When we think about breaking and entering, our minds probably conjure up an image of a masked thief, dressed in black, picking a lock on someone’s else house under the cover of darkness intending to ransack the home looking for valuables. But really, we all face a more common threat in our homes. That of breaking and entering by pests. Bugs and critters. Yes, pests can be a huge problem for our homes. From termites and carpenter ants, to roach infestations, perhaps even mice and rats. In recent years, as suburbs extend into rural areas, you hear more stories of raccoons, foxes and even bears “breaking and entering” into people’s homes and making off with stuff… and leaving a trail of damage behind them. Well this is also true for our digital homes. The places where we live and work digitally are vulnerable to breaking and entering by bugs. These bugs are called malware and they come in various forms and present different threats. The damage they can cause to our digital homes can vary from the annoying to the catastrophic. Securing our digital homes from malware bugs is something we all should take seriously, especially as our digital homes expand and these malware bugs adapt. In this article we discuss how to secure yourself from malware threats.
What Is Malware?
For something so dangerous and crippling, it’s amazing how innocently malware can make its way into your digital home. Malware is software which can be found attached to emails, hidden in ads, disguised in fraudulent links, or lying in wait for you at unsuspecting websites. It is used to harm or exploit computers and networks so that bad actors can then extract data or money. At their most basic, malware refers to applications designed to steal information. Don’t let yourself become vulnerable to malware! Make sure you’re extra careful online, and don’t just click on anything that looks suspicious – it could be malware.
The Scale of The Malware Infestation
Malware attacks are on the rise. The pandemic has likely added to the increase. In 2020, malware infestations in homes increased because people were working and learning remotely. The different environment, outside of a business office may have made employees now sitting at their dining room table, less wary of clicking on links, downloading apps or visiting sites that they would not normally consider if physically seated in their workplace office. Plus, businesses usually have more protection on their networks, and so with being home, those protections are greatly reduced.
But there’s also the fact that malware has become it’s own industry as hackers have become more sophisticated and professional in their efforts. By 2025 cybercrime is estimated to cost $10.5 trillion annually, and that’s just the impact on global business, and doesn’t include personal cybercrime attacks on your digital home!
Your passwords, financial information and other data are all at risk from malware. So, what are these malware bugs? What do they do? How do break and enter your digital home and steal your stuff? Below are the eight most common types of malware with some ideas of how to defend your digital home from them.
The Most Common Types of Malware Attacks
1) Adware
Adware involves malicious, unwanted advertising. It may be relatively harmless on its own, but it can be frustrating when spammy ads keep appearing every time you’re working on your PC. This will substantially reduce you and your device’s performance. Adware may seem harmless to users but it may lead them to download more harmful types of malware when clicking purposefully or inadvertently on the ad’s contents.
To protect yourselves from adware attacks, it’s important to keep your operating system and web browsers up-to-date. If you don’t, their security will be weaker and more likely to fall victim and unknowingly download malicious content.
2) Fileless Malware (Macros)
Fileless macro malware are not like traditional malware. Fileless malware does not use the usual executable files to infect devices. Rather, fileless malware exploits non-file objects such as macros that are commonly used in Microsoft Office. When starting a document, programs like Word and Excel can automatically launch macro programs in the background to assist with certain functions. These macros are usually platform-independent which means they can infect many different devices across platforms. This makes them attractive for cyber criminals who want to infect as many devices and impact as many people as possible.
One major fileless malware attack was Operation Cobalt Kitty. This was where the malicious organisation OceanLotus Group infiltrated several large businesses and spent six months operating behind covertly behind their network before being detected. Just goes to show that no entity, personal or corporation, is immune!
Since fileless viruses like macros don’t need an executable file, antivirus software struggles to detect them. That’s why it’s important that you are careful in granting rights and privileges on your family’s devices. If a child does not need administrator rights on their laptop, then don’t give them,. That way, you can monitor what is being installed and any changes that are being made because you will be the administrator of the device that is required to log in and do so.
3) Viruses & Polymorphic Viruses
A virus, having gained access to cells in your body will replicate and spread to others cells in your body. A virus can therefore spread like crazy and impact your health. So too with viruses in your digital home. A computer virus for example, can infect programs on your machine and can spread to other systems, in addition to performing its own damage to your computer. Usually a virus is attached to a file. Once that file is executed, the virus is released. Depending on the intent behind the virus, it will encrypt, corrupt, delete or move the stuff in your digital home.
Polymorphic Viruses are a strain of virus that are difficult for antivirus software to detect because these viruses morph (or change) in many possible ways as they spread from one to the other device. In other words, they evolve using slight variations with each new infection.
