Skip main navigation

Malware in the World and in the Media

The actual scope of malware is not always accurately portrayed in the media. Watch Skylar Simmons explain more.
6.4
We’re going to talk about malware in the media and the real world. And the reason why we want to talk about this is because every once in a while you hear about breaches, some sort of major security incident resulting in the loss of information of users. But you don’t often get a good picture of what’s actually happening unless you’re in the industry. Unless you’re working in those stocks, or those defensive departments, or you’re an offensive professional or something like that, it’s important to get an idea of the scope of what we’re talking about. So malware, and just cyber attacks in general, are being done by all types of actors.
48.9
And by “actors” here, we mean like threat agents, bad guys, are being done by all different types of bad guys at all sorts of different skill levels, and they’re persistent. So what I mean by they’re persistent is, it’s not that one hacker one day will send one piece of malware towards its target, and then it lands and they’re successful, and it’s like, yay we’re done. It’s that constantly, every second of the day, all over the world, different threat actors or different bad guys are attacking different organisations, companies, and private individuals all the time. There are law enforcement agencies in the United States that report several million attacks against their networks each day that they defend against.
95
So you can think about just the scale of what’s going on here. And not all malware’s sophisticated, and you’ll see this as we go along. Some malware is very, very simple in the way that it works and also in the way that it’s caught, because of its simplicity. Maybe they just reuse old stuff, or whatever the case is. Some malware’s extremely sophisticated, and we may not have even caught the most sophisticated malware out there yet. And in the same vein, not all attackers are sophisticated, either. When we get further along we’ll be talking about ransomware-for-hire kind of things, or there’s these organisational structures where sophisticated malware developers will sell their malware to low-sophistication attackers.
138.2
That way, it’s kind of like a Ponzi scheme, a pyramid scheme, of the tech payloads. And again, anyone can just go Google how to hack something and they’ll get some amount of information back. And it may not be the most sophisticated, they just give it a try. And then, all the way up to– we’ve got nation-state level attackers, and what we call “advanced persistent threats” that are these organisations that run very much like a corporate enterprise. They’ve got structure, they’ve got policies, they’ve got internal communication methods, they’ve got a board, a board of members that does strategic overview for how this is going to go forward. When we talk about it from a nation-state level, we’re talking about military.
185.9
We’re talking about some militaries that have thousands of offensive people who are focused, every day. They train for years or months, and they’re focused on attacking, in an offensive capacity, enemy nations. And so we’ll talk a little bit about that. But there’s a huge scale of attackers out there. There’s a huge scale of different types of attacks that they’re doing, and this is going on all the time. And I think that that’s something that’s not really portrayed. So in 2019, the Verizon data breach report, and the Verizon data report is a pretty big report that does this sum of the stats for previous years for security incidents.
226.4
And so it carries a fair amount of weight, because it helps decide what the next year might look like. So that, out of 50,000 security incidents, email-based phishing are responsible for 92% malicious malware infections. And so, when we talk about email-based phishing, these are those emails that you see where you get an email that says, “hello, I am a Prince from some African country,” or “someone died and you’re the recipient of $10 million, all you need to do is click here.” Those are the email phishing that we’re talking about. And just like when we were talking about our threat attackers having a different sophistication level, email phishing has a different sophistication level.
266.1
So those princes out of Africa, that’s a fairly low sophistication level. Everyone’s used to that by now. Everyone gets the joke. But there are some phishing emails that will look identical to, say, your Netflix emails. And they’ll say, there’s a problem wrong with your Netflix account, and you need to click here to go into Netflix and fix it, and the next thing you know, they’re either taking you to a site that is attacker-owned and have you type in their credentials, or you’re downloading something from them and you’re getting yourself infected. So out of 50,000 security incidents, over 92% of them were the result of email-based phishing attacks. So some quick tips.
305.7
When we talk about viruses and malware in general, there’s a couple of things that we use to track them, and we call these things indicators of compromise. And these indicators of compromise are defined by a couple of things. The first thing is a hash. So if you have a static file, do what we call hash it. And that just means that we take the file, we put it through an algorithm, and the algorithm gives it a unique series of letters and numbers. And that is kind of how you tie that file to that thing. So we call that hash. Signatures work very much the same way.
341.9
And the idea here is if you go to some site, maybe like GitHub, right? They’ll say, “hey, here’s something that you can download. It’s a tool that we’ve created, and here’s the hash for it.” And the reason why they do that is because if you download it and it gets changed in flight– maybe because of a bundling attack, which we’ll talk about later– when you hash it on your system, the hash will be different if it’s been bundled into that same binary. So the idea here is that you download something, you run a quick hashing procedure on your system against the file, and you match that hash to the hash from the site.
376.7
And if they match, then you know that the file hasn’t been changed in transit and it’s at least authentic to what you downloaded. So that’s the idea there. What we can do with those hashes, or these indicators of compromise, maybe the URLs that we pulled from a file or we see in our network traffic. Maybe they’re heuristics, like just behavioural data. Is Office opening up PowerShell? That’s probably not good. why would a Word document be launching PowerShell? Why would my Word document be launching PowerShell, and then having PowerShell maybe scan for other hosts on the network? Those are all things that we talk about when we talk about behavioural and heuristical data.
414.3
Anyways, we can take those hashes and some of these indicators of compromise, and we stick them into engines like VirusTotal. There’s a bunch of them out there. VirusTotal’s maybe one of the bigger ones. It’s got a free version and a paid version, and the idea is that when someone does some analysis on a virus or a file that’s malicious, they stick it up there. They put the hash up there, and VirusTotal will show you the amount of antivirus engines that detected it, and some information about it. And if something like VirusTotal doesn’t work, the number one best malware research tool in the world is Google.
451.9
So if you’ve got some indicators of compromise, or you’ve got a URL, or you’ve got a file name or a hash, stick it in Google see what happens.

This video will consider the actual scope of malware, which is not always accurately portrayed in the media.

Malware can range from high levels of sophistication to low levels of sophistication. Still, unless you work in the industry, it may be hard to get a full overview of the range of daily attacks that the average computer user is subject to.

Investigate and share: The Verizon 2019 Data Breach Report is mentioned in this video. Read this summary of the 2020 edition. What is your main takeaway from the current state of cybersecurity? Share your reflections in the comments area at the bottom of this page.

This article is from the free online

Cyber Security Foundations: Common Malware Attacks and Defense Strategies

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education