Oct 17 2022

How Can State and Local Governments Defend Against the Top 10 Types of Malware?

Hackers are evolving, but some advice on combatting cyberthreats is universal.

Malware is everywhere. Recent research has found that attacks against governments worldwide increased by 1,885 percent in 2021, and the Cybersecurity and Infrastructure Security Agency has highlighted ongoing threats to state facilities such as water and wastewater systems.

Add in the evolution of malware and Ransomware as a Service attacks, in which malicious actors create and sell attack kits to less skilled users, and it’s no surprise that security is a top priority for state and local agencies.

The challenge is translating this priority into practical protection. Here are the top 10 types of malware faced by state and local governments, as well as actionable advice to help mitigate the impact of each type of malware.

Click the banner below to gain customized content as an Insider.

What Are the Most Common Types of Malware?

While malware strains are constantly evolving as malicious actors look for new ways to compromise state systems and gain network access, 10 types remain common across the public sector.

1. Ransomware

Ransomware is designed to seek out and encrypt sensitive data. To regain data access, organizations must pay attackers a ransom, often in the form of bitcoin or other digital currency. For state agencies, the risk of malware is twofold. First, hackers in control of data put citizens’ privacy at risk. Second, even if governments pay the ransom, there’s no guarantee that attackers will decrypt the data.

2. Fileless Malware

Fileless malware doesn’t bring any files along for the ride; instead, cybercriminals compromise networks and make changes to native operating system files, which allows them to gain privileged system access.

3. Spyware

Spyware is designed to operate in the background by silently collecting data as users go about day-to-day tasks. Because spyware is naturally lightweight, it has little impact on system performance, making it easy to miss.

4. Adware

At first glance, adware is less damaging than many of its malware counterparts. While unwanted ads are annoying, they may not seem like a cause for concern. In reality, however, adware can act as a vehicle for infected website links and significantly impact system performance.

5. Trojans

Trojans — named for the wooden horse — are programs or pieces of code that appear legitimate. As a result, they’re more likely to sneak past security tools and make their way onto secure networks, at which point they go looking for valuable data.

6. Worms

While worms aren’t the first choice of many attackers, but they offer a slow-and-steady path to compromise. Once worms have made their way onto networks, they begin replicating, creating copy after copy and spreading across the entire system.

7. Rootkits

Rootkits create a persistent back door into user devices. While the rootkit causes minimal damage to systems, it provides ongoing visibility for attackers into agency networks and acts as a conduit for additional malware payloads.

8. Keyloggers

Keyloggers monitor user keystrokes, record the data, and send it back to attackers. These tools are often used in account compromise efforts: If attackers can record users entering their login details and passwords, they can leverage this data to gain account access.

9. Bots

Bot-based attacks are all about scale. By launching a host of attacks simultaneously, attackers can target multiple systems and potentially overwhelm network defenses.

10. Mobile Malware

Mobile malware infects mobile devices such as smartphones, tablets and even wearable technologies. Once installed, this malware can compromise applications on devices and potentially make the jump to secure networks if users connect their devices from home or while traveling.

How Can State and Local Agencies Mitigate Malware Attacks?

According to ISACA Board Director Rob Clyde, “The most important thing to realize is that it starts with how you’re protecting users at the endpoint.”

While most agencies now use robust anti-virus tools and solutions capable of detecting malicious behaviors, this is where many organizations stop, Clyde says. But malicious actors aren’t simply tossing out attacks to see what sticks; they’re testing new malware strains in sophisticated labs against existing endpoint security tools.

The result is that despite best efforts, some malware attacks will make it through. “The nature of attacks has changed,” Clyde says. “Many of these attackers are well paid by nation-states or organized crime. They have labs with all the newest security tools, and they can test attacks against new technologies. This is why we keep seeing novel attacks.”

With attacks constantly evolving, how can agencies mitigate the impact?

EXPLORE: The importance of an incident response plan.

Employee Training

First up is employee training. By teaching staff how to spot potentially problematic emails and avoid compromised websites, organizations can reduce their overall risk.

However, this approach takes security only so far. “While it’s worthwhile to tell staff to be cautious, the reality is that these are humans, and attacks are now so sophisticated that if we put our faith in humans, it will never work,” Clyde says. People will never be 100 percent accurate at detecting attacks, and all it takes is one.”

Operation Isolation

But it’s not all bad news. Clyde points to the use of new solutions such as browser isolation — also known as “pixel pushing” — which can provide users the access they need without compromising security.

“When the user is browsing, the session happens on a separate system,” Clyde says. “A camera is recording the display, and the interactive stream of video is then sent to users. As a result, the only thing being transferred is pixels. Even if code gets into the browser system, it can’t get into secure networks.”

It’s a low-tech solution to a high-tech problem. By using cameras to stream browser data directly to a user’s device, there’s no risk to the network at large. Even if attackers manage to break through existing defenses, they only gain access to an isolated device that offers no way back to critical infrastructure.

DISCOVER: The pros and cons of cybersecurity insurance for municipalities.

Break It Till You Make It

When it comes to deploying solutions that secure state networks against evolving malware attacks, Clyde offers two pieces of advice. First is that organizations shouldn’t rely on “security by obscurity.” While this offers some protection against evolving threats, if attackers can remove the obfuscation of protected data, there’s no second line of defense.

Next is the recognition that attacks will eventually get through. As a result, agencies need solutions that offer solid security but don’t create more opportunities for compromise if they’re breached. “You don’t want things that can’t be broken,” Clyde says. “You want things that, when they inevitably break, it doesn’t matter.”

gorodenkoff/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.