10 types and 10 techniques of malware used by cybercriminals

Malware is malicious software or a program with harmful code that aims to damage or perform unauthorized actions against computer systems. The use of malware has increased by 28% compared to 2023. One of the most commonly used malware currently is ransomware. Spain is among the top 10 most cyber-attacked countries by this type of malware.

However, there are different types of malware and various techniques used to cyberattack a system.

Below, we will explain the most commonly used techniques and types of malware employed by cybercriminals, with the aim of compromising our computer systems and thus obtaining data or private information without prior consent.

10 types of malware

When a company has a cybersecurity problem, it is because a cybercriminal has managed to access its system or IT infrastructure, allowing them to deploy malware with the goal of gaining direct access to its information.

To achieve this, they may use different types of malware, which we will review below.

Ransomware

This is the most common type of malware and affects the most companies and organizations worldwide. An attack of this type encrypts and locks the information on the systems and demands a ransom payment for its recovery.

In 2023, about 60% of organizations were affected by this type of cyberattack. The amount paid for the ransom of such information has nearly tripled, with the average amount around $3,960,000.

Virus

This type of malware attaches itself to a legitimate program and spreads when we execute the infected file. Viruses can damage files, affect system performance, or carry out other malicious actions against a computer.

Trojan

As its name suggests, this malware disguises itself in programs that appear to be legitimate but contain malicious code that allows cybercriminals to access the affected organization's or company's system.

Among the most famous trojans is Emotet, a malware that spreads through spam emails. Infection occurs through malicious script files, documents with activated macros, or harmful links.

Spyware

It is a spy program that collects information from the infected system and then transmits it to an external entity, in this case, the cybercriminal.

This type of malicious software can be used for stealing passwords, obtaining banking data, general company information, or details about the activities performed on the infected computer.

Adware

It’s possible that at some point a giant ad popped up on your screen about a supermarket or a general website; if so, you have been infected by adware.

This type of malware displays unwanted ads and redirects users to malicious websites. Adware can slow down and hinder system performance and compromise user privacy.

Rootkits

This type of malware allows the cybercriminal to infiltrate a device and gain full control of the infected system. Rootkits can infect both operating systems or software as well as hardware or firmware.

Once inside the infected system, the cybercriminal can steal personal data, gain access to bank accounts, or install other malicious files.

Botnet

A botnet is a network of computers infected by malware that are controlled remotely by an attacker and can be used simultaneously to perform other malicious actions.

When you are a victim of this malware, you are generally unaware, but cybercriminals use it to steal data or sensitive information, sabotage web services, or mine cryptocurrencies without consent.

Worms

Computer worms share many characteristics with the viruses previously explained; these programs make copies of themselves, placing them in different locations on the computer.

The main difference between a worm and a virus is that a worm does not require the victim's activation to achieve its goal but instead propagates automatically.

Keyloggers

This type of software logs every key pressed on the keyboard of the infected device. A keylogger can have both legitimate and malicious uses. The malicious uses of this software can include stealing personal information or spying.

Cryptojacking

For cryptocurrency mining, powerful computer equipment is needed to obtain more cryptocurrencies. Cryptojacking is the unauthorized use of a computer (laptop or desktop) for cryptocurrency mining.

The mined cryptocurrencies are transferred to the cybercriminal’s private wallet, thus generating financial profit from this activity. This malware slows down and can even shorten the lifespan of the infected device.

Techniques and types of malware continually evolve and find new ways to exploit vulnerabilities in our systems. That’s why we recommend having a team of experts in this field to prevent the emergence of these malicious programs that can lead to data and information leaks from our company.

But how do cybercriminals operate? What is their modus operandi for launching their malware cyberattacks? Next, we will review the most commonly used malware deployment techniques by cybercriminals, based on the types of malware we discussed earlier.

10 malware deployment techniques

Exploit of vulnerabilities

To deploy malicious software, cybercriminals detect and exploit vulnerabilities found in systems to leverage them for launching their attacks. When we talk about vulnerabilities, we refer to any code errors in the operating system or software. The main types of vulnerabilities we might encounter are the following:

Application Vulnerabilities: In this case, the code error that cybercriminals exploit is found in a specific application.

Software Vulnerabilities: For software vulnerabilities, the code flaw affects a much broader range of operating systems.

Phishing

Phishing techniques involve the mass sending of fraudulent emails to steal login credentials or install malware on the affected systems.

Through an email, cybercriminals impersonate a recognized organization and attempt to obtain passwords, confidential information, or install malicious programs to later launch more damaging attacks.

Exploit Kits

Exploit kits are automated tools that search for and exploit the potential vulnerabilities previously explained in the systems of their victims. These kits can enter our systems through malicious links in ads or phishing emails.

Malvertising

In this case, the malware enters our system if we click on a malicious advertisement.

For example, when we want to download a program for our device and we are bombarded with numerous pop-ups urging us to do so, it is most likely that the download will compromise our systems.

Advanced phishing

This technique is the most recently used by cybercriminals. Unlike the phishing explained earlier, this type of technique involves greater personalization and is not sent on such a massive scale.

In this extreme personalization, social engineering comes into play. Social engineering is a manipulation technique used by cybercriminals to have their victims perform a specific action that can expose their data, such as: banking information, confidential documents or reports, passwords, etc.

Script-Based Injection

Script-based injection involves inserting malicious code into legitimate websites or emails, which is executed when the user interacts with them. The victim’s browser has no way of knowing that the malicious scripts are untrustworthy and executes them.

The goal of this attack is to obtain credentials, steal information, or disrupt a company’s operations.

Fileless malware

This attack is very difficult to detect, as it does not require the download or execution of any infected files to affect a system or computer. Fileless malware operates stealthily; this malicious code does not alter any system files. Instead, it runs simultaneously with the legitimate tools to which it is linked. Since these tools are essential for the operating system’s functionality in many cases, they are always active.

Brute force attacks

This type of attack uses a trial-and-error method to find access keys to computer systems or locate a hidden web page. Cybercriminals test all possible combinations to discover the passwords of the affected users.

In the following link, by entering your password, you can see how long it would take a cybercriminal to guess your access key. Generally, the longer the password, the harder it will be for the attacker to guess.

Polymorphic malware

For malware to be polymorphic means that it is constantly changing and adapting to avoid detection. Polymorphic code can transform rapidly, with a frequency of up to every 15-20 seconds.

Almost 97% of malware infections are polymorphic, as it makes it difficult to detect these malicious programs in infected systems.

Social media

Direct messages on social media platforms like Instagram or Facebook asking you to access an attached link have become very common among users of these networks. The method is similar to phishing: by accessing the link and entering your credentials or banking information, cybercriminals obtain the information they want and can proceed with their cyberattack.

Most of these types and techniques are difficult to detect, and by the time they are noticed, it is often too late. If you are experiencing issues with your computer systems or believe you have been a victim of one of these cyberattacks, do not hesitate to contact us through the following link.