Last year, there were more than 9.9 million malware attacks across the globe. Sophisticated hackers systematically targeted businesses in a concerted effort to steal data, access their networks, and undermine their systems.
Yet, more than 62 percent of organizations believe that they have understaffed cybersecurity teams despite this threat. And just 31 percent say that their staffing levels are adequate to deal with the problem.
In this article, we discuss what malware is and how you can protect yourself. Global trends appear to indicate a slight reduction in the risks facing businesses in the last couple of years as Google and other operators improve their defenses. But the threat is still genuine and at a much higher level than just four years ago in 2016.
What is malicious software?
Malware is short for “malicious software” – essentially any software that could damage your systems or work against your organization’s interests. In many cases, malware grants unauthorized access to your data. Other times, it slows your systems and corrupts files.
The majority of malicious software attempts to steal organizations’ data or block access to it for hackers’ financial gain. Typically, a hacker will capture user data information and sell it to advertisers or capture credit card numbers. You should be aware, though, that many cybercriminals just find their hobby fun. Often, the only purpose of an attack is to disrupt your organization and interrupt your operations. It gives them a sense of power and control. The goals are often non-financial.
What are the different types of malware?
Malware comes in a variety of forms.
Spyware aims to harvest data and collect information, such as surfing habits, user names, passwords, and company data.
Spyware itself doesn’t corrupt your systems – though it might slow them down. Instead, it sits in the background, often unnoticed, feeding information to hackers who can then use it to undermine your operations. It typically arrives in the form of freeware or shareware.
Trojan horses are pieces of malware that cybercriminals smuggle onto your network through the backdoor. Often these files disguise themselves as legitimate downloads. Then, once they’re past your firewall, they begin deleting data and spying on your devices.
Worms infect previously healthy computers and networks via phishing attacks or software vulnerabilities. Once they gain access to your systems, they cause all kinds of chaos, hopping from one machine to another, deleting files, and stealing data.
Viruses are like worms, except they require already-infected systems to operate. Usually, you find this type of malware connected to Word documents and executable files. For instance, the a.exe file extension often contains viruses if it is not from a reputable source.
Adware is a type of software that shows advertisements that are not relevant to the user. By itself, adware is usually harmless. But it often links to sites with malicious downloads of viruses, worms, and trojan horses.
What is ransomware?
Ransomware is a type of malware that prevents you from accessing your files or data until you pay a ransom to cybercriminals.
Hackers deliver ransomware to your network via several methods. The most common is phishing spam – a topic we discussed above. Users receive what looks like a legitimate email, click a download attachment containing the ransomware, and inadvertently infect their machines.
Other types of ransomware, such as NotPetya, enter via security holes in your network or software and don’t require any user action at all.
Ransomware attacks are very costly. Experts believe that the WannaCry ransomware attack – one of the largest to date – led to billions of dollars in losses for companies spread across one hundred and fifty countries.
How does malware steal credit card information?
Most malware steals credit card information in one of two ways.
- Capturing keystrokes entered by the victim
- Taking screenshots of the victim’s computer as they enter user information
In most cases, hackers can’t access credit card information without users doing something that inadvertently allows malware onto their systems.
Hackers, for instance, will often disguise malware as a trusted program download or update. The software appears legitimate to the user, but its presentation is false. Once it is on the system, it begins capturing sensitive data.
Another strategy is to set up legitimate-looking landing pages that encourage users to click a download containing the malware. The page seems friendly and helpful and appears to offer what the user wants. But once the software receives permission to install itself, it begins recording all their keystrokes or sending regular screenshots to the hacker.
Lastly, some hackers send credit card malware in email attachments. Users then open the email, download the attachments and inadvertently install it on their computers.
How do I protect data from malware?
Notice how in all of the cases above, hackers can only install malware on users’ computers with their inadvertent consent. Employees in your organization usually need to allow the hacker to get a foot in the door. Once that happens, then the malware is free to infect computers and start collecting information.
Protecting your data from malware requires multiple strategies. No single action will protect your organization entirely. The landscape is messy. Here are some of our recommendations.
- Backup your data. If you store data elsewhere, ransomware cannot operate. You can ignore hackers’ demands for money if you have a backup repository somewhere else. You also protect yourself against malware that simply deletes data.
- Train your staff. Hackers know that getting around your firewall using technical skills alone is difficult. But tricking employees is much easier. Your team members are your weakest link because they are not always able to identify attacks. You can respond by implementing a solid training program that teaches employees to be careful about what they click and be wary of strange emails. Education shows them the common signs of a malware attack and how to respond effectively.
- Remove all spam. Spam emails often contain dangerous attachments that can install malware on your network. Add them to your email provider’s spam list and block them from ever reaching staff inboxes.
- Update all software in your technology stack. While some software updates add features, most address vulnerabilities. Keeping it up to date gives you the best possible protection against currently-known threats.
- Install anti-spyware and anti-adware software. These programs often come bundled with your antivirus and firewall. If they don’t, you should add them separately.
What are payment card industry security standards?
Payment card industry (PCI) data security standards (DSS) are a set of communication standards that ensure companies transmit, process, and store users’ credit card details securely.
The scheme began in September 2006 and encompassed various techniques to improve security throughout the transaction process. All major payment processing brands, including American Express, Visa, MasterCard, and Discover, are members.
The PCI Security Standards Council (SSC) is an independent body that manages the PCI security standards. It provides all of the tools, frameworks, and standards organizations need to protect credit card information. Interestingly, though, it is not directly responsible for compliance – that falls on the payment processing brands and organizations who use the scheme.
The SSC has twelve requirements for PCI DSS compliance.
- Document policies. Companies on the scheme must document how they access and store cardholder information. They must also document all the software and equipment they use in payment processing.
- Maintain firewalls. The SSC believes that operating the proper firewalls helps to reduce unauthorized entities from accessing private data.
- Protect passwords. Many electronic devices necessary for accepting consumer payments (such as POS terminals, servers, and routers) require passwords. SSC requires organizations to keep a list of password-using devices and software while applying basic security protocols, such as regularly changing passwords and making them unguessable.
- Protect cardholder data. Organizations must encrypt user credit card information using only approved algorithms.
- Restrict access to data. Companies should only distribute cardholder information on a need-to-know basis.
- Maintain access logs. Any activity that deals with cardholder information and account numbers requires a log entry with supporting documentation.
- Provide unique identification for all individuals with cardholder data access. PCI DSS forbids account sharing.
- Implement physical access restrictions. Organizations must hold cardholder data at a secure location, including locked drawers, locked server rooms, and cabinets.
- Test for vulnerabilities. Computers can malfunction, and people make mistakes. PCI DSS requires regular scanning and testing for compliance.
- Update software. All software involved in payment processing (and related activities) needs regularly updating to reduce the risk of exploits.
- Encrypt transmitted data. Data must always be encrypted when sent between known locations and never sent to unknown locations.
- Use antivirus. PCI DSS demands that organizations use updated antivirus software on both computers and handheld payment devices.
While PCI DSS compliance seems complicated, failing to follow it can lead to disastrous consequences for organizations. Compromised data can lead to lawsuits, and breaches can damage brand value. Losses of specific account data can lead to loss of sales and failure to maintain your most lucrative relationships.