What is Malware?

1. 1982

A plain and simple "unwanted software" is the most widely accepted malware definition, and the first example was Elk Cloner, which was spread through floppy disks to Apple II systems in 1982. While this didn’t necessarily harm computers, it represented an unwanted intrusion, fitting the malware meaning most people embrace. 

2. 1990s

Then, in the 1990s, because Windows was such a popular operating system for personal computers, hackers began writing code using the macro language used by the common application Microsoft Word. These spread across the vast ecosystem of Windows PCs, giving birth to the concept of a malware-dominated threat landscape.

3. 2002

Between 2002 and 2007, with the advent of instant messages, attackers started developing worms—which can replicate on their own—and they infected computers through AOL, MSN Messenger, AIM, and Yahoo Messenger. 

The message would entice recipients with a catchy lure, such as, “Who’s that with you in this pic???” When the target clicked on a link in the message, they would get malware downloaded on their system. The malware would then send links to every name on the victim's contact list, effectively weaponizing their computer.

4. 2005

Adware reared its annoying head from 2005 to 2009, starting out as legitimate software used to promote products. But as the ads drifted from somewhat true to fallacious, software publishers started suing adware producers for fraud. As a result, many shut down. But the full-screen, unclosable ad inherent in adware has survived until today.

5. 2007

Social networks saw a boom in popularity from 2007 to 2009. Malware developers used Myspace, Twitter, and Facebook to propagate malicious links, applications, and advertisements.

6. 2013

One of the most dangerous malware types arose in 2013: ransomware. It was spread using Trojans, which consist of malware hidden in apparently benevolent software, as well as exploits and malvertising. Ransomware has continued as a prime malware attack vector to this day. 

7. 2017

In 2017, cryptojacking, which involves hackers using people’s devices to mine crypto, emerged, riding the wave of popularity still enjoyed by cryptocurrencies. Ransomware, cryptojacking, and adware are still trending in the malware sphere. There is no sign they will slow down anytime in the near future.

The motives behind the perpetrators of malware are many but they have one thing in common–malware is intended to reward the perpetrator at the victim’s expense. For example, in digital environments cyber criminals use harmful software, a.k.a. malware, to steal financial assets, and encrypt business critical data or lock up computing systems, for ransom. 

Nation states engaged in espionage use malware to steal intellectual property and intelligence data from adversaries or competitors, or to sabotage infrastructure such as municipal  power systems to cut internet communications or cause major disruptions in service. Here are a few  reasons why bad actors use malware to perpetrate cyber attacks:

• financial gain 

• data theft 

• system disruption 

• espionage 

• sabotage

Malware can be used to exfiltrate data, steal passwords, lock users out of their environment, destroy network resources or commandeer them to power botnets–regardless of the tactic the consequences of a successful malware attack can be severe.  For example, malware can disrupt the functions of digital medical devices that help keep people alive. It can steal industrial secrets that took decades of research to develop at great cost thereby erasing competitive advantage when the intellectual property is sold on the dark web. 

Think of the trauma of an individual faced with mounting debts and bad credit because  their identity has been stolen. What about a child who doesn’t realize her social security number has been hacked until her first job. 

For years now ransomware attacks have run rampant. The intent of ransomware–a type of malware– is to encrypt private and business critical data for financial gain and, even when the ransom is paid, the companies targeted rarely get their data back. 

Malware has humbled many successful companies when they’ve had to notify customers that a lapse on their part (or a business partners’) allowed customers’ data to be stolen by cyber criminals. Sadly, this scenario doesn’t need to be as commonplace as it is today.

Just like any other criminal activity, malware is a threat to society as a whole and it’s only going to get worse in a post pandemic, work-from-anywhere environment . In the rush to go digital, manufacturers keep adding devices to the Internet of Things (IoT) often without a care for network security. This creates new attack surfaces for malware. However, by understanding the “why” behind malware attacks, as well as who or what they target and how and where they infiltrate, organizations can deploy  effective malware prevention and mitigation strategies.

Once you have identified malware, you need to know how to find it. Much like a PC antivirus program and firewall, IT security experts can detect malware on a corporate network using enterprise cyber security solutions. These include intrusion prevention systems (IPS), next-generation firewalls, and sandboxing systems, which allow IT to attract and then study attacks. 

Some malware, such as ransomware, reveals itself through its attack methods because it starts encrypting files and follows up with a ransom message. Other malware uses more subtle tactics, such as installing itself on the target system which paves the way for a hacker to access it later. To detect this kind of “backdoor” malware, your best bet is to use traffic filtering systems that can detect malicious software by examining the profiles of known threats or the behavior patterns of malicious software.

With today’s digitally enabled, work-from-anywhere business models, secure networking is more important than ever before. Therefore, solutions like Zero-Trust Network Access (ZTNA), Cloud Access Security Broker (CASB), Secure SD-WAN, all components of Fortinet Secure Access Service Edge (SASE) can help prevent cyber attacks by controlling authentication and authorization. 

In this way, it’s possible to automate and control which users and devices can access what segment(s) of the network, and what systems and apps, specifically, they can use–whether on premises or remote.

