Malware Attacks

Defining malware and malware protection techniques

At a Glance:

Malware is software designed to covertly operate on a compromised system without the consent of the user. This broad definition encompasses many specific types of “malicious software” (a.k.a. malware), such as ransomware, spyware, command and control, and more. Criminal organizations, state actors, and even well-known businesses have been accused of (and, in some cases, caught) deploying malware. Like other types of cyber attacks, some malware attacks end up with mainstream news coverage due to their severe impact.

Types of Malware

Malware discussion typically encompasses three main aspects:

  • Objective: what the malware is designed to achieve
  • Delivery: How the malware is delivered to the target
  • Concealment: How the malware avoids detection (this item is beyond the scope of this discussion)

Here’s a breakdown of some of the objectives and delivery mechanisms observed in malware.


Malware is created with an objective in mind. While it could be said that the objective is “limited only to the imagination of its creator,” this will focus on some of the most common objectives observed in malware.

Exfiltrate Information

Stealing data, credentials, payment information, etc. is a recurring theme in the realm of cybercrime. Malware focused on this type of theft can be extremely costly to a person, company, or government target that falls victim.

Disrupt Operations

Actively working to “cause problems” for a target’s operation is another objective seen in malware. From a virus on a single computer corrupting critical OS files (making that one system unusable) to an orchestrated, physical self-destruction of many systems in an installation, the level of “disruption” can vary. And there’s also the scenario where infected systems are directed to carry out  large-scale distributed denial of service (DDOS) attacks.

Demand Payment

Some malware is focused on directly extorting money from the target. Scareware uses empty threats (ones which are unsubstantiated and/or couldn’t actually be carried out) to “scare” the target into paying some monies. Ransomware is a type of malware that attempts to prevent a target from accessing their data (usually by encrypting files on the target) until the target “pays up.” While there is debate over whether victims of ransomware should or should not pay, it has become enough of a threat that some companies have preemptively purchased Bitcoin just in case they get hit with ransomware and decide to pay the ransom.


Over the years, malware has been observed to use a variety of different delivery mechanisms, or attack vectors. While a few are admittedly academic, many attack vectors are effective at compromising their targets.

  • Trojan Horse: This is a program which appears to be one thing (e.g. a game, a useful application, etc.) but is really a delivery mechanism for malware. A trojan horse relies on the user to download it (usually from the internet or via email attachment) and run it on the target.
  • Virus: A virus is a type of self-propagating malware which infects other programs/files (or even parts of the operating system and/or hard drive) of a target via code injection. This behavior of malware propagation through injecting itself into existing software/data is a differentiator between a virus and a trojan horse (which has purposely built malware into one specific application and does not make attempts to infect others).
  • Worm: Malware designed to propagate itself into other systems is a worm. While virus and trojan horse malware are localized to one infected target system, a worm actively works to infect other targets (sometimes without any interaction on the user’s behalf).

While the above attack vectors generally occur over electronic communications such as email, text, vulnerable network service, or compromised website, malware delivery can also be achieved via physical media (e.g. USB thumb drive, CD/DVD, etc.).

How to Subdue Malware

The following suggestions can help prevent a malware attack from succeeding and/or mitigate the damage done by a malware attack. 

Continuous user education

Training users on best practices for avoiding malware (i.e. don’t download and run unknown software, don’t blindly insert “found media” into your computer), as well as how to identify potential malware (i.e. phishing emails, unexpected applications/processes running on a system) can go a long way in protecting an organization. Periodic, unannounced exercises, such as intentional phishing campaigns, can help keep users aware and observant. Learn more about security awareness training.

Use reputable A/V software

When installed, a suitable A/V solution will detect (and remove) any existing malware on a system, as well as monitor for and mitigate potential malware installation or activity while the system is running. It’ll be important to keep it up-to-date with the vendor’s latest definitions/signatures.

Ensure your network is secure

Controlling access to systems on your organization’s network is a great idea for many reasons. Use of proven technology and methodologies—such as using a firewall, IPS, IDS, and remote access only through VPN—will help minimize the attack “surface” your organization exposes. Physical system isolation is usually considered an extreme measure for most organizations, and is still vulnerable to some attack vectors.

Perform regular website security audits

Scanning your organization’s websites regularly for vulnerabilities (i.e. software with known bugs, server/service/application misconfiguration) and to detect if known malware has been installed can keep your organization secure, protect your users, and protect customers and visitors for public-facing sites.

Create regular, verified backups

Having a regular (i.e. current and automated) backup can be the difference between smoothly recovering from a destructive virus or ransomware attack and stressful, frantic scrambling with costly downtime/data-loss. The key here is to actually have regular backups that are verified to be happening on the expected regular basis and are usable for restore operations. Old, outdated backups are less valuable than recent ones, and backups that don’t restore properly are of no value.

 Malware takes on many different forms and attacks in different ways. But with some thoughtful preparation and process improvements, as well as ongoing user education, your organization can gain-and-maintain a solid security stance against malware attacks.