Threatware (malware, spyware) is a category of malicious computer programs designed to harm computers. The programs are spread by cybercriminals to wreak havoc and gain access to sensitive information. They include trojan horses, adware, rootkits, ransomware, worms, and keyloggers. Recently, ransomware has been in the news as hackers are using it to hold IT systems and data hostage.
Ransomware attacks on JBS Foods, Colonial Pipeline, and other major organizations made headlines earlier this year. Hackers exploit security weaknesses and hold the data of companies, governments, and organizations hostage, at times demanding tens of millions of dollars in payment.
Read deeper on the Colonial Pipeline hack on eSecurityPlanet
In this definition...
How does threatware spread?
Threatware can spread in different ways. Here are the most common:
- Opening an email attachment with malware
- Downloading free or legitimate software that secretly contains threatware
- Visiting a website infected with malware
- Clicking a pop-up window or a fake error message that initiates a threatware download
If successful in infecting a network, threatware can spread quickly to devices like computers. Some malware types start encrypting files several days after being downloaded, while others download in segments to try and trick antivirus software.
4 ways businesses can defend against threatware
1. Limit File-Sharing
Some sites and applications allow users to easily share files but offer little protection against threatware. Malware might be disguised as a movie, a game, or a program. Be extra careful when exchanging or downloading files.
2. Use Antivirus Software
Antivirus software detects, prevents, and eliminates malicious software in a computer. It scans files for malware before opening them. The software should be set to automatically update and perform regular scans so operating systems work efficiently.
3. Run Software Updates Regularly
Software updates are crucial because they often include patches to security holes. They remove outdated features and improve the stability of software. Outdated software is susceptible to malware infections and cyber concerns like ransomware.
4. Avoid Clicking Strange Links or Downloading Unknown or Unsolicited Files
Stop visiting unknown websites and clicking random links. Clickbait links (eye-catching links leading to websites) are sometimes used in phishing attacks, driving users to a different page where they unknowingly install malware or enter their personal information. Also, downloading files on unfamiliar sites–like pirated music videos or movies–can infect a system.
Top cybersecurity solutions
NINJIO is a cybersecurity awareness training and simulated phishing services company that empowers individuals and organizations to become defenders against cyberthreats. The company creates 3 to 4-minute, Hollywood style micro-learning videos that teach organizations, employees, and families how not to get hacked.
Heimdal Threat Prevention is an advanced DNS, HTTP, and HTTPS filtering product that adds prevention and threat hunting on top of traditional protection, detection, and response. It enriches any existing antivirus, going beyond signature-based recognition and spotting both known and unknown malware strains. Powered by proprietary technologies, the Heimdal DNS security product allows you to gain code-autonomous protection against multiple attack vectors.
Intruder is the top-rated vulnerability scanner. It saves you time by helping prioritise the most critical vulnerabilities, to avoid exposing your systems. Intruder has direct integrations with cloud providers and runs thousands of thorough checks. It will proactively scan your systems for new threats, such as Spring4Shell, giving you peace of mind. Intruder makes it easy to find and fix issues such as misconfigurations, missing patches, application bugs, and more. Try a free 30-day free trial.
What to look for in threatware protection software
- Anti-threatware protection: this may seem obvious, but an antivirus must have anti-malware protection tools that monitor and secure the entire attack chain. It should offer file protection and automatic file recovery.
- Exploit prevention: this protects a network by minimizing exploits in vulnerable applications, identifying malicious behavior in a system, and safeguarding critical processes in web browsers.
- Cybersecurity and data protection: combining cybersecurity and data protection in a single, central platform reduces the security vulnerabilities linked to having multiple vendors supporting many tools across a system.
- Backup and recovery: the threatware protection software should have extensive backup and recovery features to help get your business back up and running quickly.