Malware 101: Criminal Strategies, Pt. 1
It’s easy to think, “I won’t be a victim of a cyberattack.” But the truth is that millions and millions of people in the United States alone are victims of cybercrime, and malicious emails are becoming more prominent in this cyber-dependent world. To put that into perspective, in 2017, over 20 million people were victims of fraud. Over 20 million.
The important question is: How do people become victims of these cybercrimes? The simple answer is that cybercriminals target what is easily exploitable. Oftentimes, that means the people themselves.
In a controlled space, whether it be a home or a place of business, there are two entities that can be exploited: the people and the network. The focus of this article will be how cybercriminals take advantage of individual persons and trick their victims into giving them access to the system, which they can then infect with malware.
One of the most common ways for hackers to weasel their way into a system by route of a user is through email. A person can receive dozens of emails every day, and a frightening portion of those emails can contain malware programmed to infect and spread across a network. When it comes to phishing, phishers use cloak-and-dagger tactics to infect the end-user’s computer. These tactics can range from messing with domain names in their emails and putting in false links to webpages, to assuming the identity of a high-ranking employee in a company to steal money. Spoofing a domain name can be as easy as firstname.lastname@example.org, and a false link is just as mischievous: www.rnissionrnultiplier.com (take a close look at the “m’s”). The hacker’s goal is to make the end-user think the email and all material within it is safe. Once that happens, the recipient is much more likely to click on anything sent to them. Depending on what the phisher wants the end-user to click, two things can happen: the individual may be brought to a site that downloads malware, or by downloading/viewing an attached document, the individual inadvertently gives the go ahead for malware embedded in that document to enter the system.
Phishing can be used to install spyware, which can record a variety of actions on a computer. (This does not include spyware related to adware.) Hackers can gain access to a computer through rootkits and keyloggers, which give them direct access, or the means to gaining access, to the computer or to the personal online accounts of the user. For example, if an end-user unknowingly downloads a keylogger, the hacker can learn that user’s log-in credentials for their online shopping accounts. If that user has his or her credit card information saved on the account, the hacker can go on a spending spree for as long as the card stays active and they aren’t caught.
Another tactic used by cybercriminals is disguising malware as safe software, aka a trojan horse. From a coding point of view, a Trojan horse is a lie wrapped in a pretty package. Create the malware, and then format its presentation to say something else entirely and look family friendly. “X-ing” out of something is a programmable function. So the hacker can create a button that looks like a run-of-the-mill close function, but program it to do whatever he or she wants. Anybody ever hear of that naughty virus where whenever a person tries to close the pop-up another one would appear? This makes the strategy behind a trojan horse similar to a phishing scam. The goal is to trick the victim into thinking the unsafe application is, in fact, totally safe.
A real-world example of a trojan horse at work is the ransomware known as SimpleLocker. First, the malware was downloaded as an app to be played on the Android OS. All the programmer had to do was make the app look like anything worth downloading, as long as it didn’t look dangerous. Once downloaded, the virus took root, locking the phone, and sending out a second trojan horse: a message explaining the user’s phone had been locked due to the distribution of illicit material. Users were told that if they wanted to unlock their phones, they had to pay. Although not a second instance malware, the message was a program designed to further mislead the user away from the immediate conclusion that they had fallen prey to a classic case of ransomware.
Why do people fall for these tricks? We’ve answered the question of how they fall victim, but knowing what we know, surely people wouldn’t actually click the links, right? You would hope so, but people have an uncanny knack for operating under the assumption of “I won’t be the victim of a cyberattack” and making poor decisions because of it.
Even if you know what to look out for, that doesn’t mean a hacker can’t get around you. We’ll cover that in the next installment of our Malware 101 series.
If you, your organization or company, or someone you know would like more information about our company or the strategies cybercriminals might use to trick you, please do not hesitate to reach out to Mission Multiplier at email@example.com.