so that it is no longer usable without a decryption key. Of course, you’ll only get the key if you pay the attacker a princely sum for it. Ransomware attacks are often targeted at businesses who require access to their data to operate, and may come with the additional threat of public disclosure of sensitive information if the ransom is not paid (giving it the secondary name extortionware).
- Spyware surreptitiously collects information from your device (and by proxy, you) including screenshots, camera and audio recordings, and recorded keyboard input. The purpose of this secret monitoring is usually surveillance, blackmail (there’s a reason many IT professionals keep their webcams covered), or identity theft.
- Adware is malicious software that works its way onto your computer (usually hitching a ride alongside software you intended to install as an extra ‘feature’) so that it can show you ads. Adware is often also spyware, as it will record your activity to attempt to target you with relevant ads, or scare you into purchasing a product you don’t need.
Viruses, worms, rootkits, and trojans generally refer to the method of infection of malicious code, while ransomware, spyware, and adware refer to the intent and outcomes of infection. Malware could fall into any one or more of these categories depending on its complexity.
Cybersecurity threats: methods of infiltration and their prevention
There are several, user-driven methods of infiltration that you should be aware of so that you don’t become the means hackers use to infect your personal or work devices.
Phishing attacks
Phishing attacks imitate third parties (for example, your bank, government, or email provider) in an attempt to get you to willingly give them sensitive information like passwords or bank details. This is done by sending fake emails (that often link to fake login screens that steal passwords) or through phone calls, impersonating support agents who will tell you that there’s a problem and that they need your details to resolve them. When phishing attacks are well-researched and highly-personalized they are referred to as spear phishing.
Drive-by downloads
Drive-by downloads deliver malicious code to your computer from infected websites, either with disguised or automated downloads that can install software without your consent. While web browsers are getting better at protecting against this behavior, it is important to be vigilant and not click on any unexpected download, installation, or security prompts.
Similarly, infected email attachments often make it to your inbox, so it’s important to use a mail provider that filters them out in combination with an antivirus that prevents them from running on your devices (it’s also just best practice to not open any unexpected attachments from anyone).
Malicious websites
You should also be wary of malicious websites: the internet is still the wild west, and anyone can set up a website that impersonates another legitimate site, or makes lofty claims about what you’ll receive if you hand over sensitive information. Stick to websites and services with a good reputation (by checking online reviews) and carefully vet any website that asks for personal information. This especially applies to websites that want to authorize and connect with your email account, payment, and work accounts.
You should also check the legitimacy of online stores and ensure that they are using a secure payment gateway so that your payment details cannot be stolen during a transaction.
It’s also important to only download software from trustworthy sources like official app stores and reputable online storefronts. Search engine results are often poisoned with fake links disguised as ads for legitimate software, so always check that you are downloading from the correct source. It is also important to keep your software up-to-date — Many threat actors will deploy exploit kits to deliver malware through known (and often already patched) security vulnerabilities.
Social engineering
You should also ensure that those around you are vigilant against these attack vectors — if they fall victim to malicious code, the attacker could infect your devices through theirs if they are on the same network, or use information they hold against you, despite your own best efforts to protect yourself. Social engineering is a powerful tool for hackers, and they can often get the sensitive information they are seeking without a single keystroke through a simple phone call and a few friendly enquiries to your well-meaning colleagues, friends, and family.
Impacts on systems and networks (and individuals and businesses)
The impacts on individuals and organizations from malware can be catastrophic. Individuals can suffer immense psychological and emotional damage from even the threat of their private information being disclosed or their hard-earned money stolen, while organizations can suffer financial and even regulatory repercussions from a cybersecurity incident.
For businesses, data corruption and loss can result in the destruction of important intellectual property, system downtime and business disruption, and even threats to business continuity due to financial losses and reputation damage. Unauthorized access and data breaches can also have legal consequences. For example, not adequately protecting personally identifiable information (PII) could lead to legal action from your users, or heavy fines under privacy regulations such as GDPR and CCPA.
A recent case-study in just how damaging a cybersecurity attack can be is the SolarWinds supply chain attack. SolarWinds provided monitoring and management software to many high-profile organizations, but were themselves hacked, and their software platform used to deploy malicious code to their customers.
More than 30,000 organizations were affected, all having their networks and data compromised in a single (but complex) attack. The reputational and financial damage from this attack is significant and ongoing, and the effects on individuals who have had their data stolen (and may not even know it) is impossible to quantify.
Malicious code prevention and protection measures
The rewards threat actors seek by deploying malicious software against you are clear, and the damage they will do to you or your organization are no concern of theirs — they are usually far removed from any consequences, so the only real recourse you have is to not be a target, and not be infected from the outset.
There are several security best practices you should employ to avoid becoming a victim of malicious software and cybersecurity threats:
- Deploy antivirus and anti-malware software on your devices.
- Keep your software up-to-date.
- Make sure your staff is vigilant and aware of common threat vectors, including email attachments, malicious downloads, phishing, and social engineering.
- Maintain robust network security by employing firewalls and monitoring your network for suspicious activity.
- Perform regular backups and test your disaster recovery plans.
You should also use secure communication tools that implement encryption to keep sensitive information that could be used in social engineering attacks from being easily discovered.
Improving your security practices with automated detection and response
While proactive measures are vital to protecting against malicious code, when a system is compromised you need to be able to take immediate action to isolate and clean up the infection.
By deploying remote management and monitoring software (RMM) that integrates with best-in-category security platforms, you can rapidly respond to security incidents, ranging from malware infection to unauthorized access as a result of social engineering.