Ransomware Isn’t the Only Malware Threat Companies Face

Other Types of Malware Are Surging, Imperiling Businesses

While ransomware may get the bulk of the press attention when it comes to cybersecurity, it’s not the only malicious software game in town. Other types of malware can also cause businesses harm, and the chance that a company will come into contact with one of them, or fall victim to an infection, is higher than ever. Malware threats can arrive through a variety of sources including SMS, social media, and chat but the most likely way that a company’s employees will come into contact with malware is through a phishing email and that is not good news for businesses.

Malware is A Growth Industry

Both phishing email volume and malware attack volume ballooned in 2021, with no end to that growth in sight. The UK Information Commissioner’s Office (ICO) recently announced that it recorded a staggering volume of email attacks in 2021 amounting to a 2,650% surge in phishing. ICO detailed the significant growth noting that they counted 150,317 phishing attacks in January 2021, which dramatically increased to a startling 4,135,075 in December 2021, demonstrating that increase. The bulk of those email attacks were spam, with a 2,775% increase in malicious spam noted between January and December 2021. Phishing messages made up the second-largest set, climbing 20% between January and December 2021 with a notable surge toward the end of the year.

But a hefty chunk of those phishing attacks contained malware. ICO recorded a 423% increase in malware attacks in 2021. The malware problem that companies face has been a steadily growing issue, with an 87% increase in malware infections recorded over the last decade. While a respectable amount of that increase can be chalked up to the rise of ransomware, other types of malware also played a role. Ten years ago, the number of detected malware types stood at 28.84 million. By 2020, that number had ballooned to nearly 678 million varieties and that total is still rising.

What the Heck is Malware Anyway?

“Malware” is a term spawned from a mashup of “malicious software”. That’s what malware is; malicious software that enters an environment or machine and forces unwelcome changes to the way those things operate. Ransomware is a flavor of malware, but not all malware is ransomware. Malware hews to one of three general formats based on how the malicious software does its dirty work. While these three types do not categorize all malware, most of it fits in one of these boxes:

• Trojans are the most common variety of malware that IT teams will encounter accounting for more than 50% of all infections. This type of malware masquerades as harmless software and can initiate a variety of attacks on systems. Some trojans are aided by human action while others function without user intervention.
• Viruses are the second most common species of malware,  responsible for a little over 10% of total malware infections. Similar to a real-life virus, this type of malware attaches itself to benign files on a computer and then replicates, spreading itself and infecting other files.
• Worms are another type of malware behind about 10% of malware attacks. A worm is a standalone piece of malicious software that reproduces itself and spreads from computer to computer. Worms are designed to exploit operating system vulnerabilities.

What Are the Common Varieties of Malware to Watch Out for Right Now?

Malware is constantly evolving as it floats around, with certain strains going in and out of fashion based on their effectiveness. It’s pretty easy for cybercriminals to access malware cheaply or for free on the dark web or pay someone to spread it through a phishing campaign for them. That’s what major ransomware groups are doing with their affiliates; supplying a variety of malware, getting other people to run the operations for them and collecting a chunk of the profits from a successful hit.  The growth of the cybercrime-as-a-service economy has greatly contributed to the staying power of malware strains like these:

Dridex 

Dridex is a variety of malware that concentrates on financial crimes. This banking malware targets the Windows platform. Dridex first appeared in 2012, and by 2015 it had become a prevalent financial Trojans. Typically, Dridex is distributed through phishing emails containing malicious Word or Excel attachments. Its goal is to enable cybercriminals to invade computers and steal banking credentials and other personal information that can be used to facilitate money transfers. One common way that a Dridex attack happens is through persuading an employee to open an email attachment. That malicious attachment is infected with Drydex malware. The attachment asks the recipient to take certain prompted, seemingly harmless actions like enabling macros. Those actions then download the malware and install it on the victim’s device. CISA says that legendary cybercrime organization group Evil Corps aka REvil are the originators of Dridex malware.

Cybercriminals are using this malware right now, attaching it to emails that exploit people’s fears around the growth of the Omicron COVID-19 variant. In a currently active Dridex campaign, bad actors are sending their prospective victims phishing emails that are socially engineered to make them extremely appealing, using subject lines like “COVID-19 testing result”. Inside, the harmless-looking message informs the recipient that they are being notified that they were recently exposed to a coworker who tested positive for the Omicron COVID-19 variant. The recipient is instructed to open an Excel document to learn more. The email helpfully includes the relevant password-protected Excel attachment and the password needed to open the document – which of course is infected with Dridex malware.

Emotet 

Emotet is a sophisticated Trojan commonly functioning as a downloader or dropper of other malware. Like others of its type, Emotet is primarily spread via phishing email attachments and links that, once clicked, launch the payload. The US Cybersecurity Infrastructure Security Agency (CISA) warns that Emotet is difficult to combat because of its “worm-like” features that enable network-wide infections and its use of modular Dynamic Link Libraries to continuously evolve and update its capabilities. This variety of malware is notorious and its use waxes and wanes. In January 2021, authorities in Europe were able to gain control of Emotet ‘s infrastructure, shutting it down.

But by December 2021, Emotet was ready to stage a comeback. Recently, researchers have warned that they’ve detected Emotet back on the scene operating through a new attack vector. This attack takes advantage of the fact that employees are constantly sending and handling Office 365 files. Cybercriminals capitalized on that by adding a few social engineering tweaks to make their Emotet-laden phishing messages seem like routine messages with routine attachments. In this scenario, victims receive an email containing an Excel file that includes a dangerous Excel 4.0 macro that when activated downloads and executes an HTML application. That application then downloads two stages of PowerShell to retrieve and deploy a poisonous payload: Emotet.

Cybercriminals have been quick to evolve old strains of malware or develop new ones to do their dirty work.  Revenue in the malware industry has been steadily growing and is expected to reach 8 billion US dollars by 2025. An enormous rise in email volume has also played a role in making malware a go-to attack for bad actors. Over 92% of all malware is delivered by email, giving the bad guys plenty of opportunities to get their malicious messages into inboxes. Add to that the dependence that companies have on email and chat in the remote work era and businesses are looking at a recipe for disaster.

Dark Web ID’s Top Threats This Week