Skip main navigation

New offer! Get 30% off one whole year of Unlimited learning. Subscribe for just £249.99 £174.99. New subscribers only T&Cs apply

Find out more

Hybrid Malware: What It Is, and What Are the Common Techniques

Hybrid malware typically combines several malware families together to perform a complex attack. Watch Skylar Simmons explain more.
In this section, we’re going to talk about hybrid attacks. And this is going to be a pretty short section. I think we’ve already covered a lot of it, and it’ll become obvious as we get into the next slide. So what’s hybrid malware? Hybrid malware is just any malware that combines several malware families together to perform complex attack. And it’s typically going to feature a Trojan to act as a dropper, a worm to help propagate, and a payload such as a virus or ransomware, what the end goal is, whether it’s to exfiltrate data or just to get a hook in to do some sort of spyware activity.
And basically everything we’ve talked about so far has been a hybrid attack when you think about it. We mentioned Stuxnet and that’s a worm that’s going to do its propagation, it’s a virus that’s going to speed up the centrifuges to cause them to fail faster. Or when we talked about NotEternalBlue, when we talk about NotPetya. NotPetya had a worm component to it that’d help it replicate itself across the network. But then it was also a piece of ransomware, that was that payload. And then a lot of things that we’ve talked about have used a Trojan as the dropper, which is where we reference the phishing attack a lot, using an Office document with a malicious macro in it.
We saw that previously. And then that macro will maybe do something like execute PowerShell. So now we’re talking about a Trojan that gets in the foulest malware. And then that PowerShell maybe is going to download another file that is going to do ransomware, but the PowerShell is also going to spread throughout the network. So most things nowadays are hybrid attacks. I think that the world of malware has gotten to a point where it’s not so easy to say, “Oh, this is just ransomware”. And it has no traits of anything else. I think almost everything we see has at least more than one kind of class combined to it.
And the way that we categorize it is by which is its most dominant class. The reason that we talk about NotPetya as ransomware or Petya as ransomware is because that was the major impact from it, is that it encrypted systems. Now if the major impact of something was just that it was an incredibly fast spreading piece of malware, even if it didn’t really do much, then we call it more like a worm. Maybe that’s how we would classify that. So I think that the takeaway here is just that a lot of malware these days, if not all of it, is hybrid malware.
And it’s going to be using all of the techniques that we talked about so far, at least a lot of them. It’s going to be using your Trojans to get on to the system. It’s going to be using worms to help itself propagate. And then it’s got payload, and that payload’s going to be defined as like a virus or ransomware, adware, or spyware– something else that we’ve talked about. Yeah, and that’s it. So the next video is just going to be a quick course conclusion.

In this video, we will consider how hybrid malware combines several malware families together to perform a complex attack.

The malware will typically be categorized by its dominant component, even if there is more than one type of malware present. Most malware today is hybrid malware. For example, it could use a Trojan as a dropper, a worm to help propagate, and a payload.

Reflect and share: Considering the examples covered in this course, do you agree with the following statement as far as cybercrime is concerned: “This is only the beginning?” Explain your answer.

This article is from the free online

Cyber Security Foundations: Common Malware Attacks and Defense Strategies

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now