Malware Injection & Image Phishing
Malware, which was mentioned in the subdomain portion of last week’s blog, is the collective name for a number of malicious software variants. These software variants included in malware injections can contain viruses, ransomware, and spyware. Injecting malware into a system or network through emails is a very common form of phishing.
A Malware Injection, or Malware Attack is typically attackers hijacking a user’s computer or an online session, stealing a user’s confidential data, conducting fraudulent activities, and launching a DDoS attack, or a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.
According to the Verizon data breach report and malware statistics available online, 95% of all malware attacks occur through email. The most commonly used method of attack is through phishing, a cyber attack that exploits the receivers’ lack of knowledge and/or attention to trick them into thinking they are receiving the email from someone else, typically a bank or someone requesting a payment.
There are several types of Malware Injection users need to become aware of:
This kind of malware attack creates digital backdoors for attackers to hack into your computer without your knowledge. Attackers, in this instance, are capable of stealing your personal information – such as SSN and/or your private files – business details, or making your computer to stop working permanently. Attackers may use said hacked device as a proxy to conceal their identity or send out spam for a mass phishing attack.
These include a malicious set of code used to breach into a device to fetch confidential data. Most commonly, a virus is attached with .exe files to infect your computer or laptop. As soon as you open a malicious .exe file, your machine will get corrupted.
Similar to a virus, worms have a way to affect the computer by replicating themselves. This is one of THE most dangerous types of phishing that is involved in malware. Worms do not need any human intervention to make their copies! They also use the system’s vulnerabilities to transmit from one device to another, making them more dangerous than a typical virus attack.
Ransomware encrypts your computer files to lock them and keep them as hostage until you pay a fee for its decryption code.
Considering how many cyber attacks occur per day, some of the affected users are guaranteed to pay for the stolen data. Even though most users give up on the stolen data, 4% still choose to pay the ransom to get their data back or their devices unlocked. Experts suggest that the most common reason why people pay up is the shame they felt, rather than the need for data recovery.
Spyware is a type of malware that monitors the actions of the victim over a time period. This enables hackers to create long-term profits for themselves.
The Types of Spyware used for various types of Phishing are:
- System spy
The best option, in order to prevent a malware injection or phishing attack, is to use an updated anti-malware and antivirus. Also, an up-to-date browser works well as an extra security layer.
Image Phishing occurs like any other phishing attack, through an email. However, during image phishing an attacker uses a medium such as images and other media formats to deliver batch files and viruses.
There are two ways in which an attacker can accomplish embedding a phishing image in an email:
1. Linking an image directly to the URL and sending it to the victim as a mass email attack.
2. Using an encoded image (.jpeg) to other media like song (.mp3), video (.mp4), GIF files (.gif). When the victim downloads the image s/he downloads the batch file – or virus, thereby infecting the computer or phone.
Ways in which to suggest image phishing from happening can include not downloading images from unknown sources, not opening the images in an incognito window, using an antivirus or anti-malware in your email service, in addition to using a backup solution to avoid losing data. Beware if you are receiving emails containing images according to your interest, it may be an email that contains an image holding a virus, or malware!
Read More Entries In Our Phishing For Awareness Series
- PFA: Pop-up messages, email spoofing & URL Phishing Attacks
- PFA: Business Email Compromise Schemes and Website Spoofing
- PFA: Impersonation and Social Media
- PFA: Spear Phishing & Subdomain Attacks
- PFA: Malware Injection & Image Phishing
- PFA: Clone, Man-in-the-Middle & Search Engine Phishing Attacks
- PFA: Advanced Phishing Tactics
- PFA: 3 More Advanced Phishing Tactics
Corporate Information Technologies provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.
Don’t Gamble With Your Security Contact us