Understand the malware threat

  • 8 minutes

Computer systems that interact directly with users are considered endpoint systems. Systems on devices, like laptops, smartphones, and computers, should be secured. Securing these devices prevents them from acting as gateways for security attacks on an organization's networked systems. In today's world of bring-your-own-devices, that even means protecting personal devices that have access to your business resources.

The news is filled with stories about organizations accidentally leaking personal information. Often, these accidents are the result of poor security practices or deliberate attacks. Hackers gain access to systems by impersonating a real user, or by somehow inserting malware into a computer or device with authorized access to the network.

What is malware?

Malware is malicious software intended to cause damage to a computer or network. It often exploits vulnerabilities in software or unsuspecting users who unknowingly install it.

Malware comes in several forms:

  • Viruses
  • Worms
  • Trojan horses

Viruses

A computer virus, like a live virus, requires a host to live in. Viruses are bits of code that attach to existing programs and documents or hide in protected areas of your hard drive, like the boot sector. Because they're hidden in protected areas, they can be hard to find and remove. When the infected program is launched, the virus is executed, often without the user noticing anything. It can then perform malicious actions on the user's data or other files. If an infected computer sends a file to another computer, it can spread the virus with the data. This behavior is what classifies a computer virus: it lives inside other programs and requires human interaction to spread.

Some examples of viruses are: ILOVEYOU, Shamoon, and CIH (Chernobyl virus).

Worms

A worm is a piece of standalone software that copies itself through a computer network. Similar to a virus, a worm is designed to duplicate itself. But instead of hiding in existing files, a worm exists as a separate program that can infect other computers without human involvement. A worm often travels over the computer network, running in the background on an infected computer. From there, it uses known vulnerabilities in computer software to locate and infect other connected devices.

Some examples of worms are: Melissa, Code Red, and Stuxnet.

Trojan horses

Everyone knows the story of Troy and the wooden horse that was used to invade the city. This malware adopts the same name because it pretends to be something that it's not. Trojan horses are considered to be the most dangerous type of malware because of what they're often designed to do. They're spread by masquerading as a useful software utility that a user wants to install. Because the user authorizes the install, this malware often gains access to the user's files, including sensitive or private data. In addition, trojan horses often install backdoors to let hackers into the computer, or key loggers to capture keystrokes such as passwords or credit cards. Unlike the other types of malware, trojan horses aren't designed to replicate themselves widely - they're intended specifically to control or destroy specific computers they infect.

Some examples of trojan horses are: Gh0st RAT, Zeus, and Shedun (on Android).

How does malware get installed?

There are several ways malware can get onto a computer initially.

  1. Direct install. Most software is delivered over the Internet today. Users are conditioned to download and install software from various sources. Malware can be installed without the user's knowledge or through an authorized download that's tampered with. This approach also applies to infected drives (such as USB keys) being inserted into a computer.

  2. Security vulnerability. A defect or bug in running software such as a browser. It might even be in the operating system, and allow the installation of malware onto the computer. In this case, the malware exploits the security flaw to obtain administrator access, or to get infected files onto the computer.

  3. Backdoor. Malware can also be installed through a designed opening left in the software. These backdoors are often placed there for testing and debugging. If the backdoor is left in place and released into production, it can be exploited to gain access to the computer or network.

Protect against malware

There are several key strategies you can use along with Microsoft Defender for Cloud to protect your computers and network from malware.

  • Keep your servers up-to-date with the latest OS fixes and versions. Defender for Cloud automatically alerts you when monitored systems are unpatched.
  • Install antimalware such as Microsoft Antimalware for Azure Cloud Services and Virtual Machines to help identify and remove viruses, spyware, and other malicious software.
  • Use Firewalls to block network traffic. Defender for Cloud identifies open traffic to your VMs and servers and provides instructions to activate built-in firewall capabilities of Azure.
  • Integrate your antimalware solution with Defender for Cloud to monitor the status of the antimalware protection.

This last step is crucial to a complete monitoring plan. Defender for Cloud highlights issues like detected threats and insufficient protection that make your VMs and computers vulnerable. By using the information on endpoint protection issues, you can make a plan to address any identified issues.