Expanded Definition: Malware
What is malware?
Malware is a broad term that covers many different types of malicious software that can be installed on devices. When threat actors try to get malware installed on an endpoint—such as a laptop, desktop computer, or mobile phone—they’re doing it with the intention to harm, extort, or scare the organization.
Malware is on the rise. In Q2 2020, the McAfee Labs Threats Report found a 12% increase in the number of threats per minute (419, to be precise) compared to Q1. And malware was used as the means of attack in 35% of cases that were shared publicly.
Oftentimes, malware makes it around IT defenses via user error or out-of-policy behaviors, such as:
- Responding to a phishing email
- Downloading files from untrusted contacts
- Clicking on malicious links
Once a piece of malware is installed, it starts its work. Depending on the type of software, it may exfiltrate valuable data, lock down the computer for ransom (see ransomware), scare the user into doing something, or quietly spy on the machine for monetary or other purposes.
Common types of malware
Some of the most common types of malware that managed service providers (MSPs) will encounter are targeted at endpoints such as laptops, desktop computers, and mobile devices.
Ransomware is a form of malicious software that, once installed on an endpoint, locks down the system until the user pays a ransom to have it released. When threat actors use ransomware, they sometimes encrypt the files, so the content of the computer becomes unreadable. Beyond encrypting the data, it is also becoming more common for bad actors to exfiltrate data—stealing it from corporate systems—in order to increase the chances that targets will pay the ransom.
Ransomware is a growing problem; per the 2020 Sophos State of Ransomware report, 51% of companies said they’d experienced a ransomware attack in the last year.
The definition of spyware can be broad. Some spyware is actually installed by legitimate software vendors, for example, with the intent of monitoring user activity for more benign purposes like serving ads. For the purposes of the ConnectWise Cybersecurity Glossary, we’re defining it purely in its malicious sense: software installed to spy on an organization or user with harmful intent. With spyware, hackers can monitor the activities of a user without being noticed and steal sensitive information, such as corporate or personal details.
If the name “trojan” conjures visions of the ancient city of Troy and a wooden horse, then you’ve understood the origins of the term.
Trojans are pieces of software that masquerade as something harmless or even helpful. But, in reality, the software is performing harmful behaviors, such as stealing data. These pieces of malware are localized, meaning that they don’t spread from computer to computer (like a virus does).
Today, many trojans take the form of crypto ransomware—once they’ve sneaked into a system under the guise of something else, they encrypt or exfiltrate data and demand a ransom.
Last but not least, viruses are one of the most well-known pieces of malware. Most MSP clients will probably have heard of computer viruses and antivirus software. Viruses make their way onto computers through infected files, and then—like their biological counterparts—the viruses replicate and spread. When this happens, entire networks can fall victim.
These are just a few examples of malware. There are many, many more forms of malware out there. However, in all cases, the intent is the same: to damage the target and/or extract some monetary gain.
The MSP role in defending against malware
As a trusted IT partner, MSPs are often the frontline defense against malware for small to midsize businesses (SMBs) and other organizations. MSPs provide the technology and knowledge necessary to keep IT systems updated, and they do the actual work of ensuring that organizations are using the right tools—such as firewalls and antivirus—to catch or remove malware.
Malware can be installed in many different ways. That’s why MSPs are so critical in providing frontline defense. Some of the core ways that MSPs support cybersecurity and lower the risk of malware include the following.
Hackers target endpoints 24/7. That’s why strong endpoint management is an important service. Good endpoint management will include:
- Controls to prevent unknown software applications from installing
- Ongoing scanning for every file to catch any infected items
- Health reports on a device’s performance
- And more
By monitoring and managing a client’s endpoints closely, MSPs can shore up defenses and limit some of the ways that attackers might try to install malware.
From household names like Microsoft 365 to third-party vendors, legitimate software is unfortunately a common vector for malware. Hackers can take advantage of vulnerabilities in older versions to install malware.
The best way to prevent this from happening is software patching. With patch management, MSPs ensure their clients are always running the most current versions of software. And with automation, MSPs can automatically update machines—removing the risk of human error and saving technicians time.
Even before the rise in remote work due to coronavirus, MSPs were servicing clients at a distance with remote monitoring technology. Tools like remote monitoring and management (RMM) software enable MSPs to keep a close eye on all their clients’ many endpoints, often from a birds-eye dashboard.
By monitoring systems remotely, MSPs don’t have to wait until a user brings a machine to them for a tuneup—they can catch any suspicious device or network activity from afar, and then send in help.
Security Operations Center (SOC)
As noted, security is a 24/7 job. MSPs can offer clients additional security with an expertly-staffed security operations center (SOC). Working day and night, the SOC ensures that cybersecurity threats are dealt with quickly and fully. This is crucial, since all it takes is a moment’s weakness for a hacker to slip through. A SOC can also help prevent issues before they can take root by generating ongoing research, hunting for threats, and applying best practices and removing vulnerabilities before they can be exploited.
Of course, creating and properly staffing a SOC can be expensive (as much as $2.3M, according to our calculations!), which is why many MSPs may choose to partner or outsource this function. Regardless, when paired with an RMM solution and ongoing MSP support, a SOC is a powerful defense against cybersecurity threats.
Did you know?
Between Q1 and Q2 2020, the number of malware threats happening every minute increased by 12%.
Cybersecurity is a major area of growth for MSPs.
Learn how to expand your business’ cybersecurity offerings in this ebook, including information on how to discuss cybersecurity with clients and how to price your services.
Ransomware represents a serious threat to MSP clients, and the number of incidents is only rising.
Watch this expert webinar to learn more about ransomware, what’s changing with this method of attack, and how MSPs can prepare.
Want to get started selling cybersecurity? We’ve put together a kit to help. Download the kit today for helpful resources that will transform your business from an MSP to an MSP+ model, including educational information for your SMB customers, templates, and more.
How secure are your SMB clients? Chances are, they may not fully understand their risks and exposures. Use this 30-item checklist to start the conversation around cybersecurity, help them understand the cybersecurity landscape, and assess their security postures.
SMBs are not immune from cybersecurity risks—quite the contrary. Our 2020 survey of 700 SMB decision makers uncovered interesting findings about how these businesses are thinking about cybersecurity, their spending plans, and what motivates them when it comes to security.