CIO Insider

CIOInsider India Magazine


Top Five Malware that Enterprises Should Be Wary Of

Keerthana Kantharaj | Tuesday, 20 April, 2021

Similar to how often technologies seem to be advancing; cyber criminals are no less dynamic when it comes to giving equal competition to companies. At times the championship of ‘who’s ahead’ goes to cyber criminals, who seem to have more advanced tools and techniques at their disposal. Many of the cyber criminals choose to infiltrate networks via spear-phishing attacks. Since cloud computing and networked smart phones have become a commonplace now, it comes as no surprise as to the amount in which cyber attacks will take place. Ensuring cybersecurity is a whole different ball game.

Quite often, it can be noted that small-scale enterprises fall prey to these attacks especially when it comes to their cyber security. Some of which even go as far as forcing these SMEs to go out of business, as the cost of having to clean up the mess after the breach can be catastrophic. According to a 2018 research by ‘Verizon Data Breach Investigations’, the study indicated that 58 percent of cyber attacks are shot against SMEs than on large-scale industries. According to Symantec's latest Internet Security Threat Report, 246 million new versions of malware were found in 2018 and the percentage of malware classes is also increasing. Here are five of the common malware that enterprises need to fend from.

IcedID: Subliminal Theft of Details
The usage of the term Virus has become a norm now, and the credit goes to the Coronavirus. But it goes without saying that the digital virus had already made its debut years ago and still makes headlines. The Zeus family virus is the most popular uninvited guest to many banks and other financial institutions, however, according to Check Point Research (CPR), this year ‘IcedID’ seems to be taking the spotlight. In its recent attacks, IcedID has threatened English speaking victims in the TA551 email-based malware distribution campaign, in which they used COVID-19 as the theme to lure users into opening the mails. The mails that carried MS Word documents were subliminally infused with a macro that installs a malware, which then starts stealing user’s passwords, card payment details and others from banks and financial institutions.

Lend your ears to Maya Horowitz, Director, Threat Intelligence & Research, Products, Check Point. She explains, “IcedID is an evasive Trojan with a variety of techniques to steal financial data, which means companies must have strong security mechanisms in place. Comprehensive training is essential for all staff, so that they are equipped with the necessary skills to recognize the types of malicious e-mails spreading IcedID and other malware.”

Ryuk: A New Version to Watch Out for
A machine worm, like any malware, takes a human to initiate the infection. Similar to that of a biological parasite, this worm wriggles its way into a compromised e-mail attachment or a link in the message, which masks the infected file as something legitimate like a document or spreadsheet and then eats away important files in order for it to multiply. The French National Agency for Security of Information Systems (ANSSI), discovered a new version of Ryuk that appeared for the first time in Windows-based campaigns in 2021. The agency reported that this new variant can achieve self-replication by scanning network shares and copying each of them as they are. The report also stressed that, once this variant spreads on every machine at its reach, the moment its launched on which ‘Windows Remote Procedure Call’ accesses are possible.

Dridex Trojan: A True Dark Horse of its Kind
This malware targets a victim’s banking details through spam emails that deceives the individual into opening these emails. Named after Homer Illiad’s Trojan Horse, this malware disguises itself into an unsuspecting software and tricks users into downloading it. Little do they know that the downloaded files in the emails are infested with the malware, which then starts by infecting the system and steals information. The Global Threat Index for March 2021, published by Check Point Research (CPR), the report states that the Dridex Trojan was the most common malware during March, up to February this year.

Lokibot: The Infamous ‘Info Stealer’
A malware which again steals information of various data such as email credentials, passwords to Crypto Coin wallets and FTP servers through the phishing of emails, is more than a mere info stealer. Over time LokiBot has evolved and is now equipped with an in-time key logging component that captures keystrokes and steals account passwords that aren't always stored in a browser's internal database. Last year, the cyber security agency of the US government released a security advisory warning federal agencies and the private sector of a significant rise in malicious cyberattacks of LokiBot since July 2020. The malware debuted in the mid-2010s when it was first sold in underground hacking forums. Since then, the malware of LokiBot has long been one of the most common password stealers today and has been pirated and widely distributed for free, mainly among groups of low- and medium-sized threat actors.

IcedID is an evasive Trojan with a variety of techniques to steal financial data, which means companies must have strong security mechanisms in place. Comprehensive training is essential for all staff, so that they are equipped with the necessary skills to recognize the types of malicious e-mails spreading IcedID and other malware

Clop Ransomware: A Major Digital Extortionist to Watch Out
Another to go in the list is ransomware. We are aware of the growing popularity of ransomware among cyber criminals and the rising audaciousness with regard to the victims they target. If locking individual computers was not enough, hackers have advanced to large corporations, government departments, hospitals and major public services. The logic behind it is that the more data are locked up and the more important it is for the daily lives of people, the more likely it is that people pay. Currently, Clop Ransomware is said to be a major malware under this category, which starts by encrypting files and tricks you into paying an amount to have them decrypted, as per the details of ‘cyberexperts’ website. Its most recent victims are technology service provider Blackbaud, whose data, including major charities and universities worldwide, has reportedly paid for. Ryuk, Sodinokibi, and Phobos are the most virulent ransomware strains.

A lot of these malwares not only have names similar to diseases, parasites, extortionists and more, but interestingly, they seem to act and display traits like those of their biological counterparts. Needless to say, creation always goes with the essence of blood, sweat, but destruction takes no such efforts and is often quick in its mission. Similarly, it takes a lot of effort to produce advanced technologies and it's only a matter of time for such destructive malwares to make their way in and wreak havoc to not the technological device alone, but is capable enough to cause the downfall of an entire company. With the growing use of malware, it is crucial to know what the usual forms of malware are and what you can do to protect your network, users and sensitive company data.

Current Issue
ARETE: Pioneering Cyber Risk Solutions & Transforming The Future Of Cybersecurity