Security is a growing concern for many businesses. With the number and scope of cyber attacks increasing every year, companies and organizations need to be aware of the different threats that face them, how to spot suspicious activity, and what to expect when a security incident occurs.
Malware and spyware are two terms often used when discussing cyber security. Although they are often used interchangeably, they actually carry different meanings. Malware and spyware are among the most common attacks that a company will experience, thus it is important to understand their differences and similarities.
Generally speaking, “malware” is a generic term for any piece of software that has negative or malicious intentions. Examples of malware include, but are not limited to, viruses, remote access tools (RATs), and trojans. Each of these types of software are used for specific purposes and carry different sets of consequences and threats. These applications can be used to control a victim’s computer, destroy software (and in some cases hardware), and even install other pieces of software without the victim’s knowledge. Thus, malware can be devastating in both personal and corporate contexts.
From compromising bank accounts to stealing or destroying corporate records or intellectual property, malware is a serious threat, against which one must actively guard. Much malware is easily detected by modern antivirus software. As long as the software is kept up to date and is properly used, these applications are able to use various detection methods to locate and neutralize infected files before malware can do too much damage.
However, sometimes an attack vector is discovered and released before the antivirus vendors can react. Or, extremely skilled programmers may have written the malware to use special coding methods to evade antivirus detection. In these cases, it us up to individual users and network administrators to follow basic steps to prevent infection. Administrators can perform steps such as limiting account and network access. These methods make it more difficult for malware to be installed in the first place and can limit the scope of malware that does make it onto the network. Users can follow company security procedures, avoid accessing personal files on company networks, and stay away from suspicious sites and emails.
No matter how vigilant users and administrators are, some malware will eventually find its way onto corporate computers. In this instance, it is important to follow specific forensic methods to find out the exact type of malware with which you are dealing, what it's intended purpose is, and how to effectively remove it from the network.
In most cases, simply deleting the file or files will not be effective. Most modern malware is sophisticated enough that it can copy itself to a secure location and restore itself upon deletion. Or, it may simply not allow itself to be removed in the first place. Furthermore, malware can easily spread once inside a company network.
From early detection through suspicious CPU or network activity, to identification and removal, malware can be an extremely frustrating and time-consuming problem, which, unfortunately, may lead to further security problems.
“Spyware” is a more specific term than “malware”. While malware refers to any type of malevolent software, spyware usually has a very specific purpose - to vindictively spy on and collect information from the victim’s computer or network without the administrator’s knowledge. Like malware, spyware can take many different forms such as key loggers, screen capture and recording software, and even microphone and camera recorders. These types of spyware are often extremely sophisticated, difficult to detect, and even more difficult to remove.
Furthermore, they are often paired with RATs in an easy to use intrusion package. One example of this is the now infamous Sub7, which gave the attacker the ability to easily disguise the malware portion of the application inside other files, which could be sent to an unsuspecting victim. Other forms of spyware take the form of highly specialized surveillance software, which can tap into cellular and wi-fi networks, grabbing information in transit. This type of surveillance is almost impossible to detect, and can be equally as difficult to defend against.
The consequences of a spyware infection can be truly devastating. From having personal and compromising files distributed freely over the Internet, to having sensitive and business critical information stolen directly from the source, spyware can wreak havoc on a person’s life just as easily as it can destroy a business. Therefore, it is essential that businesses and their employees protect themselves as much as possible from this type of malware.
From using up to date antivirus software, web-filtering software, to encrypting all communications – regardless of how trivial they may seem – with a strong, complex encryption program, there are many steps to take to guard against spyware attacks. Unfortunately, using secure communications and VPN software is often difficult and confusing, so it is up to each business owner to ensure that their personnel are aware of the proper methods for secure online communication.
Hardening a computer or network against intrusion is important, but it won't keep malware and spyware out as long as users are apathetic or unaware of the consequences of infection. Both malware and spyware can have immediate, lasting, and devastating effects on anyone who is infected. From humiliation and simple data loss to identity theft and doxing (the practice of researching and publishing personally identifiable information about an individual), the human side of malware infection is serious. Moreover, corporate espionage is a real world threat, which carries severe financial repercussions to both businesses and employees. It is up to everyone within an organization to be vigilant and intelligent when safeguarding themselves and their computers against malware infection.