The Relationship Between Malware Prevention and Data Breach Prevention

by | Jul 9, 2019 | Cyber Incident and Response

When we discuss the problems of malware on industry, our conversations around the water cooler often focus on the symptoms. We discuss the immediate problems experienced by malware: slowing down computers, locking operators out of programs. But there is a cause-effect relationship between malware and the data breaches that they are usually meant to create. There are many different types of malware, but all of them are simply different kinds of tools. As tools, they are designed for a purpose. Some steal accessibility, such as a DDoS attack will do. Some malware is to help steal money, such as with a ransomware attack. Some steal operations and energy, like a crypto-mining attack. But a lot of the covert theft operations that utilize malware is to steal data. Often the malware lurks in networks undetected, and data theft operations can happen over a significant period of time. The attack on Marriott International continued from 2014 to 2018, ultimately impacting 500 million customers by exposing name and contact information of guests, 100 million of those additionally having their credit card information exposed.

There are other methods for cyber criminals to get at data that does not necessarily involve malware. Some may look for unsecured access points into a network, others will seek to learn login credentials of networks not protected with multi-factor authentication. But the biggest and baddest data breaches usually involve the help of one kind of malware or another.

Why Old Threats are Still Threats

Malware that is instrumental in bringing about data breaches involve many common culprits that have been around for a while. Malware such as spyware has been around since the mid-nineties, often installed into computers and networks via phishing emails. This method of data theft is dependent upon network operators to witlessly open the emails, and thereby install the spyware into the network. This is an old trick that still works. And spyware does exactly what the name implies: it spies, and reports to its master the things it sees. It may track online behavior and internet usage, your login and password information, or identity and credit card information. Spyware can still be hard to identify and it may go undetected for a long time. Why has no one been able to eradicate some of these known threats? The reason why is twofold:

  1. No one has yet solved the problem of human error, which is responsible for every phishing email that has ever been opened, and
  2. Businesses and enterprises do not invest in a complete security solution that will guard their systems adequately for all the points of potential infection. The lure of cutting corners and betting against a breach is still in the psyche of most businesses and enterprises.

New Malware: Approaches and Designs

Along with the old threats that still hound cyberspace, there are also the new threats: new designs and approaches to malware that attempt to skirt patches and antivirus software. One such example is Plurox, a new strain of malware recently discovered. It has the interesting capability of acting as a Trojan, a virus, and a worm all at the same time, masquerading as “plugins” in the system it inhabits. Its primary reason for existence is crypto-mining, but its design makes it versatile for other theft objectives as well. Businesses need to defend against new and innovated exploits as well as old.

Different Solutions Combat Different Exploits

Learning the fundamental differences between malware types, their makeup, and their behaviors, will equip you with understanding all the various network security solutions that are capable of preventing each one. You will also, subsequently, learn the solutions and methods being used to catch new threats as they are developed, and how to design your system to protect your sensitive data from all these threats.

In the next weeks we will evaluate distinctive malware threats and what exists to combat them. Guarding your company’s data is of primary importance, and there is no cure after a data breach has happened: information that is stolen is stolen for good. When a credit reporting company like Equifax can lose control of the Social Security and driver’s license numbers of almost 150 million Americans (not to mention all the credit card numbers), and almost daily we see stories of healthcare organizations (under the auspices of HIPAA guidelines) becoming victims of data breach, it is about time that all businesses consider that comprehensive data security is a cornerstone of doing business, and comprehensive malware protection must be a part of that plan.


Hybrid VDI - Total Economic Impact of VMWare End User Computing