From the course: The Cybersecurity Threat Landscape
Explore the threat of malware and ransomware
- [Instructor] Malware has been a serious cybersecurity threat to both individuals and organizations since the late 1980s. Ransomware has many of the same characteristics of malware, so it makes sense to examine them together. First, what is malware? Malware is a catchall term for any software that is designed to gain unauthorized access to computers or network equipment with the goals of causing damage, extracting information, or making money for the attackers. Malware can take on many forms, including viruses, worms, Trojans, rootkits, adware, and spyware. A growing form of malware attack is known as cryptojacking. This malware variant exploits a vulnerable computer and uses its resources to mine cryptocurrency. While there are many types of malware, the infection methods are often similar. There are two main ways that systems become infected with malware. The first is system vulnerabilities. These are flaws in hardware or software that allow malware to get installed and function. Usually, patches exist to fix these vulnerabilities, but users and organizations don't always apply these patches in a timely manner, leaving themselves exposed. And even old vulnerabilities are still targeted by malware attackers. In 2020, a Microsoft vulnerability first identified back in 2012 was still included in the FBI's list of the top 10 most exploited security flaws. The second most common way that systems get infected with malware is users falling prey to social engineering. This happens when attackers successfully convince a user to download infected software, open an infected email attachment, or connect an infected disk or drive. The system still needs to be vulnerable to the malware that the user introduces for it to work though. Now let's look at ransomware. Ransomware is a form of malware that has a special purpose. It encrypts data and files on the infected computer and instructs the user to send the attackers money to recover their information. In some cases, attackers will also steal files from the victim's systems and threaten to expose these files to the public to increase the pressure to pay. This is known as double extortion. Ransomware can be a lucrative income for attackers. In 2020, the FBI's internet crime complaint center, or IC3, received 2,474 ransomware complaints that cost victims over $29.1 million. Of course, these are only the attacks in America that were reported. The actual number of worldwide attacks and money made with ransomware is much higher. Although ransomware can use any of the malware attack techniques I mentioned earlier, one of the most common is the fake urgent email with a malicious link or attachment designed to trick users to click the link or open the attachment. This is a phishing attack, which is another threat I'll cover in this course. Due to their success and huge ransom demands, ransomware attacks have generated a lot of dramatic headlines, like this one about Acer getting charged up to a $100 million to get their data back after a ransomware attack. As long as systems remain vulnerable and users keep falling for social engineering attacks, malware and ransomware will continue to be serious components of the cybersecurity threat landscape.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.