To defend against viruses, an enterprise-level antivirus solution can help you protect all your devices from a single location while maintaining central control and visibility. Make sure that you run full scans frequently and keep your antivirus definitions up to date.
4) Worms
Worms are similar to viruses in that they spread from one device to others but they don’t infect the programs but rather exploit known weaknesses. That is why it’s important to ensure your devices are updated, and all security patches have been installed. Enabling firewalls and using filters one mails can help spot files and links that contain worms.
5) Trojans
Trojan programs are like their Trojan horse namesake: they are legitimate programs but contain something malicious and have to be executed and run by a user in order to be activated. A trojan program pretends to be a legitimate one, but it is in fact malicious. A common point of access is via email or via links on a website. With trojans it is the people using them that will spread them, most times inadvertently of course, and that’s why they can be difficult to detect.
Prevent yourself becoming a victim of a trojan attack by avoiding downloading software and files from unknown sources. Always make sure it’s from a trusted source or a reputable, established developer or shopfront.
6) Scareware
Scareware is a type of malware that pretends to be something important, like antivirus software, in order to trick the user into buying it. This turns out to be fake and actually gives the victim a virus. An example is a message that says “Warning: your device has been infected,” and then goes on to provide a link to download software that will take care of the problem for you, which of course it doesn’t but instead infects your device with a virus.
This kind of malware can also come in the form of phishing where a site tricks the visitor into giving up access to their data. Emails can be used to direct you to the phishing site where the scareware does it’s thing: scares you into giving up information or downloading the virus.
7) Bots
BOTS are types of software that complete a certain task/function without human interaction. They can also spread from device to device creating a network of bots that can act collectively. This is called a Bot-Net. These devices can then be used to carry out major attacks, often without the device owner even knowing. In 2016 a massive Bot-originated Distributed Denial of Service (DDoS) attack took place that brought the internet on the Eastern US to it’s knees.
You can identify bots by using tools that filter out automated traffic. One example is CAPTCHA that you use on your forms to prevent mass bot submissions. This can help you keep track of bot traffic and block it when necessary.
8) Ransomware
Probably the most famous attack in recent years have been via ransomware. Ransomware attacks encrypt and hold a device’s data hostage until the hacker is paid in order to release it. Often the hacker will demand bitcoin or other cryptocurrency in exchange for releasing your assets and if the ransom isn’t paid by their deadline, the hacker threatens to delete data or release it publicly.
Unfortunately, paying the ransom may not help. Often, victims lose their data even if they do pay the fee. There have been high profile attacks on crucial services, including hospitals, communications, railway networks, and government departments and other agencies. Most people have heard of the WannaCry attack. It locked hundreds of thousands of devices across 150+ countries.
To avoid loss of data, it is important to have your assets backed up regularly. That way, should your device be rendered useless by a ransomware attack, you can still revert to a recent version of your data.
9) Cryptojackers
Cryptojackers are a recent scourge that have come with the meteoric rise in popularity of cryptocurrency. The big daddy of crypto, Bitcoin, requires that new coins be mined using computers. This takes work on computers that run mining software to generate the coins. Cryptojackers are malware that is covertly installed on your machine when you download a sketchy program or app. Their intent is not to steal your stuff, but to use your CPU power in the background to generate these coins. This means that you are paying for the higher than normal electricity usage to mint these new coins, but you will not be aware of it, and will not benefit from any crypto that is mined from your device. The cryptojackers have access to those newly minted coins, they are just using your power supply.
Again, avoid scammy looking links and downloads from sources you don’t trust. Even Norton’s own antivirus was impacted by this kind of
10) Spyware
Cyber-criminals use spyware to monitor the activities of users. These can be very serious as these programs and browser extensions can log keystrokes a user inputs during the day. In this way, the keylogger can access usernames, passwords and other confidential data. Even secured accounts that have strong passwords could be vulnerable.
As with other all malware, antivirus software can greatly help combat spyware. There are also ant-tracking browser extensions that eliminate spyware from following you as you surf the net.
11) Rootkits
Rootkits can be compared to cancer. They burrow deep into the operating system, hiding in the root of it. The virus can be hard to detect because it is buried so deep, and hides its existence. A firmware rootkit is a more advanced NSA-level type of rootkit. As with cancer, it isn’t easy to detect until it can be too late, and eliminating these rootkits can be difficult.
Some Simple Pest Control Steps to Keep Protect Yourself From Malware
Not all protection from malware pests requires investment in antivirus software and other services. Although there are some really great products to help keep your digital home pest-free, some of the most effective measures you can take are behavioral ones. Putting good habits in place can greatly increase your level of protection. Here are some simple steps you can take to protect your digital home from these malware pests.
