A review of different types of cyberattacks and tools developed to extort users, the way we live and use computer systems and the internet. No system or company appears to be safe.
It’s interesting to see how malware has come to affect the daily lives of computer system and internet users. These malicious codes can lead to millions of dollars in losses because it’s a fact that no system is exempt from being compromised.
Malware can impact in various ways, from deleting stored files, slowing down computers due to high resource consumption, as is the case with computer worms, to issues related to the opening of backdoors that hackers or malware enthusiasts can use to gain higher-level access in systems or networks infected by these types of malicious code.
Throughout history, we have witnessed malware that has set precedents for the focus and development of viruses, worms, trojans, backdoors, rootkits, etc., that exist today. The Morris worm was the first of its kind to be developed, and its functionality was based on replicating itself within the memory of the early internet’s computers known as ARPANET. This worm wreaked havoc within the primitive network for 72 hours.
Today, the financial and informational losses, as well as the overall consequences of computer virus attacks, are enormous. These include bank account theft, carding, online scams, among other practices aimed at stealing money, and some forms of malware can encrypt all data and documents on an operating system, with developers demanding a substantial sum for the data’s release.
Malware has advanced to the point where it can be used for spying on individuals, leading to a real issue with a direct impact on people’s lives. This can make someone a target of political or military adversaries, among others, and even have a direct influence on a country’s elections to “tag” individuals of interest. This has led to political and social conflicts.
Mikko Hermanni Hyppönen, a Finnish computer security expert and creator of the Hyppönen Law related to IoT (Internet of Things) – a topic deserving of its own article – states, “Viruses don’t need to be malicious to be viruses. They just need to replicate.” Similar to their biological counterparts, viruses require a host to spread within computer systems. It’s important to clarify that vulnerabilities are not only found in malicious code, and there are a range of practices that deviate somewhat from programming and focus on obtaining information through “real-life attacks,” the well-known social engineering.
Types of malware, infection methods, and impacts
There’s no need to turn this article into a glossary about the categories of malicious code, and certainly not about their history, as there are countless websites out there that provide such information in a very detailed and well-explained manner. However, it’s essential to break down how malicious software operates and how it affects host systems, so let’s briefly review the types of malware and their impacts.
Computer viruses are typically acquired through malicious downloads, whether from an untrustworthy website, downloading a file from there, or even through the advertisements displayed on these sites. They can also be distributed through email using phishing techniques or by redirecting to harmful links. Viruses infect computer files, replicating and spreading within a network, causing performance problems, file damage or deletion, and issues with already installed programs.
Computer worms have their primary goal in exploiting the resources of computers and causing network overload. Unlike viruses, worms don’t require direct user interaction and have the ability to self-replicate. Over time, they’ve evolved to not only exploit network or computer resources but also to carry and release other types of malware once they infect a host. This malicious code seeks unpatched vulnerabilities and backdoors.
Trojan malware, like viruses, requires user interaction to infect, but unlike viruses, their objective isn’t limited to document destruction. Trojan payloads usually exploit vulnerabilities for the theft and transmission of information. This malware category is among the most versatile in terms of criminal activity, as it can obtain information from the infected device, making even bank accounts vulnerable.
Among the primary threats is also ransomware. This malware is aimed at extortion, as once it infects a device, it typically encrypts the information. To decrypt it, a ransom must be paid to the creator of the malicious code, who will then provide a password to regain access to the information. Ransomware can encrypt a range of files, up to the entire operating system. Ransomware represents perhaps the most serious threat to the computer sector, as the FBI’s Crime Complaint Center reported a 243% increase in the number of ransomware cases from 2013 to 2020. While there are no official figures, it’s speculated that companies have paid up to $40 million for the release of their server information.
This gives us an idea of the danger and reach of malware. We’re not only talking about data loss or the incapacitation of devices and equipment but also substantial financial losses and other impacts that, although less quantifiable, undeniably affect real-life situations.
The Danger of Malware
Due to the ease and accessibility of the internet in our daily lives, our personal data, as well as our bank account information, is stored on the servers of the services we use constantly. These computer systems are at constant risk, despite the efforts made by companies to protect them, as it’s nearly impossible to ensure the complete security of servers.
However, not only are the large company servers exposed to attacks, but any personal device is also at risk. In most cases, it’s the users themselves who unwittingly give malware access. It may sound incredible, but how is it that users bear the responsibility for malware infections? This happens because most malware is injected into seemingly legitimate programs, and this is the double-edged sword of online software piracy. Piracy enables us to obtain software that we can’t afford otherwise. We can hardly find something genuinely free, and that’s precisely the downside of this practice. Yes, we can access multimedia for free, but it carries significant risks.
Downloading files isn’t the only way we can get infected by malware. Suspicious website advertisements can lead to contracting malicious code, and it can also happen through email. This is why a stronger and more accessible culture of computer security is needed because we’re all exposed to malware attacks, and knowing how to prevent them is essential. It’s undeniable that at some point in our online lives, we’ll become infected with some form of malicious code.
