Search


Tagged with Malware x Gabim x Fjalëkalimi x Taktik�� x

Malware

Malware (malicious software) is a general term for software used to interfere with a computer, gather sensitive information, or gain access to a protected information system. This type of software is created and used by cybercriminals and other malicious actors, even governments, to intentionally harm an information system. 

The most recognizable types of malware are computer viruses , but there are other types such as ransomware , trojans , adware, spyware and worms . Each type of malware has its own way of functioning, so the damage caused by each of them is of different degree. 

Despite the fact that there are certain definitions and divisions of malware, the categories cannot be definitively distinguished, so it often happens that one malware performs activities that are characteristic of other types of malware. 

Malware is distributed in a variety of ways. Most users download malware themselves, but as installed programs and devices communicate on the internet in different ways due to their activity, they sometimes have different vulnerabilities that attackers can take advantage of. In most cases, these vulnerabilities are addressed by software and hardware vendors, so it is important to regularly install software and device updates. 

Malware can perform a variety of operations, ranging from redirecting users to fake websites to destabilising the entire system. A special type of malware are keyloggers, which record keyboard strokes and send the records to third parties. Also, there is a type of malware that has the ability to send several thousand emails from an infected computer. Here are some other common types of malware:

  • A virus is a type of malware that replicates itself in existing files, programs, and even the operating system  itself. It usually modifies the contents of files or deletes them, which can cause the system to crash if a virus deletes a system file;
  • A trojan is a type of malware that, when installed, performs operations that are defined by the attacker, most often deleting or modifying data, but it can often damage the entire system. They usually look like regular and useful installation files, so that is how they got their name;
  • Adware (advertising software) is a type of malware that automatically displays advertisements when searching the internet when it infects the system, which brings revenue to the person who created it;
  • Spyware (spying software) is a type of malware that collects data from an infected system and passes it on to a third party, usually the one which created it. With this malware, unauthorised persons can gain access to passwords  , personal data, correspondence, etc;
  • A worm is a type of malware that replicates itself. This means that if one computer within the system is infected, it is very likely that all computers connected to it will be infected after a certain time. It most often damages the network and the system by slowing down the flow of data in the network. Worms are independent malware, i.e. unlike viruses, they do not have to be linked to an existing program to be transmitted.

Organisations nowadays face one of the biggest security problems and forms of cybercrime, a form of malicious software called ransomware. This form of malware encrypts  files on anything from a single computer all the way up to an entire network, including servers , so that the files cannot be accessed without a decryption key. The attackers then ask for payments in cryptocurrency to provide targets with the decryption key, usually within a short time frame to put more pressure on the targets. 

Some ransomware infections start with clicking on what looks like an innocent attachment that, when opened, downloads the malicious files and begins the encryption process. Larger ransomware campaigns use software exploits and flaws, cracked passwords and other vulnerabilities to gain access to organisational systems using weak points such as internet-facing servers or remote-desktop logins to gain access. The attackers will secretly hunt through the network until they control as much as possible – before encrypting all they can.

Victims of ransomware attack can often be left with few choices; they can either regain access to their encrypted files by paying a ransom to the criminals behind the ransomware, restore files from backups or hope that there is a decryption method freely available.

Small and medium-sized businesses are commonly targeted by ransomware because they tend to have poorer security standards and practices compared to larger corporations.

It is not always easy to recognise malware, as it often happens that users are initially unaware that their device/system is infected. Sometimes malware activity can be noticed due to spontaneous deterioration of system performance. The average user certainly cannot completely remove malware on their own without the use of specific anti-malware software. These programs monitor the system, scan the files downloaded from the internet and email, and if they find any malware, they quarantine it or delete it, depending on the settings. 

However, it is not enough to just install a specific application  that will scan and remove malware - it is also important that users do not install untrusted applications, click on suspicious links, open suspicious emails or visit unreliable websites.

Data backup Digital hygiene Malware Damage Cybercrime Device reset System restore

Most common cyber incidents

According to the most general classification, technical attacks can be carried out either without direct access to the server or with the need of access to the server. In the first group are mostly incidents whose most important goal is to prevent access to the content of the site. 

There are several ways to crash a server, and the most commonly used is a DDoS (Distributed Denial of Service) attack. This means that a huge number of devices simultaneously send access requests to the attacked server, which cannot answer all the queries and simply stops working. After the attack stops, in most cases the server and the site work normally. 

Ransomware is a form of malware which encrypts files on anything from a single computer all the way up to an entire network, including servers, so that the files cannot be accessed without a decryption key. The attackers then ask for payments in cryptocurrency to provide targets with the decryption key, usually within a short time frame to put more pressure on the targets. 

Phishing is focused on exploiting the lack of knowledge or gullibility of the target and is mostly done by email. It is usually used for various scams, such as the famed “Nigerian Prince”, infecting devices with malware or gaining access to sensitive information, such as financial data or login credentials. Potential targets are sent a fraudulent message which is made to look authentic and as if it was coming from someone from the position of authority, such as a bank or police. The recipient is then asked in the email to open the attached file or click on a link in order to do something very important, e.g. to update bank account information or review a received payment. 

Interception of communication (voice, video, text chats, internet traffic) is also a risk, as there are actors such as intelligence agencies and criminals with advanced capabilities and resources to conduct surveillance of unencrypted communications channels. Issues such as government hacking are becoming increasingly dangerous for citizens’ communications privacy due to the growing surveillance industry, which keeps developing and selling one advanced product after the next.

