Malware is a constantly evolving threat that plagues everyone, from small- and medium-sized businesses in Chicago to giant corporations like Amazon. In recent years, new ransomware strains have become more effective at infiltrating computer networks and causing businesses to lose millions of dollars. Cryptojackers, a type of malware that siphons computing resources to mine cryptocurrency, has also taken the limelight. Meanwhile, malware like keyloggers and spyware continue to steal sensitive information from their victims.
Unfortunately, malware threats won’t be going away anytime soon, but you can defend against them by knowing how cybercriminals infect your computer with dangerous programs. That’s why we’ve compiled seven of the most common ways malware infections occur and how you can mitigate the risks.
1. Phishing
Phishing scams use fraudulent emails designed to trick you into clicking on dangerous links or downloading malware-laced attachments. What makes phishing so effective at spreading malware is that it doesn’t rely on highly technical tricks, but instead plays on people’s emotions.
For starters, scammers use email addresses and domains that appear to come from their victim’s coworkers, well-known organizations, or a company executive. The most devious scammers research their targets so they have vital information to win their target’s trust. The contents of the email will usually instill a sense of urgency by claiming suspicious account activity or serious emergencies to lure their target into downloading malware without thinking.
Implementing advanced email filtering software will help you remove common phishing scams, but learning to detect these threats on your own is much more important. Look out for mismatched email addresses, grammatical and spelling errors, use of urgent language, unwanted attachments, and suspicious links. If an unsolicited email contains any of these elements, delete that message right away.
2. Fraudulent websites
Websites that appear to be representing a known brand or organization are another popular method for distributing malware. These spoof websites typically have few subtle differences from the legitimate ones that can easily be overlooked.
For example, the official URL for a company may be “www.abcbusiness.com” but a cybercriminal may create a fake yet similar looking URL like “www.acbbusiness.com”. If users access the fake website, they may inadvertently trigger malware downloads without even clicking on anything. Some fraudulent websites may also serve as imposter sites, attempting to trick users into entering their login credentials to sensitive accounts such as their bank, social media, business accounts, and more. These credentials are then used in credential stuffing attacks across various other websites to maximize their access to personal information.
The best way to avoid such cases is to be more critical about the websites you visit. Always examine URL destinations and look for the official domain of a company via a search engine. Update your company firewalls to prevent you and your employees from accessing known fraudulent websites. You’ll also want to enable “click to play” options on your browser so that malicious web plugins don’t automatically run as soon as you visit a fraudulent website.
3. Ads and pop-ups
Online ads and pop-ups aren’t just a minor inconvenience; they also can sometimes load malware onto your device if you click on them. The malware may hijack your browsers to change default search engines, add unnecessary toolbars, and track web activity. More dangerous malware like Trojan viruses and ransomware could even be nesting in these contaminated ads.
You can reduce the chances of encountering these ads using verified ad blockers on your browser. It’s a good idea to use web filtering software to block shady websites, as these often contain malicious advertisements. More importantly, you must be vigilant. If an ad looks too good to be true, it’s most likely a trick to spread malware.
4. Corrupted USB drives
Due to their portable form factor and increasingly large storage capacities, USB drives are a popular choice for storing and transporting files from one device to another. However, these same traits make USB drives ideal for spreading malware.
For instance, cybercriminals can leave malware-ridden USB drives out in the open to entice people into picking these up and plugging these into their computers. Once inserted, the malicious code embedded in the USB drive will automatically run and infect the system. The malware contained in a USB drive may not even show itself right away; it could be keyloggers or spyware that lie dormant in your system to monitor your behavior.
It’s therefore important to be careful about the external devices you plug into your computer. Don’t plug in USB drives you find conspicuously lying around in a public area or delivered over mail, and instead report them to your IT department or managed IT services provider. Additionally, you should have endpoint security software that fully scans external media for suspicious programs and stops the harmful elements from infecting your computer.
5. Software vulnerabilities
Another way malware can get onto your computer is by directly exploiting the vulnerabilities in outdated software. Many unsupported Microsoft products have critical weaknesses that allow hackers to infiltrate devices and run their malicious code without detection. In fact, the reason modern ransomware variants like Maze are so prevalent is because of remote desktop protocol flaws in legacy Windows operating systems.
Updating your software regularly will close up any loopholes that may give malware a foothold into your systems. Take stock of all the software installed on company devices and check for new updates. Many enterprise patch management solutions can monitor any vulnerable systems and even let you distribute the latest updates to company-registered devices over the air.
Related reading: Protect your company from ransomware threats
6. Fake apps
Even though Android, Microsoft, and Apple take stringent measures to keep their app stores safe, malware that looks like a legitimate application sometimes finds its way into these stores. The Google Play store, in particular, often has many cases of fake and malicious apps because of the open-sourced nature of the Android operating system. Malware apps can masquerade as anything, from fake cryptomining programs to communication apps imitating known brands.
What’s worse is that some users get their apps from untrustworthy sources. Many third-party app stores don’t employ the same applications vetting procedures as official providers, so there’s an increased risk of finding malware on these platforms. Other cybercriminals may even bundle malware with free and legitimate software to exploit the users’ tendency to rush the installation process.
To make sure you’re not letting malware into your system, you need to be more discerning with the apps you install on your devices. Avoid installing apps from third-party providers and research the app before downloading it. This means looking at company websites or user reviews, and verifying the app with IT consultants. You should also carefully read the instructions during installation to ensure you’re not installing any unknown additional programs.
7. Peer-to-peer (P2P) sharing
P2P sharing involves establishing a connection between two or more computers, with each device acting as their own server and receiver. The technology is generally associated with torrenting, where you use a software program to locate the files you want across a P2P network of computers. When the software finds a computer that has the files you want, your torrenting software will initiate the download.
In the public sphere, P2P sharing and torrenting are infamous for enabling users to illegally download software, videos, music, and other media. The problem is they also allow cybercriminals to embed malicious programs like the Aeur ransomware in shared files. As such, you should steer clear of torrenting wherever possible and, if that’s not possible, only download shared files from reputable places. Leveraging advanced anti-malware and intrusion prevention systems may also catch malware traversing through P2P sharing networks before it reaches your computer.
Protecting your systems from different types of malware requires strong security measures, constant awareness, and safe web practices. If you need help in any of these areas, call Dynamic Solutions Group today. Our security experts can recommend best-in-class solutions, deploy robust defense strategies, and provide security training to keep malware at bay.