Malware
Classic malware can have many forms, from the common trojan that hides its malicious intent to the elusive worm that can spread through a whole company network. There are many types of malware, and attack vectors vary a lot. Malicious files are traditionally sent using email spam. However, drive-by downloads and malvertisements have established themselves as dangerous threat sources.
In most cases, the initial malware file often only has one purpose: side-load additional malware onto the breached system.
Characteristics
Spread
Very common
Damage on infection
Varying
Typical infection source
E-Mail, web-downloads
Famous examples
Emotet, Ryuk
Mobile threats
Android and iOS malware are often underestimated, and the protection of mobile devices rarely appropriate. Especially for Android, a wealth of new threat variants are discovered every day. The majority of malicious apps can be categorized as adware, bringing unwanted advertisement and other unwanted apps or even more malware onto the device.
More severe threats are found in the wild, such as banker, ransomware or spyware that reads personal data from a phone to silently send it to the attacker. While the total number of threats in circulation is not comparable to the amount of malware that can be encountered on Windows, the Android malware scene has been growing steadily over the last years.
Characteristics
Spread
Common
Damage on Infection
Medium to high
Typical infection source
Third-party app stores, manually installed APKs
Famous examples
Triada, Hiddad
Script malware
Alongside well-known PE (Portable Executable) malware files (typically .exe files), script malware continues to be a favorite for some malware authors. The most common found script malware would be a malicious JavaScript inside a HTML file, typically encountered online. These scripts are often hard to understand, as they are typically heavily obfuscated, making a static analysis difficult.
This can lead to them being much stealthier than one would expect from a “plain text code”. File-less threats make use of scripting languages to directly loading the malicious code into memory instead of relying on files, bypassing traditional detection methods.
Characteristics
Spread
Common
Damage on infection
Varying
Typical infection source
Web-downloads, infected web pages, malvertisement
Famous examples
Cerber, Kovter
CoinMiners
Cryptocurrencies have reached a point where mining them locally hardly nets any return, so the fact that malware authors try to steal computing power from unsuspecting victims comes as no surprise. The market for CoinMiner malware, or cryptojackers, is big, with many different variants.
Many CoinMiners do not even need to be downloaded or installed on devices. They can lurk in otherwise clean websites, either directly embedded or hidden in malicious advertisements, mining away while the unsuspecting victim stays on the website. While they are one of the least damaging types of malware, an infected device will still degrade considerably faster due to the constant added load.
Characteristics
Spread
Very common
Damage on infection
Medium
Typical infection source
Drive-by, malvertisement
Famous example
Monero, Zcash
Exploits
Exploit is a term used when malware authors leverage security gaps – or vulnerabilities - in software to execute malicious code. The most exploited vulnerabilities are those that have been found over the years in the Windows OS. However, other applications and operating systems have vulnerabilities that allow for attackers to take a hold of a system, such as Android, Chrome and Firefox, MacOS, Adobe Flash, the Linux kernel as well as database system such as MySQL.
Even if vulnerabilities are patched, a lot of users fail to install these crucial updates, making their systems susceptible to various attacks. The most famous of them all is EternalBlue, a remote code execution vulnerability that was leaked in April 2017 and has been used in numerous Trojans, Worms and other malware since then.
Characteristics
Spread
Common
Damage on infection
Varying
Typical infection source
E-Mail, web-downloads, network attacks
Famous examples
EternalBlue, Capesand
