Malware is short for malicious software. It’s any software program or code that is deliberately designed to harm a computer system, steal data, or disrupt normal operations. 

Malware can disrupt operations, leading to lost productivity and revenue. It can also directly steal money through ransomware attacks, where malware encrypts a business’s data and demands a ransom payment to unlock it. This can force businesses to pay large sums or risk losing critical data.

Forms/types of Malware

Malware can take many forms, including:

• Viruses: These can spread from one device to another, infecting them and causing damage.
• Worms: Similar to viruses, but they can replicate themselves without needing a host program.
• Trojan horses: These disguise themselves as legitimate software to trick users into installing them. Once installed, they can steal data, damage the system, or download other malware.
• Spyware: This software secretly monitors a user’s activity and steals their personal information.
• Ransomware: This type of malware locks users out of their files or systems and demands a ransom payment to unlock them.
• Adware: This software bombards users with unwanted advertising.

Imagine your business is a well-organized warehouse. You have shelves stocked with valuable products (data), tools for your employees (software), and a security guard (firewall) to keep unauthorized people out. Malware can be compared to a thief that sneaks into the warehouse hidden inside a delivery box to damage your tools or steal your products. You might not even know he’s there until it’s too late. 

Why Should Businesses Care About Malware?

A malware attack can have a devastating impact, including: 

Financial Loss

Malware can disrupt operations, leading to lost productivity and revenue. It can also directly steal money through financial data theft (e.g. credit card information and bank account details) or by extorting the company through a ransomware attack. 

Data Breaches and Reputational Damage

A malware attack can compromise a company’s data security, leading to the exposure of sensitive customer information. This can result in regulatory fines and a breach of trust between your company and your customers.

Disrupted Operations

Malware can cripple a business’s IT systems, hindering email, file sharing, and other critical functions. This can lead to downtime, supply chain disruptions and even wasted resources as IT teams spend valuable hours cleaning up malware and repairing the damage.

Increased Security Threats

A successful malware attack can leave a business’s systems vulnerable to further attacks. Hackers may use the initial malware infection to gain a foothold in the system and launch more sophisticated attacks.

Malware In the Context of Cybersecurity Frameworks

The term malware frequently surfaces within the context of the MITRE ATT&CK framework. 

The MITRE ATT&CK framework serves as a globally accessible knowledge base that meticulously details the tactics, techniques, and procedures (TTPs) employed by adversaries during cyberattacks. It offers a standardized approach for describing real-world attacker behavior, enabling security professionals to:

• Detect: Identify malicious activity within their systems by recognizing patterns that align with known TTPs.
• Evaluate: Assess the severity and potential impact of a detected attack based on the associated TTPs.
• Respond: Develop effective countermeasures to mitigate the attack and prevent future occurrences.

Malware plays a crucial role within the MITRE ATT&CK framework as it represents a core tool leveraged by adversaries across various attack stages. The framework categorizes malware usage through different techniques, including:

• Initial Access: Malware is a common method for attackers to gain initial access to a victim’s system. Techniques may involve exploiting vulnerabilities in software (T1190: Use of Vulnerable Software), using phishing emails with malicious attachments (T1192: Phishing Link in Email), or deploying drive-by downloads (T1105: Injection of Malicious Code into Legitimate Website).
• Execution: Once initial access is established, attackers often deploy malware to execute malicious code on the compromised system. 
• Persistence: Attackers strive to maintain access to a compromised system for extended periods. Malware can be used to establish persistence by creating hidden startup processes .
• Defense Evasion: Malware can be equipped with techniques designed to bypass security controls and remain undetected. 

By mapping detected malicious activity to specific MITRE ATT&CK techniques, security professionals can gain valuable insights into the attacker’s goals and tactics. This knowledge empowers them to implement targeted defense strategies and prioritize remediation efforts.

Related Systems or Technologies

Malware can be prevented by the use of technologies and processes including: 

Antivirus and Anti-Malware Software: These programs act as the first line of defense, continuously scanning your system for known malware threats. They can quarantine or remove detected malware, preventing it from causing damage.

Firewalls: Firewalls act as gatekeepers, monitoring and filtering incoming and outgoing traffic on your network. Firewalls can block access to malicious websites known to distribute malware and prevent unauthorized connections to your system.

Intrusion Detection and Prevention Systems (IDS/IPS): These advanced systems monitor network activity and system logs for suspicious behavior that might indicate a malware attack. IDS can detect and alert security teams of potential threats, while IPS can actively block malicious activity.

Least Privilege Principle: This principle dictates that users should only be granted the minimum level of access required to perform their tasks. Limiting user privileges minimizes the potential damage caused by malware if it manages to infect a system.

Application Whitelisting: This approach allows only authorized applications to run on a system, preventing unauthorized or potentially malicious software from executing.

Backups: Regularly backing up your data allows you to restore critical information in case of a malware attack that encrypts or corrupts your files. Backups should be stored securely, ideally offline, to ensure they remain accessible even if your primary system is compromised.

Related Regulations or Compliance Goals

Malware has become such a pervasive threat that several industry regulations and compliance goals address the problem, including: 

1. PCI DSS (Payment Card Industry Data Security Standard)

Malware can be used to steal credit card information from a company’s systems. PCI DSS mandates specific requirements to mitigate this risk, such as:

• Requirement 5: Protect all systems against malware and regularly update antivirus software.
• Requirement 6: Develop and maintain secure applications and systems. This includes patching vulnerabilities that malware might exploit.

2. GDPR (General Data Protection Regulation)

GDPR focuses on protecting the personal data of individuals within the European Union (EU). A malware attack can lead to a data breach, exposing personal information like names, addresses, or social security numbers. GDPR mandates implementing appropriate technical and organizational measures to safeguard personal data, including measures against malware threats. Data breaches must be reported to the affected individuals and relevant authorities within specific timeframes.

3. HIPAA (Health Insurance Portability and Accountability Act)

Malware can compromise healthcare providers’ systems and steal sensitive patient data. HIPAA requires companies to implement appropriate safeguards to ensure the confidentiality, integrity, and security of PHI, including protection against malware attacks. It also requires companies to conduct  regular risk assessments to identify and address vulnerabilities.

4. NYDFS Cybersecurity Regulation (Part 500)

NYDFS focuses on protecting financial services companies’ data in New York State. Similar to PCI DSS, this regulation aims to safeguard sensitive financial data from malware threats. It requires implementing a cybersecurity program that addresses malware risks and maintaining a written incident response plan for handling potential data breaches caused by malware or other cyber threats.

5. NIST Cybersecurity Framework:

NIST provides a voluntary framework for managing cybersecurity risk. The framework outlines best practices for identifying, protecting against, detecting, responding to, and recovering from cybersecurity incidents, including malware attacks. Companies can leverage it to build a comprehensive approach to malware defense.