While ransomware may get the bulk of the press attention when it comes to cybersecurity, it’s not the only malicious software game in town. Other types of malware can also cause businesses harm, and the chance that a company will come into contact with one of them, or fall victim to an infection, is higher than ever. Malware threats can arrive through a variety of sources including SMS, social media, and chat but the most likely way that a company’s employees will come into contact with malware is through a phishing email and that is not good news for businesses.

Both phishing email volume and malware attack volume ballooned in 2021, with no end to that growth in sight. The UK Information Commissioner’s Office (ICO) recently announced that it recorded a staggering volume of email attacks in 2021 amounting to a 2,650% surge in phishing. ICO detailed the significant growth noting that they counted 150,317 phishing attacks in January 2021, which dramatically increased to a startling 4,135,075 in December 2021, demonstrating that increase. The bulk of those email attacks were spam, with a 2,775% increase in malicious spam noted between January and December 2021. Phishing messages made up the second-largest set, climbing 20% between January and December 2021 with a notable surge toward the end of the year.

But a hefty chunk of those phishing attacks contained malware. ICO recorded a 423% increase in malware attacks in 2021. The malware problem that companies face has been a steadily growing issue, with an 87% increase in malware infections recorded over the last decade. While a respectable amount of that increase can be chalked up to the rise of ransomware, other types of malware also played a role. Ten years ago, the number of detected malware types stood at 28.84 million. By 2020, that number had ballooned to nearly 678 million varieties and that total is still rising.

What the Heck is Malware Anyway?

“Malware” is a term spawned from a mashup of “malicious software”. That’s what malware is; malicious software that enters an environment or machine and forces unwelcome changes to the way those things operate. Ransomware is a flavor of malware, but not all malware is ransomware. Malware hews to one of three general formats based on how the malicious software does its dirty work. While these three types do not categorize all malware, most of it fits in one of these boxes:

• Trojans are the most common variety of malware that IT teams will encounter accounting for more than 50% of all infections. This type of malware masquerades as harmless software and can initiate a variety of attacks on systems. Some trojans are aided by human action while others function without user intervention.
• Viruses are the second most common species of malware, responsible for a little over 10% of total malware infections. Similar to a real-life virus, this type of malware attaches itself to benign files on a computer and then replicates, spreading itself and infecting other files.
• Worms are another type of malware behind about 10% of malware attacks. A worm is a standalone piece of malicious software that reproduces itself and spreads from computer to computer. Worms are designed to exploit operating system vulnerabilities.

Malware is constantly evolving as it floats around, with certain strains going in and out of fashion based on their effectiveness. It’s pretty easy for cybercriminals to access malware cheaply or for free on the dark web or pay someone to spread it through a phishing campaign for them. That’s what major ransomware groups are doing with their affiliates; supplying a variety of malware, getting other people to run the operations for them and collecting a chunk of the profits from a successful hit.

Source: ID Agent