-
Woman typing on laptop

What is malware and how to prevent malicious attacks on your organisation

What is malware?

‘Malware’, short for ‘malicious software’, is used by criminals to disrupt computer operations and access confidential information.

Malware can be installed into your computer or your mobile device through clicking a link in an email or text message, opening an attachment to an email, or by downloading software from a malicious source.

Many people assume that their IT Department’s systems will offer malware prevention, but it’s very important that everyone in an organisation is aware of the risks.

Types of malware

Malware can be categorised into two forms: Ransomware and Trojans.

Ransomware

Ransomware enables a fraudster to gain control of your system in order to encrypt your files, demanding a fee to unlock them. Without the decryption code, it is very unlikely that you will be able to access your files again.

Though in many cases the criminals will restore files when the ransom is paid, there is no guarantee this will be the case. Hackers have been known to share stolen private customer information free of charge on the web in order to punish a company for not paying their proposed ransom.

In the case of the US software supplier Kaseya^ (a company which provides software tools to IT outsourcing shops), their own systems were used to infiltrate across its supply chain which meant that up to 1,500 businesses were affected by the ransomware attack.

Trojans

Trojan programs are a type of malware that enter your computer or mobile device on the back of other software. They act as back doors to the computer, mobile phone or tablet, granting a fraudster remote access.

Once inside your device, a Trojan can give a stranger access to your personal details by taking screenshots or capturing keystrokes.

When logging into online banking websites or banking apps, an unexpected screen might appear, delaying you or asking you to repeatedly input data. While you are delayed by these, a fraudster could be setting up another payment elsewhere, waiting for you to unwittingly authorise it by inputting your PIN and/or other security details.

Trojans remain passive when not in use, making them hard to detect. Firewalls and anti-virus software help to defend against Trojans, but can’t guarantee your protection.

You should always be cautious of ‘pop-ups’ on your screen requesting that you put your card into the reader, input your PIN or other security information, or allow a download.

Ransomware – A rising risk

Ransomware is a particularly difficult type of cyber attack to handle, as many of the ways of countering the attack are actually counterproductive.

Companies are increasingly taking out cyber extortion insurance, which is in effect providing ransomware operators with a guaranteed source of income.

Cyber Intelligence at Barclays report that they have seen criminals try to obtain information about the value and extent of companies’ cyber insurance policy so that they know how much of a ransom to ask for.

As a result, companies should do everything they can to ensure the best controls are in place in order to avoid falling victim to a ransomware attack.

What’s behind it?

  • Changes to the way businesses operate following the Covid-19 pandemic
  • Uptake in Cryptocurrencies
  • Highly profitable for criminal groups
  • Paying the ransom feeds a vicious cycle
  • Attacks have become more sophisticated.

Online and mobile banking – dos and don’ts

Attackers will often try to target you when making payments or accessing online banking services via your PC or mobile device.

Take a look at some of our tips to help protect your online transactions:

Do

  • Select dual approval for making transactions, using two separate machines for setting up this authorisation wherever possible
  • Abandon your banking session and tell Barclays at once if you notice anything unusual on your online or mobile banking screens
  • Be wary about pop-ups for PINsentry resets when logging into online or mobile banking (your PINsentry will never need updating or resetting).

Don't

  • Enter any personal or security information on a site accessed through a link in an email or text message
  • Leave a smart card in the reader connected to your computer
  • Remake payments to alternative account details if asked to do so
  • Enter your PIN in order to allow a download
  • Re-enter your PIN at login or while making a payment.

How can I protect my business against malware?

A checklist:

  • Keep your firewalls and security software updated, setting updates to auto where possible
  • Install the latest updates for your internet browser and operating system. Update mobile devices to the latest operating system to ensure the most current security settings are maintained, and consider using antivirus protection
  • Only download files and software from trustworthy sources. Ensure there is a positive review history for any apps you intend to download, and avoid downloading outside Google Store or The App Store
  • Review the permissions required by apps before downloading
  • Be cautious of emails or texts which ask you to follow a website link or open an attachment. Emails and texts containing malware tend to have some urgency to them, pressuring the receiver into clicking a link in order to avoid adverse consequences
  • Use complex passwords and multi-factor authentication to make it more difficult for criminals to gain access to your accounts
  • Run regular security scans on your devices. It’s important to check that this is functioning as expected, and the data can be accessed when required. Ensure you keep your important files backed up, stored off your network
  • Assess the security of your supply chain as supply chains can expose weaknesses in your business
  • Monitor valuable business assets, ensuring they are well protected
  • Keep employees educated on how to identify phishing emails and texts, and ensure they are aware of the initial steps to take in the event of a ransomware attack, and where to go to report fraud and scams
  • Test and rehearse your disaster recovery to ensure your business is prepared for an attack.

What should I do if my systems are infected?

If your computer or mobile device does get infected, disconnect from the network straight away and seek professional assistance. The NCSC (National Cyber Security Centre) provides step-by-step guides with advice on how to remove malware.

Files encrypted by most ransomware typically have no way of being decrypted by anyone other than the attacker, but the following steps may also limit the impact:

  1. Immediately pull out the network cable or disconnect from Wi-Fi and Bluetooth to avoid the spread of the ransomware infection. Do not shut down your computer
  2. Report the incident to the NCSC^ and Action Fraud^
  3. Preserve any evidence seeking advice from the NCSC and/or Action Fraud in coordination with the authorities investigating the attack
  4. When safe to do so, reset credentials, including passwords, but ensure not to lock yourself out of systems that are needed for recovery.

The No More Ransom Project^ provides a collection of decryption tools and other resources from the main anti-malware vendors which may help.

Read related insights

Insights

Fraud Protection

Fraudsters are working as hard as you are. Our content can help you stay ahead of them.

insights

Cyber Fraud Toolkit

What are the key cyber fraud threats your business may face today, and how can you mitigate those risks?

insights

Always check before making a payment

Barclays Corporate support: Stop fraudsters from trying to trick you into sending them money, always remember to check any new payment requests.

insights

Combatting the rising risk of ransomware

Ransomware attacks are growing in the UK. To foil the cyber criminals, British businesses need to invest in resilience, cyber education and training.