Alternate format: Protect your organization from malware (ITSAP.00.057) (PDF, 375 KB
Threat actors can use malware, or malicious software, to infiltrate or damage networks, systems, and devices. Once malware is installed on your organization’s systems and devices, threat actors can gain access to sensitive information. This document introduces some common types of malware, tips for detecting whether your devices have been infected, and steps to protect your organization from being compromised by malware.
Common types of malware
Some of the most common types include the following examples:
- Virus: A computer program that spreads, usually without you knowing, by making copies of itself.
- Worm: A malicious program that executes independently and self-replicates, usually through network connections, to cause damage (e.g. deleting files, sending documents via email, or taking up bandwidth).
Spyware: Infected software that threat actors use to access your devices and steal sensitive information.
- Trojan Horse: A type of spyware disguised as harmless software to fool you into downloading the program.
- Adware: A type of spyware that tracks your Internet history and downloads to display pop-up advertisements related to products and services that might interest you.
- Keystroke logger (Keylogger): Software or hardware designed to capture your keystrokes. The keystrokes are stored or transmitted so that threat actors can use them to collect valued information.
- Rootkit: Programs that provide threat actors with access to your networks, systems, and devices. A rootkit disguises itself as an operating system component on your device.
- Ransomware: A type of malware that denies your access to data or a system until you pay a sum of money to the threat actor.
- VPNFilter Malware: Malware designed to infect routers so that threat actors can collect information, exploit devices, and block network traffic.
Ways that malware can infect
Some ways in which you could infect your networks, systems, and devices with malware include the following examples:
- Accepting pop-up advertisements
- Downloading unreliable software (e.g. disguised as a Flash Player update)
- Opening malicious email attachments
- Downloading media and software through untrusted vendors or means
- Sharing files (e.g. peer-to-peer file sharing services)
- Using removable media (e.g. USB, hard drives, CD, DVD) before scanning and verifying it
Signs of an infected device
It can be difficult to detect whether your devices have been infected with malware. Some symptoms to look out for include the following examples:
- Pop-up windows appearing on your device
- Homepage changes
- Spam emails sent from your account
- Page or system crashes
- Slow computer performance
- Unknown programs running on your device
- Unauthorized password changes
Tips to protect against malware
Some ways that you can protect your device from malware include the following:
- Back up your devices and information
- Install software updates and patches regularly and as soon as they are made available
- Use anti-virus software and keep it updated
- Use anti-phishing software
- Align software with the Domain-based Message Authentication, Reporting, and Conformance (DMARC) policy (e.g. email authentication and reporting protocol [domain-name visibility, notification of intrusion])
- Use a host intrusion detection system (HIDS)
- Use a firewall
- Install and execute only authorized applications through using application whitelisting
- Verify that files and attachments are legitimate before downloading them
- Use an ad blocker
- Use a data consumption application (e.g. track data usage on apps, when not in use, for suspicious activity)
- Avoid using public Wi-Fi
- Turn off Wi-Fi, GPS, and Bluetooth when not in use
- Do not share personal information on social media that could help threat actors hack into your other accounts (e.g. home address used as a security question to access banking information)
- Do not jailbreak (e.g. disable security measures imposed by device manufacturer) your device
Steps to address infected devices
If your device has been infected with malware, take the following steps to address the issue:
- Contact your IT security service desk immediately
- Disconnect the infected device from the network
- Turn off Wi-Fi and unplug network-carrying cables (e.g. Ethernet)
- Connect the device to a clean network and reinstall the operating system
- Run anti-virus software and scan all back-ups before restoring the device
- Reconnect the device to your network
- Monitor traffic and run anti-virus scans to ensure no malware remains
Anti-virus software defends devices against viruses, Trojans, worms, and spyware. Anti-virus software can identify known malware by scanning start-up files, boot records, and all files that go through the system. It can also monitor common applications.
Host intrusion detection systems (HIDS) monitor your system to detect intrusions and unauthorized access. HIDS allows you to see who is accessing and changing files in your system and what they are trying to do.
A firewall is a security barrier that protects the local system’s resources from being accessed from the outside. A network firewall restricts traffic from passing from one network to another. A host-based firewall restricts incoming and outgoing network activity for a single host or end points.