While financial losses are a blow to companies, the loss of data such as photos or documents can be a significant issue for individuals who frequently use the internet. Corporations have the financial means to deal with these problems, but “ordinary” users can’t afford to recover their information by paying the “ransom” imposed by the creators of such malware, which often demands exorbitant amounts that the majority of the population cannot access.
The internet is a lawless place, where even large corporations and state laws (as mentioned in the previous article) haven’t been able to establish order, despite all efforts. Legislations haven’t effectively established rules to combat these activities legally, although some cases of scammers and malware distributors have been found and convicted. Like the case of biologist Joseph Popp, who sent twenty thousand floppy disks through postal mail containing the AIDS Trojan, requesting $189 in the name of the WHO, claiming to be conducting research to combat AIDS.
Another of the most well-known cases was that of Bradley Manning, who later transitioned to Chelsea Manning. Chelsea Manning is a former intelligence officer in the United States Army. According to information from XLSemanal magazine, Chelsea Manning leaked 243,270 diplomatic emails and 8,017 U.S. directives, along with approximately 92,000 reports about the Afghanistan war and around 400,000 reports about the Iraq war. These documents exposed the crimes and abuses committed by the U.S. military during the wars, and all this confidential information ended up in the hands of WikiLeaks, where it was published on Julian Assange’s website.
Maxim Senakh, a Russian national, was sentenced to 46 months in prison for using a botnet named Ebury. This malware had the capability to obtain usernames and passwords from computers running the Linux operating system. Using this network of “hijacked” computers for economic gain, Senakh redirected network traffic to generate ad clicks, thereby earning money without the knowledge of the affected individuals. Additionally, he sent emails that led to fraudulent websites or scams. While there are many more cases of this nature, they haven’t been able to, and it seems like they won’t be able to, eliminate this hydra. These blows to cybercrime appear to serve as reminders for more people to consider vulnerabilities and refine how they use malware.
Bonzi Buddy, discussing this malware would take several pages just to describe an internet phenomenon that affected many people in the early 2000s. Bonzi Buddy was perhaps the archetype of virtual assistants. This program was free, and its installer featured a mascot, a purple monkey that helped with certain activities that were becoming common on the internet as it was becoming more popular. It was possible to “talk” to the assistant, convert audio to text and send it by email, tell stories, play with it, and even sing songs. It was the closest thing to today’s artificial intelligence because it supposedly learned from the user’s online interactions. However, this was deception. When installing this Trojan, a spyware began collecting information from users. During registration, it asked for information like the user’s zip code and even their home address. Additionally, it displayed numerous pop-up windows promoting the developers’ software and products. To this day, it is considered the most efficient, dangerous, and effective malware ever created because, despite being very harmful, it was genuinely useful for users. It’s undoubtedly one of the most intriguing viruses in existence.
Scams and Information Theft on the Internet: Social Engineering
The encoding of malicious software is a growing problem that serves various nefarious purposes, such as file hijacking, disabling devices, creating backdoors, network collapse, and more. However, there are other techniques for obtaining sensitive information that ironically don’t require extensive programming knowledge, or in some cases, any at all. One of the most well-known practices is social engineering. You may be wondering, “What is social engineering?” and “Where can one learn this ‘engineering’?” Social engineering is nothing more than manipulation techniques used to gain administrator-level access to systems. This level of security grants complete freedom within the system, allowing for data manipulation, copying, deletion, and unrestricted access. It’s quite alarming, as administrator access to any network or device is typically reserved for the highest-ranking personnel within any company or institution.
The most vulnerable element in a system is undoubtedly the human factor. Therefore, this technique focuses on deceiving individuals or specific personnel through phone calls, on-site visits, and instant communication applications like WhatsApp, Messenger, Telegram, and others. The aim is to trick individuals or staff into accessing fraudulent websites and divulging information. This is particularly common in support desks, as constant communication is required, and it’s possible to impersonate a support worker to ensure access. This approach targets human gullibility more than the systems themselves.
Social engineering encompasses practices such as phishing, which involves “fishing” for individuals to fall into a scam. Typically, this occurs through messaging or email. A link is sent under the guise of a reputable institution, often banks, requesting various pieces of information to access a promotion or claiming that you’ve won a contest. Subsequently, to claim the supposed prize, more information, generally related to your bank account, is requested. For those with limited knowledge of internet security and little online savvy, it’s easy to fall victim to these practices. However, it is possible to avoid falling for such schemes by learning to recognize the origins of email domains, as they often don’t come from official addresses of the institution. Additionally, in the case of banks, they usually make it clear that they do not request such information through electronic means.
Baiting, pretexting, vishing, pharming, tailgating, quid pro quo, malicious devices—these are all practices that require an active role from the attacker to be successful. Baiting is the practice where victims are led to believe they’ve won a prize or benefit in exchange for money, as seen in the famous Nigerian prince scam back in 1995, where emails promised an inheritance from a prince. Due to supposed money management issues or bank fees, a large sum of money was requested, though it was minimal compared to the potential gain. Many fell for this scheme.