It is important to be proactive when trying to avoid having malware infected systems in your organization. This involves a combination of prevention, preemptive mitigation, and education.

Most malware is relatively easy to spot if you know the signs. The most common places to encounter it are within spam emails, malicious websites, and pop-ups that appear on your device either while using the internet or in the course of normal operation. 

Phishing schemes that seek to trick users to disclose sensitive data could also use malware so that even if you do not provide the information the phisher needs, you still end up clicking something that gives them access to your system. Therefore, it is a good idea to never click on anything that appears randomly on your screen or open anything in an email—attachment or otherwise—that seems suspicious.

Backing up data is a form of preemptive mitigation that will be invaluable if a malware attack is successful. All endpoints and servers should have backups that are shielded from malware. If an attack is successful, you can use the backup to restore your infected device after wiping it.

All employees should have a working understanding of what malware is, how it penetrates a system, its harmful effects, and tips for how to best avoid it. This may include arming them with preventative knowledge such as the value of multi-factor authentication (MFA) and developing strong passwords. Employees should also know to look for red flags in an email or pop-up, as well as who to notify and what to do—or not do—if they suspect their endpoint has been exposed.

Have a full cybersecurity system that can help you find the places where malware might enter your network. A proactive security system can closely monitor all endpoints (including mobile devices) as well as a variety of servers—both on-premises and in the cloud.

Sandboxing can block a malware attack by isolating and confining malware—such as a malicious email attachment—to a protected environment. Inside a sandboxed area, the IT team can observe how the malware behaves and how it reacts to security measures taken to neutralize it. All the while, other devices and sections of the network are protected from infection. You can control and isolate malicious software with FortiSandbox.

Firewall technology prevents malware delivery by filtering network traffic. This includes traffic entering and exiting the network. Two-way malware protection is important because malicious programs within your system can be leveraged to affect users, devices, and networks that connect to yours. NGFWs incorporate packet filtering, network monitoring, Internet Protocol (IP) mapping, IP security (IPsec), and secure sockets layer virtual private network (SSL VPN) support. It also uses deeper inspection measures to protect a company from intrusion or from having applications hijacked.

The Fortinet NGFW solution is constantly updated to stay ahead of the latest threats in the cyber universe. Each update provides the NGFW with the data it needs to filter the latest and most dangerous threats. Protect against malware and more with FortiGate.

The FortiGuard Antivirus Secruity Service leverages the power of the FortiGuard Labs Global Threat Intelligence system. In the span of a minute, FortiGuard eliminates, on average, 95,000 malware programs for real-time protection. FortiGuard does this by incorporating knowledge of the different types of malware within the global threat landscape. Countermeasures are engineered to neutralize each type of threat, and then they are automatically enacted by FortiGuard, thereby protecting the networks under the FortiGuard umbrella.

The FortiGuard Antivirus  can attach to FortiGate, FortiSandbox, FortiMail, FortiWeb, and FortiClient.

The best way to remove malware from an infected computer or personal device is by running antivirus security software. Using data about each kind of threat, antivirus apps can detect, remove, and quarantine malware on the different devices you use: desktop, laptop, smartphone, or tablet. Antivirus programs use data from its most recent update to locate the widest possible range of threats, so it is best to choose a solution that constantly updates.

It’s important to remove malware from a computer or isolate it from network environments as soon as possible to mitigate damage. For enterprise workstations, malware removal can be done remotely with business antivirus tools. If the malware evades the antivirus software more sophisticated forms of removal might be necessary. 

The steps for removing malware from an individual computer are similar whether the infected system is used for business or by a consumer. The process is as  follows:

1. Update the machine’s antivirus software and run an antivirus scan on the entire system. Before beginning a scan ensure the antivirus has not been disabled by the malware. Scans can take several minutes or longer to complete.

2. Read the antivirus report to see what the scan discovered. Most antivirus software quarantines suspicious files and asks you what to do with them after the scan. Remove suspicious files. 

3. Reboot the computer. Check to make sure that your antivirus software is enabled and set to scan the computer every week. Scanning regularly on schedule ensures that malware is flagged if it installs again.

4. Ensure that malware is completely removed. If you do not, it could be coded to re-infect a newly scanned and cleaned computer. 

5. If the malware is not removed you can reset the computer to factory settings and re-image the computer. If you have a complete backup of your operating system and files, re-imaging re-installs everything, including files, so that you can recover from your last storage point.

   • If you don’t have a complete backup of your operating system and files, resetting will return the computer to the state it was when you first purchased it.

6. Once clear of malware, along with regular antivirus scans, make sure you regularly backup your operating system and files. It’s good practice to change all  your passwords (or use a password manager) and also opt for multi-factor authentication for better protection..

7. Run network monitoring and data protection across all resources to stop malware from re-infecting computers in the enterprise environment. Intrusion detection systems actively monitor the network for suspicious traffic patterns and alert cyber security administrators of potential threats to prevent malware incidents from becoming data breaches.

Cyber threats are constantly evolving because the rewards are significant and barriers to entry low. To prevent malware from infecting your systems, enterprises can perform continuous monitoring, stay on top of the latest security measures, and install the latest software updates and patches.