1. Start With Device Updates
Make sure you don’t wait to update your computer. Very often updates fix known security flaws in your operating system. Make sure that your browsers are also up-to-date with the latest versions and any extensions too.
The more time you leave those updates, the more time cyber-criminals have to figure out how to exploit any vulnerabilities.
This also includes your smart phones. If there’s an update, download and install it as soon as you can. Don’t wait.
2. Delete old programs you no longer use.
Over time, we build up a number of programs and apps on our devices. You may have been testing some out, but forgot to remove them. Or, maybe you used to use one, but you found something better, perhaps a new version, but the old version remained on the device. Also over time our needs and interest can shift so we no longer require certain software. Take action: go through your program folder or home screens and delete all unused software that you simply forgot about it or no longer need.
If you are running old versions of operating systems like Windows, please realise that it may no longer be supported with software patches and security fixes, leaving you very exposed to attack.
3. Use strong passwords and a password manager
Having a strong password, especially for online accounts, will help reduce your risk of attack from malware pests. But what makes a password strong? A strong password is one that is unique, not recorded anywhere else, isn’t easily recognizable nor contains information that relates to your identity (e.g. birthday), is changed frequently, and isn’t used for more than one account. This means creating, storing and managing strong passwords can be a monster task. That’s where password managers like Keeper come in. It can do the generating, storing, managing and changing of strong passwords for you.
4. Scrutinize Your Emails
Emails are a popular way for hackers to get their content in front of your eyes and clicked by your mouse.
Phishing is a mainstay of cybercrime. It’s most effective when the recipients of the emails are not paying attention. There are certain tell-tales which make it easy to identify if something is phishy! 1) Verify the address of the sender. Is the sender from the company claimed? 2) Hover over the links in the email. Is the URL legitimate? 3) Pay attention to how the email is written the email’s language. Are there strange line breaks, awkward sentences? 4) Familiarize yourself with the typical methods important organizations will use to communicate with you. The IRS won’t contact you by email, for example. If you’re not sure, call the organization directly to aks them about the email.If you receive a text / SMS on your phone claiming to be your bank, do not verify any information via text. Instead, call your bank directly.
5. Don’t be scared into downloading software or calling fake tech support
Tech support scams are apart of the scareware industry. These often appear as pop-ups offering help with malware infections. A legitimate security company would never use pop-ups to market their services like this. Avoid them! Don’t click on them and don’t call the number on the pop-up!
6. Don’t believe cold-callers.
We may live in a hi-tech world, but some of the most effective methods a con artist can use are the good old ones of conversational persuasion. Cold calling by fake tech support agents claiming to be from companies like Microsoft is a strategy used by scammers. Or you may get a call reporting fraudulent activity on your credit card. Do not give any information over the phone. And don’t be afraid to ask questions. As you do, things will become apparent if it’s a scammer on the end of the line. Ask where they are calling from and if you can call them back. Hang up and check with your bank or credit card or relevant service providers directly to confirm any issue.
7. Make sure you’re connected to a secure network.
When you are browsing make sure you see the padlock in to the left of the URL address bar of the browser. The padlock indicates that any information transferred between your browser and the website remains private. Also make sure that the URL starts with “https” rather than “http”. The “s” stands for secured.
8. Done with a site? Then log out.
Make sure that when you visit and log into any website that you log out when you are leaving it. Don’t simply close the browser tab. You may be leaving the door open to your brokerage or banking account, or your healthcare provider’s site. There’s unscrupulous folks out there looking for such opportunities because they know how to access session histories and cookies in the computer that provide information allowing them to sign in to a site using your credentials.
9. Enable click-to-play plugins.
Malicious ads are everywhere. They even appear on respected, established sites. And in some cases you don’t even need to click on the ad to activate the malicious content. If your browser is set to automatically play content from these ads (typically flash or Java), the malicious content is activated without you doing anything other than visiting the site.
That’s why enabling “click-to-play” is helpful. This means that the automatic playing of these ads is prevented and will only start if you purposefully click the ad.
10. Deploy & Layer Firewall and Anti-Malware Programs
You can’t be protect yourself from every threat. But there is technology that can help protect you and your digital home. These are even more effective when they are used together in layers. For instance, make sure your firewall is on, or get one. Then add an anti-malware program from a trusted resource like malwarebytes, which protect your machine in real-time from attack.
The Final Score
Make sure you protect yourself against the growing threat of malware. The defense options are growing to face off with the cybercriminal’s growing arsenal of malware. Make sure you do what you can to protect your devices, identity and money by investing in antivirus software, firewall and VPNs. Be smart and stay safe!