Malware is the catch-all term for software that’s out to cause chaos — whether it’s physically damaging devices, encrypting crucial files, spying on users, stealing data, or any other type of malevolent behavior.
Attackers are constantly seeking out novel ways to create chaos as users get smarter and better informed about existing cyber security threats. The results are a cat-and-mouse battle between hackers and the ‘good guys’.
The former are on the lookout for innovative means by which to hurt users. The latter group are constantly developing tools and solutions to help stop them. For the good of users everywhere, it’s crucial that the second of these groups wins out.
Weaponizing SEO
One recent vector for attacking users involves the cyber criminal group responsible for the Gootkit Trojan, trojan-type malicious computer program. The group’s new Gootloader malware infects computers through the hijacking of Google search results. These direct victims to legitimate, but compromised, websites featuring malware.
The attackers start by utilizing a network of a few hundred genuine websites with good SEO (Search Engine Optimization) that have been compromised to feature malicious code. When users click on these pages, they see what appears to be a forum page with a question being asked and a link being shown for the answer. Depending on the user details, such as their location and operating system, they may be shown different versions of the website.
The hyperlinks lead to a .zip file which contains the malware as a self-executing .js file. This then proceeds to infect the user’s computer system with malware. It is one of the first times that attackers have used SEO for malicious purposes to insert poisoned web addresses into user searches.
Different types of attack
Malware is able to spread itself so as to infect other connected computer systems or parts of a single system. It can hurt users in multiple ways, whether by corrupting data, changing the way that systems operate, or opening up backdoors so as to allow attackers to carry out remote code execution.
In some cases, malware is used to distribute ransomware, designed to encrypt key files and information, and only decrypt it again if the users pay a ransom to gain access to the decryption key. Recent ransomware attacks make the threat even worse by finding ways to exfiltrate data which they then threaten to publish if their extortion demands are not met.
The example of the Gootloader malware also relies on what is called phishing. These attacks are a form of social engineering, relying on users making an error in order to begin the attack. Such an error typically involves clicking a link or entering information into text boxes without being aware that such actions open the door to attacks. While poisoned search results like this are a new form of phishing attack, a more standard attack is an email message sent to victims, disguised to look as though it comes from a genuine source. It might, for example, claim to come from Amazon or the victim’s bank, asking them to “reconfirm” their login details in a way that allows this information to be stolen by attackers.
Another way attackers might spread malware or otherwise cause damage involves bots. The overwhelming majority of cyber attacks are executed using these automated bots, which carry out actions like scanning systems for possible vulnerabilities, attempt to guess passwords, and infect users and systems with malicious software.
Protecting against cyber attacks
There is no one way to protect against cyber attacks. Businesses and organizations must ensure that they build a comprehensive cyber security strategy to protect against attacks of every stripe. This includes having an awareness of the assets that need to be protected and the related compliance requirements, along with the likely ways in which attackers may try and target those assets.
As noted, these strategies change all the time, so it’s important to stay up to date when it comes to awareness in this area. They must be able to prioritize risks and carry out proper training of employees to protect against attacks involving social engineering.
Perhaps the most important step is ensuring that you have the right team — and the right tools — to help. Cyber security experts can advise on risk. They can also offer tools such as Data Loss Prevention (DLP) systems, advanced bot protection, Runtime Application Self-Protection (RASP) and others. These can be used to identify potential attacks underway, offer rapid notifications about them, and, crucially, stop them from happening. They are also able to offer traffic inspection and endpoint protection to block harmful attacks without human input being necessary.
With so many categories of attack, which are changing all the time, there’s no one-stop-shop for all your cyber security needs. However, the tools are there to help. Make sure you pick the right ones for the job.