Malware Awareness: Part 1
Malware: any software which can cause harm to your computer. There are many different types of malware and each is slightly different from the next. Computer viruses, Trojans, Worms, Adware and Spyware are all considered to be malware and can cause significant damage to your system from extracting personal information, to stealing money, or even locking you out of your device. At LACyber we take your security very seriously!
In this two-part blog series, we will break down the top 10 malwares from October 208 listed by the Center for Internet Security. By understanding who the malware targets, how it spreads and what you can do to ensure your data is secure and protected, you will be proactive in protecting your data.
In part one of this series, will we break down malware’s 10 through 6:
What is Xtrat?
XTRAT, is a Remote Access Trojan that can steal information. It may run in the background and silently collect information about the system, connected users, and network activity. It can even allow the hacker to install additional software.
How is it spread?
It is typically spread by a download from the Internet, and or dropped by other malware. It can be packaged with free online software, or could be disguised as a harmless program and distributed by email.
Who does it target?
This RAT has been used in attacks targeting Israeli and Syrian governments. It has also been seen more recently in North America targeting individual entities as well.
What is WannaCry?
The WannaCry ransomware consists of multiple components.
It arrives on the infected computer in the form of a dropper that extracts the other application components embedded within itself.
Who does WannaCry Target?
The WannaCry attacks have affected computers and business operations in more than 74 countries; one of the biggest malware attacks to date
It has affected big name corporations and governments worldwide from the United States to Great Britain and Russia.
Method of Infection?
After infecting a Windows computer, it encrypts files on the PC's hard drive, making them impossible for users to access, then demands a ransom payment in bitcoin in order to decrypt them.
Why is WannaCry so destructive?
It is believed that the NSA discovered this and rather than reporting it, developed code to exploit it, called EternalBlue.
This was then stolen by a hacking group known as the Shadow Brokers, who released it.
Many systems remained vulnerable, and WannaCry, which used EternalBlue to infect computers, began spreading rapidly.
What is Trickbot?
Trickbot is a more recent mobile banking trojan, which is used to steal financial records.
Main methods of infection:
Phishing campaigns, which trick users into entering their credentials fraudulent banking websites, designed to appear as legitimate.
Trickbot can also steal from Bitcoin wallets.
Who does Trickbot Target?
Trickbot targets customers of financial banks as well as high profile Bitcoin users.
What is CoinMiner?
CoinMiner is a malware developed to take over a computer and use it cryptocurrency mining without a user's permission.
Method of infection?
CoinMiner has three methods of infecting a system depending on Bitcoin usage:
Who does CoinMiner Target?
Ideally High-usage Bitcoin individuals or entities. However, even without this a system can still be infected across the network via a worm.
What is Gh0st?
Gh0st is a trojan Remote Access Tool used on Windows platforms, and has been used to hack into some of the most sensitive computer networks on Earth.
Method of Infection?
The scenario for attacks using Gh0st follows a very typical targeted malware lifecycle:
*From here the attacker can access total control of the system in some cases
Who does Gh0st target?
This particular malware originated in China around the year 2000
It often poses as an official organization, most typically government making it seem official.
It is known for targeting government agencies as well as various Tibetan Institutions
So, what can YOU do to protect yourself?
Keep an eye out for the next part of this series to find how you can protect yourself from the top 5 malwares of October 2018.
LACyber is a division of Lincoln Archives providing comprehensive Data Breach Defense Services. Lincoln Archives and LACyber are proud to be a part of Lincoln Family of Companies serving the Western New York Community since 1914.