MALWARE: HOW TO STAY PROTECTED WHEN CONNECTED
What exactly is malware?
The term "malware" covers a whole range of malicious programs designed to infiltrate and damage the computers and networks you use every day. Malware can destroy your information, overwhelm our network or even shut them down completely.
Computer viruses are a well-known example. But, more and more, cybercriminals are using other types of malware to steal information and to extort money. The worst thing about malware is that it is designed to propagate with little or no intervention on your part.
How does malware spread?
Opening an email attachment
Attackers can send malware applications that start secretly collecting your information the moment attachments are opened. These malicious emails may appear to come from trusted sources such as your bank, Canada Post, or trusted contacts within your own contact list.
Clicking a browser pop-up or advertisement
Cybercriminals can design websites that exploit human error and common sense. A typical example runs like this: A pop-up ad warns you that you have a virus, so you need to click OK to clean your system and get rid of the virus. In fact, clicking OK is what installs the virus on your device/computer.
Opening a found USB drive
Social engineers can place a flashy looking media device (e.g. USB drive) in a strategic location in hopes you will find it. If you pick it up and plug it into your computer, malicious software can install in the background and grant the attacker full access to your device and all of your data.
What are the different types of malware?
A collection of infected computer that are connected in a coordinated fashion for malicious purposes. The compromised machines are often turned into “robots” or “zombies” and used to send out spam, spread malware or launch cyber-attacks.
A malicious program disguised as a legitimate software application. The malicious code is usually hidden (or embedded) in an email attachment or in a useful or interesting program, such as a computer game, in order to trick us into installing it.
A program often disguised as an email attachment and attaches itself to a document or to a genuine program on your computer. It usually has the ability to make copies of itself over and over again, in order to infect and corrupt additional files without your knowledge.
A malicious program that is usually secretly installed on your computer. Once it is activated, it gathers and transmits your information or actions (e.g. such as passwords, credit card numbers or web browsing habits) to the cybercriminal without your knowledge.
A type of malware that uses encryption to prevent you from using your computer or accessing your files until a fee is paid. Once the malware has infected your computer, a message appears, informing you that a fee must be paid in order to have your files decrypted or to remove the restriction to use your computer. Learn more by watching this video and checking out this infographic.
A self-replicating program that relies on computer networks to spread itself. Its primary purpose is infect as many computers as possible. Worms can easily spread through shared folders, e-mails, malicious web pages, network servers, etc.
Did you know?
Malware is often spread via phishing emails? Join us for a fun, interactive webinar to find out how you can protect yourself from these types of threats. Theo Zafirakos – CISO, our guest host from Terranova Security will teach us the common strategies cybercriminals use to trick us into sharing our information via email, text message or over the phone and what you can do to stop them! We'll also offer fun activities throughout. Click here to register.
How to Protect Yourself
- Never modify or disable antivirus software or any other protective mechanism installed on your computer. Make a habit of scanning:
- Email attachments
- Files that you download from the Internet
- USB keys, memory cards and other portable storage devices, prior to using them.
- Stick to legitimate websites or app stores when purchasing, downloading and/or installing software/apps. Never open or execute a program from an unknown or questionable source.
- Always be cautious with a suspicious or an unsolicited email message:
- Do not click on a link or a button within the message
- Do not download or open the email's attachments
Exercise vigilance, even if the message comes from a co-worker, friend or family member. Remember, cybercriminals can steal usernames and passwords in order to send emails on other people's behalf.
- Avoid browsing websites that provide pirated material. Not only are such websites often used to distribute malware, by downloading pirated movies, music or software, you may be exposing yourself to legal sanctions.
- When browsing the web, make a habit of carefully reading the content of a pop-up window before choosing an option or accepting an offer.
- Contact our Service Desk Team if you believe that your computer is infected with malware. Signs include:
- Extreme computer slowness
- Excessive hard drive activity
- Frequent computer or application crashes
- Unwanted pop-up windows
- Change in your browser's home page
In short, cybercriminals often distribute malware using email links and attachments or by hiding it in programs available for free on the Internet. The consequences of a malware infection can range from annoying advertising pop-up windows to significant loss or theft of your information.
In addition to infecting your computer, malware may spread over our organization's OR your home network, causing considerable damage and significant loss of productivity. The use of strong and regularly updated antivirus software combined with your vigilance are imperative when dealing with this type of threat.
Note: if you notice signs of malware infection, such as unusual computer behavior or unwanted pop-up windows, promptly contact our Service Desk team at:
PHC 604-806-9333 I email@example.com
To stay up to date on the latest security threats, visit our Security Awareness Hub. To report a suspicious email, forward email to firstname.lastname@example.org. If you have any questions, please email us at IMITSSecurity@phsa.ca.
Written by Joseph Tesoro, education awareness specialist, security awareness program and Sabrina Young, education awareness specialist, information security.
If you need to reach PHC’s Infection Prevention and Control Team (IPAC), please call local 69357. Do not contact individual IPAC team members.