Code injection is a more sophisticated type of attack, when malicious code is inserted through some open form of the site or through a URL. The goal of the attack is to instigate the database or other part of the site to perform operations that have no visible result, but occupy the server's resources until they flood it with activities, thus shutting it down. In some cases, after these attacks, the site becomes unusable, so the content is restored with the last saved copy . Regular backup of the site is rightly considered an elementary security procedure. 

Trojans that enter the system through social engineering are first on the list when it comes to the number of some types of attacks. Users usually pick up the infection on obscure websites where they recklessly accept the warning that they are “infected” and activate a fake antivirus. In this way, millions of hacking attacks are carried out each year, which puts the trojans in an unsurpassed advantage over other hacker attacks. The best protection against this type of attack is education and information about modern forms of threats. In organisations, this problem is somehow solved by filtering sites that can be accessed from a computer in the local network. 

Computer worms are malicious programs that multiply themselves, using computer networks to transmit to other computers, usually without human intervention. They can arrive as an email attachment and their operation is enabled by security vulnerabilities in the operating system. The best protection against worm attacks are antivirus software and quality passwords [PASSWORS]. Other good methods are firewalls, not opening suspicious emails and regular software updates.

Online harassment includes many forms of abuse, such as impersonation (i.e. someone making a fake social media or email account with your personal data), smear campaigns, hate speech, threats, cyberstalking, etc. When such incidents occur, it is best to report and block the accounts in question and gather any digital evidence to be used for potentially filing a criminal complaint: relevant links or URL addresses, screenshots  of profiles and messages, phone/app  call logs and similar. 

Attacks that require access to a server are mostly complex and more serious. They are aimed at stealing data, altering content, placing fake content and disabling access to content. These attacks are complex because the attacker must break through all the security measures set on the server in order to reach certain passwords, access codes and the like. They also require greater expertise of the attacker.

Server DDos Digital hygiene Malware Harassment Cybercrime

Check for available decryption tools

One of the biggest security problems and forms of cybercrime  today is ransomware .This form of malware encrypts files so that they cannot be accessed without a decryption key. The attackers then ask for payments in cryptocurrency to provide targets with the decryption key, usually within a short time frame to put more pressure on the targets. 

In case you are a target of ransomware, general advice is not to pay, as there is no guarantee you will indeed receive the correct decryption key. Payments also encourage further cybercrime attempts. You can try to find a decryption tool based on the type of ransomware. For example, No More Ransom is an initiative which provides citizens with free decryption tools for many forms of ransomware.

Encryption Malware Damage Access recovery

INSTITUTIONAL PROTECTION

Because harassment comes in many shapes and forms, it can be reported as a number of different criminal offenses. 

Sexual harassment (art. 182b of the Criminal code) explicitly mentions verbal forms of assaults, but necessitates the filing of a motion to initiate criminal proceedings with the Public prosecutor. In other words, you must inform the police and the Public prosecutor - a standard procedure - as well as file a motion to initiate the proceedings. 

ADVICE: File the motion. The courts are a crucial component of protection against harassment. 

Endangering safety, one of the many consequences of harassment, under art. 138 of the Criminal Code, provides another legal basis for protection. In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence needed for filing the criminal charges. This option is  especially relevant for (female) journalists.

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

Password Authentication Recovery account Digital hygiene Phone/Tablet Encryption Malware Location Report to platform Block user Safety Support Sexual Harassment Computer/Laptop Criminal charges

ALTERNATIVE PROTECTION

There is always an inherent risk that online harassment will transition to the physical world. For this reason, physical safety is a crucial precondition for any other form of meaningful protection. In terms of mental protection, sometimes it is helpful to take a break or minimize time spent on social media platforms, or those platforms of communication where you are targeted with harassment. Talking to friends, family, partners and colleagues about harassment can also be helpful in creating a system of support. 

Blocking  , filtering and reporting options on social media platforms can often serve as a helpful tool for documenting harassment. 

The DeleteMe tool can help find and remove your personal information from some websites. 

Reaching out for support professional associations and support groups is another method for dealing with harassment. 

Several investigative journalists and their networks track down perpetrators of online harassment by analysing their digital footprint. This has been an effective mechanism for not only the identification of perpetrators, but also exposing them and their crimes to public scrutiny. 

In Serbia, female journalists can find support through the initiative “Female Journalists against violence”, and dozens of other feminist organizations that offer services for individuals targeted with violence, including online.

 If you ever feel that the online violence you’re experiencing, might transition into the physical world, call the police → immediately. 

Password Authentication Recovery account Digital hygiene Phone/Tablet Encryption Malware Location Report to platform Block user Safety Support Sexual Harassment Computer/Laptop Criminal charges

THREATS

Endangering physical and emotional safety and wellbeing by calling for violence against a particular person or group of people, including threats of rape and other forms of gender-based violence.
 

Threat is a serious form of assault and one that should be urgently addressed to best prevent it from being realized in the physical world. Report each and every threat to the police and the public prosecutor. 

As threats often cause fear and insecurity, art. 138 of the Criminal Code - Endangering safety - provides a suitable legal basis for initiating mechanisms of protection. 

 In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence  needed for filing the criminal charges. This charge is especially relevant for (female) journalists, as this charge provides for a higher sanction. 

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

In addition to reporting threats to police and digital platforms, inform your employer and document them

If you can, protect your mental health by taking a break from social media platforms, especially those spaces that can cause additional stress or fear for your safety. Create a network of support to help take over some of the work documenting the threats. Again, prioritize your physical safety above all else and If you ever feel that the online violence you’re experiencing, might transition into the physical world, call the police → immediately! 

Digital evidence Password Authentication Recovery account Phone/Tablet Malware Report to platform Safety Sexual Harassment Journalists Fear Media Computer/Laptop Criminal charges