DigitalVision Vectors/Getty Images
What common misconceptions do most people have about malware/ransomware? originally appeared on Quora: the place to gain and share knowledge, empowering people to learn from others and better understand the world.
Here are a number of common misconceptions that people have about malware/ransomware.
1) We hear about all the attacks, and there are only a few large attacks each year. Yes, we all read about WannaCry and NotPetya, and we all get updates on huge data leakage incidents, such as the cases of Yahoo or the more recent Equifax breach. These are the devastating incidents that are being reported, affecting tens of millions of people and shutting down companies and systems. But what happens in between? If we don’t hear about it, does it mean it’s not happening? The truth is that our systems monitor over 100 million malware attacks PER DAY, all over the world. Sometimes the goal is not to encrypt all computers files, or shut down the entire network. Rather, attackers can also infect networks with bots that quietly run on your computers until their remote command and control tells them to attack, they can steal user credentials and documents, or use a key-logger to log everything you type. These are the stealthy attacks we don’t tend to hear about, but they happen each and every day and they cause damage for the long run.
2) Thousands of attack methods are developed every day, making it impossible to cope with them. The reality is that attacks are becoming more sophisticated – but in many cases they are based on the same methods and same tools that are just packaged differently. In recent months we’ve seen some very sophisticated cyber weapons, some of which used vulnerabilities that were found by nation-state actors. When such attack methods are leaked, cyber-criminals can exploit extremely powerful tools, like in the case of the EternalBlue exploit used in the WannaCry attack. When we’re looking at the malware ecosystem as a whole, we see that in many of the cases, cybercriminals are not reinventing thousands of attack methods, but rather repackaging and creating new variants of the same types of malware. For them, it’s a cost-effective business model that allows them to quickly adapt and make as much gain as possible before being blocked again. For the security industry, it means that we need to constantly adjust our protections to catch these new and evasive variations of the same malware we already know.
3) There are thousands of devastating ransomware types out there. While many people hear all the time about ransomware and get the notion that the ransomware plague is driven by thousands of malware variants, the reality is slightly different. It’s true that the general trend of ransomware is on the rise, and one of our recent studies showed that in the first half of 2017, ransomware accounted for over 50% of the most common attack methods in the Americas, Europe and Asia. Yet, there are only a handful of massive, advanced variants, which can cause damage on a global scale. The rest can be considered “niche ransomware”, usually with considerably less distribution and overall impact on both home and enterprise users.
4) Adware is harmless. Many people in the security industry disregard adware as an acute form of malware. It has been perceived as mostly related to fraud, generating revenues based on fraudulent ad clicks or hijacking user browsers to manipulate web traffic. The truth is that adware is usually much more sophisticated and potentially as damaging as other forms of malware. Adware, such as Fireball, might not be deployed to serve malicious purposes, but has every technological capability to do so. In the Fireball example, it had the ability to run any code by running any code on victim computers and downloading any file or malware to it. Its distributors ended up being arrested by the Chinese police after earning nearly twelve million dollars by generating fake clicks. To sum, adware can definitely be a backdoor to networks, and I believe that in the months to follow we’ll be seeing more involvement of the security community against it.
5) You can’t block sophisticated malware; you can’t stop ransomware. This is the biggest misconception of all. Sophisticated, zero day malware (malware that was never seen before) can be blocked! Ransomware can be stopped and cause no harm. Less than 1% of companies and individuals use advanced threat prevention tools. So there’s no wonder people are feeling vulnerable. If we want to protect ourselves against sophisticated malware, we have to use the sophisticated security tools that exist today, and especially the one that focuses on addressing future malware.
This question originally appeared on Quora - the place to gain and share knowledge, empowering people to learn from others and better understand the world. You can follow Quora on Twitter, Facebook, and Google+. More questions:
- Computer Security: What steps should everyone take to ensure that their computers and mobile devices remain secure?
- Artificial Intelligence: What are you doing to keep CheckPoint relevant in this Machine Learning-AI world?
- Computer Hacking: Can we make a firewall which can defend our system as well as attack the hacker system?