Malicious devices involve attackers leaving a USB drive in a public place. When the victim connects it to their computer, it becomes infected with malware, granting access to the attacker. Vishing, a combination of “voice” and “phishing,” is similar to phishing but conducted through phone calls, with the attacker impersonating a family member, a company, or technical support service.
Pharming involves creating fake websites that initially appear legitimate. However, they are not, as DNS service “poisoning” is typically used. Even when typing the correct website address, you could be directed to a fraudulent site.
Tailgating is a more complex social engineering technique that may involve company personnel or even outsiders deceiving authorized personnel to gain physical access and download information or cause direct damage to infrastructure. This practice primarily affects businesses.
Quid pro quo, meaning “something for something,” is a subtle technique that relies on the abuse of trust. Attackers disguise their true intentions with goodwill, and in exchange for information, the person involved must offer a service or goodwill gesture to earn the victim’s trust.
While this overview of cyberattacks is quick and concise, it’s clear that there are numerous tools available for committing cybercrimes. Fortunately, there are ways to mitigate these risks, such as regularly installing and updating antivirus and anti-ransomware software to analyze device vulnerabilities. Additionally, users can learn to distinguish legitimate websites from fraudulent ones. To achieve this, it’s essential to promote a culture of safe internet usage and educate the population about these issues. Learning to search for legitimate reviews and opinions about programs that help protect against cyber threats is crucial. Terms like IP, DNS, HTTP, cybercrime, malware, and their meanings, as well as how computer systems and the internet function, should be more widely understood to enable users to grasp, even at a basic level, how they interact in virtual environments.
The news agency EFE reports that in the first half of 2022, there were 156 billion attempted cyberattacks in Latin America, with 80 billion of these occurring in Mexico. This data is based on a report from the National Council of the Maquiladora and Export Manufacturing Industry (Index), and a significant portion of these attacks involved ransomware. It’s important to note that these statistics focus on attacks that impact businesses, and there aren’t specific figures available regarding the broader effects on internet users.
Surf Shark conducted research that provides insights into the density of attacks categorized by countries. In 2022, 87.3% of the analyzed data showed records of attacks below the global average. Russia had the highest incidence of leaked email accounts, highlighting a vulnerability. As a result, 8 out of 10 Russian internet users experienced attacks, while in France, the incidence was only 3 out of 10.
The COVID-19 pandemic dramatically increased the number of attacks recorded by both companies and individuals, leading to a corresponding rise in economic losses due to these practices. IBM presented the “2021 Cost of a Data Breach Report” conducted by the Ponemon Institute, which studied 537 data breaches across 17 countries and regions, encompassing 17 different sectors.
Given that the report spans 73 pages, I will summarize the most relevant data regarding the economic impact of malware. This is to emphasize the significant consequences of these practices on a company’s economy, even though companies may withstand such losses. Nonetheless, the primary focus of this note is the impact of malware. From 2020 to 2021, data breaches increased by 10%, largely driven by the rise in remote work. Being “outside” company premises, users took up to 58 days to detect attacks, resulting in a 17% increase in data breaches.
It is common for attackers to seek personal information through compromised accounts, and each lost account results in an estimated $180 in losses. While this cost may not be as high as in other examples, it’s important to clarify that the number of accounts stolen in such attacks is often substantial. For instance, consider the 2011 attack by the Lulzsec group on Sony, where total losses are estimated at $600,000. This is significant because the issue extends beyond the cost per account; criminals can gain access to the personal information of users of the affected company’s services.
Cloud services have arrived to simplify our daily tasks. Music, documents, video games, and all sorts of multimedia content are readily available in the cloud for direct use. However, this convenience also makes it fertile ground for the growth of cyberattacks and the proliferation of malware. In this report, the average cost is estimated to be $3.61 million for hybrid cloud services and around $1.70 million for public cloud services.
Finally, the cost of a breach due to ransomware is calculated at $4.62 million. This is highly significant, as when it comes to malware, businesses, institutions, and individuals are exposed to infections of this nature. It’s important to note that these costs only encompass notification, business loss, and responses, excluding the ransom payment for data recovery. Keep in mind that these figures represent averages, as it’s challenging to precisely calculate all the attacks, even within corporate analyses, not even with the support of a financial institution like IBM.
This brief introduction to malware has provided insight into the three primary types of malicious code and their operations. It has also shed light on the disruptions they cause in infected systems and networks. More importantly, it has highlighted the real-world implications of these attacks, both socially and economically, for individuals and businesses. What’s particularly intriguing is how these initially relatively harmless programs have evolved and become increasingly sophisticated, leading to severe problems in computer systems.
It seems that we are compelled to educate ourselves about the means of infection, the impacts, and how to identify suspicious programs, websites, emails, or any other multimedia content. This knowledge allows us to eliminate potential threats before interacting with them, thereby minimizing the risks we face in our online lives. I’ll reiterate that it’s impossible to navigate the chaos of modern life without an internet connection, but the advantages of the digital world are directly proportional to the risks we encounter.