Security breaches caused by malware cost the business world $491 billion in 2014, according to the IDC and NUS. This cost includes the considerable time spent on remediation and recovery from the breach. With new malware threats emerging at a prolific rate, businesses need to be well-equipped to deal with the potential hazards.

The following are 6 examples of recent malware affecting banking, ecommerce, government and general business organisations.

Dyreza – Banking malware

Uncovered by security researchers in 2014, Dyreza is a form of malware that targets customers of major banks. The malware uses a man-in-the-middle attack that lets hackers intercept unencrypted web traffic using a technique called “browser hooking”. This works by using a compromised computer to interrupt the traffic flow between user’s devices and the target website. Google Chrome, Mozilla Firefox and Internet Explorer are all vulnerable to this form of attack.

Backoff – Point of Sale (POS) malware

Backoff POS malware is used to identify and steal credit card and transaction data via traditional memory scraping mechanisms. Similar in nature to Alina, BlackPOS and Dexter, Backoff uploads collected data to a hardcoded C2, also allowing for further downloading and executing of additional malware.

Win32/Crowti – File encryption malware

Crowti malware, or ransomware as it is sometimes referred to, affects both home and business users and causes files on machines to become encrypted. Users are then asked to make a payment in order to unlock the files. Spam email campaigns are the method used for infection which can then be spread using exploit kits such as Nuclear, RIG, and RedKit V2 which can take advantage of Java and Flash vulnerabilities.

BlackEnergy – Cyber-espionage malware

First discovered several years ago, BlackEnergy was originally used for instigating distributed denial of service attacks (DDoS). However, over time the malware evolved and has been linked to several cyber-espionage attacks including spying operations on NATO. The malware spreads through exploitation of software vulnerabilities and infection is sometimes initiated through phishing attempts using compromised Microsoft Word or Powerpoint documents.

Andr/BBridge-A – Android smartphone malware

Businesses using Android smartphones should be aware of Andr/BBridge-A, which can install malicious apps using HTTP to communicate with a central server and then leaks potentially identifiable information. These malicious apps can read and send SMS messages, potentially costing the user or business money in the process. The maliciousness of the software is taken a step further by its ability to scan incoming SMS messages and remove warnings that are you are being charged a premium for using services it has signed you up for.

Suspicious.Emit – Trojan horse

Suspicious.Emit is a sophisticated backdoor Trojan horse that allows an attacker to gain unauthorised access to an infected computer. It works by using code injection techniques to evade detection and places an autorun.inf file in the root directory of the infected device.

Protecting your business

Advanced Threat Detection technology can help organisations to protect themselves against these documented types of malware plus many thousands of others. For organisations dealing in sensitive financial or personal customer data, using an IT security firm who provide a fully managed threat detection service may be an advisable option. Such providers can alert you to genuine security incidents that require action, providing a level of reporting your business needs to meet regulatory compliance and management demands.

Author Bio

Simon Heron is the CTO at Redscan Ltd, a managed security company, where he is responsible for developing the overall business and technology strategy and growth.

Heron has more than 16 years’ experience in the IT industry, including eight years’ experience in internet security. During this time he has developed and designed technologies ranging from firewalls, anti-virus, LANs and WANs.

Prior to Redscan, Heron co-founded and was Technical Director of Cresco Technologies Ltd, a network design and simulation solution company with customers in the USA, Europe and China. Heron began his career as a digital hardware and software engineer, developing pioneering speech recognition technology before moving on to work for the British Antarctic Survey (B.A.S.) as science project leader. While at the B.A.S. he spent two Antarctic winters at the research station Halley in the Antarctic, developing and enhancing graphical technologies in the harshest of conditions.

Heron has an MSc in Microprocessor Technology and Applications, and a BSc in Naval Architecture and Shipbuilding and is a Certified Information Systems Security Professional (CISSP) and is a PCI-DSS Implementor (PCI-IM).