No computer or system can risk being unprotected from cybercriminals. The days when bank robbers put on a mask and demanded money from bank tellers are becoming a thing of the past. Malware now is a common weapon of choice for today’s criminals. They can just sit back and let their malicious code do the dirty work. Malware protection, detection and analysis have become routine reality for the cybersecurity industry. Cybersecurity professionals must be well acquainted with malware as an ever lurking threat. Cybersecurity education programs include malware curriculum in their program and some even offer the ability to specialize in malware analysis such Utica College’s MS Cybersecurity program. Several key elements of malware will be discussed below.
What is Malware?
Malware simply is any outside code unknowingly added to a computer or network that is not supposed to be there. This does not include the cookies enabled when browsing the web. Some experts code their definition to include negative intent of outside code, however there is no positive intent when outside forces covertly infiltrate another device or network. It’s not as if Publishers Clearinghouse sneaks into an unsuspecting winner’s computer to announce a newfound fortune. Cybercriminals go to great lengths secretly to invade digital space. Some of the common types of malware include viruses, trojan horses, worms, keyloggers, rootkits, adware, spyware, and ransomware (3).
There are two main types of testing utilized for detecting and dismantling malware: static testing and dynamic testing. Static Testing involves identifying malware, but not executing the code it contains. This is ideal for quick containment, however it is not always possible. One of the steps involved in static analysis is to use a string based program or tool that identifies strings of code on detected malware (2). Dynamic testing would come in if the strings detected are masked, as the code would then have to be executed in order to be dismantled and removed. Dynamic testing may also be the method of choice in order to study the code. The information gained from such testing can help professionals guard and fortify their systems and students to gain a more complete understanding.
Another type is called post-mortem analysis. This can also be an effective tool, however as the name suggests post-mortem analysis is observing the aftermath of malware. Ideally, Malware would be identified and isolated before it can have a major impact, but this is not always the case. There is still useful information to be gained from observing the aftereffects of malware, though time is of the essence as the data may quickly deteriorate due to routine processes of the system (4).
Simple Step, Big Impact:
Preparation is sometimes one of the best defenses. This is definitely the case in the war against malware. Most malware takes advantage of vulnerabilities in code (3). One major reason updates to software are released is to patch discovered vulnerabilities. Updating software programs as soon as they become available is important to keep malware’s potential to a minimum. The simple step of being vigilant with updates is critical to malware defense and can save a tremendous amount of time and resources.
Malware isn’t going to relinquish its crown as the preferred tool of cybercriminals anytime soon. It is only going to become more cloaked and complex. This requires cybersecurity professionals to be relentless in their quest for knowledge, techniques, and tools. Malware detection and analysis are firmly entrenched as fundamental parts of the cybersecurity industry and its educational programs.