Introduction to Malware

Malware refers to malicious software designed to damage, disrupt, or
steal data from systems.

In this presentation, we’ll cover common types of malware, what they do,
and real-world examples.

Explanation Slide...

Ransomware is a type of malware that locks or encrypts a victim's data, demanding a ransom for access restoration. Unlike Trojans, spyware, or adware, ransomware specifically targets data access for financial gain.

Ransomware: Holding Data Hostage

What It Does: Disables access to data until a ransom is paid.

Example:RYUK – Used to target critical infrastructure.

Real-World Case: The city of Baltimore was attacked by RobbinHood
ransomware, costing more than $18M.

Explanation Slide...

Fileless malware operates in memory and can manipulate native operating system files without leaving traditional traces, making it a significant threat. Other options like wiper malware and keyloggers do not specifically alter OS-native files.

Fileless Malware: Hiding in Plain Sight

What It Does: Modifies native OS files without installing new software.

Example:Astaroth – Alters legitimate Windows tools to steal credentials.

Key Point: Hard to detect, 10x more successful than traditional malware.

Explanation Slide...

The primary function of spyware is to collect user activity data without their knowledge, often for malicious purposes. This distinguishes it from other software types that may serve ads or replicate themselves.

Spyware: Monitoring Users Without Consent

What It Does: Collects sensitive data (passwords, browsing habits)
without user knowledge.

Example:DarkHotel – Targets high-profile individuals via hotel Wi-Fi.

Impact: Reduces performance and compromises sensitive data.

Explanation Slide...

Adware is a type of malware that often hijacks browsers to change default search engines and display unwanted ads. Unlike Trojans, ransomware, or worms, adware specifically targets browser settings.

Adware: The Ad Overload

What It Does: Serves unwanted advertisements based on user activity.

Example:Fireball – Infected 250M devices, hijacked browsers.

Risk: Breaches user privacy and enables ad click fraud.

Explanation Slide...

A Trojan disguises itself as desirable code or software to trick users into downloading it, unlike malicious code which is overtly harmful. This deception is key to its ability to infiltrate systems.

Trojans: The Disguised Threat

What It Does: Disguises itself as legitimate software, often used to take
control of devices.

Example:Emotet – Banking Trojan, highly persistent and costly.

Real-World Case: Emotet has caused $1M in remediation costs per
incident.

Explanation Slide...

Stuxnet is a well-known malware specifically designed to disrupt Iran's nuclear program by targeting its industrial control systems, making it the correct answer.

Worms: The Self-Replicating Menace

What It Does: Spreads across networks by replicating itself.

Example:Stuxnet – Used to sabotage Iran’s nuclear program.

Impact: Exploits software vulnerabilities, spreads rapidly.

Explanation Slide...

A keylogger is primarily used to monitor user keystrokes, capturing what users type on their keyboards. This can include sensitive information like passwords and personal messages, making it a tool for spying rather than for advertising or data deletion.

Rootkits: Silent Control of Your System

What It Does: Provides remote control over the infected system.

Example:Zacinlo – Infects via fake VPN, conducts ad fraud.

Real-World Case: Zacinlo removes competing malware to maintain
control.

Keyloggers: Tracking Keystrokes

What It Does: Monitors and records user keystrokes.

Example:Olympic Vision – Used to steal business email data.

Threat: Can capture sensitive data such as passwords and banking
information.

Explanation Slide...

Bots/Botnets are a type of malware specifically designed to create networks of infected devices, known as bots, which can be controlled remotely. This distinguishes them from other types of malware like Wiper or Spyware.

Bots: Automated Tools for Attacks

What It Does: Bots perform automated tasks, often forming networks
(botnets) for massive attacks.

Example:Echobot – Targets IoT devices, used in DDoS attacks.

Impact: Can disrupt networks and services on a large scale.

Explanation Slide...

Mobile Malware specifically targets mobile devices, making it the correct choice. While ransomware, worms, and adware can affect various systems, Mobile Malware is designed for mobile platforms.

Video: Mobile Malware - link

Mobile Malware: Attacking Mobile Devices

What It Does: Targets mobile phones, often through apps or phishing.

Example:Triada – Pre-installed on Android devices to show spam ads.

Key Risk: Increasingly targeting smartphones, impacting both consumers
and businesses.

Explanation Slide...

Wiper malware is specifically designed to erase user data beyond recoverability, making it a destructive threat. Unlike other malware types, its primary goal is data destruction rather than data theft or advertisement.

Wiper Malware: Data Destruction

What It Does: Erases data beyond recoverability.

Example:WhisperGate – Used in cyberattacks on Ukrainian government
systems.

Key Point: Used to cover tracks and disrupt organizations’ operations.

Explanation Slide...

DarkHotel is a malware specifically designed to target hotel Wi-Fi networks, exploiting vulnerabilities to steal sensitive information from guests. The other options do not have this specific focus.

Conclusion

Malware continues to evolve, becoming stealthier and more damaging.

Prevention strategies include using up-to-date antivirus, strong
passwords, and employee education.

CrowdStrike Falcon® offers comprehensive protection through innovative
malware detection technologies.

Explanation Slide...

The primary function of bots in a botnet is to perform automated tasks, such as sending spam or launching attacks, without human intervention. This allows the botnet to operate efficiently and at scale.