What Is Malware?

Why Is Malware Protection Important?

With the increased use of cloud apps and services and the explosion of remote work, the threat of a malware infection is too great to ignore. The Zscaler cloud blocks tens of millions of advanced threats per day, and Zscaler Global Threat Insights show that various forms of malware dominate the top 10 threat types.

Malware protection is a cybersecurity essential as organizations across all verticals host more of their data online and remote access and mobile device/personal computer use become the norm. It will shield you from the latest social engineering attacks and ensure your defenses evolve to match the attackers.

Why Do Cybercriminals Use Malware?

Threat actors use malware because it’s easy to deploy once they discover a vulnerability in a system’s defenses. Quite often, that vulnerability is the human element—many internet users are easily deceived, especially when viewing content they believe to be from a trusted source, such as an email.

Depending on the attacker’s specific goals, malware can:

• Trick users into handing over sensitive data
• Install spyware to monitor activity on an endpoint
• Install ransomware to lock systems or data until a ransom is paid
• Steal sensitive information from a system
• Gain access to financial information such as credit card numbers
• Install adware to bombard users with pop-up ads
• Install malicious software to disrupt, slow down, or damage computer systems

To accomplish all this, there are many different varieties of malware. Let’s take a closer look at some of the common types.

Types of Malware

The most common types of malware infections are:

• Ransomware: Malware that encrypts data and demands payment, usually in cryptocurrency, before providing a decryption key. A subvariety, double extortion ransomware attacks, steals the data in addition to encrypting it, gaining leverage to demand additional ransom, usually paid through bitcoin.
• Botnets: A large number of “bot” systems—infected computers remotely controlled by threat actors—can be used for various purposes, such as rapidly spreading malware or performing denial of service attacks.
• Fileless malware: Unlike most malware, fileless malware does not require users to download files. Instead, it uses legitimate tools in a malicious fashion to carry out an attack, such as by embedding malicious code in an operating system.
• Computer viruses: With the ability to replicate themselves, viruses can spread quickly across hosts on a network and corrupt or delete data, which can affect the stability of applications or even whole systems.
• Trojan horse: Criminals can piggyback malicious code within legitimate software or files, such as by disguising it inside an update, hiding it in a document, or through a scam such as malvertising which subsequently runs when the file or program is used.
• Rootkits: These malicious software tools can give hackers access to and control over a device. Most rootkits affect software and operating systems, but some can also infect hardware and firmware.
• Spyware: Threat actors can use spyware to covertly gather information about the activity on an endpoint, such as keystrokes (through the use of keyloggers), login details, website visits, and more.
• Adware: Although it’s not always malicious, adware displays advertisements to encourage views and clicks that generate revenue. Invasive adware can harm user experience and affect system performance.

Most, if not all, of these types of malware are advanced enough to where they can easily avoid legacy antivirus software that many endpoints devices have installed today.

How to Know If You’re Infected with Malware

Systems that have been infected with malware exhibit some common symptoms. Look out for:

• Slow or faulty system operation: Malware attacks tend to use extra system resources and create process conflicts, so if a computer is running or booting up more slowly than normal, or frequently freezing or crashing, it may be a sign of malware infection.
• Unwanted pop-up ads or security alerts: Many computer systems and browsers automatically block pop-up ads. If a system is getting bogged down with ads, it could indicate a malware infection tampering with the blocking protocols.
• Ransom demands: If a system is infected with ransomware, some or all files may be encrypted, with access to be restored only after a ransom payment. You may get a pop-up instructing you in how to make the payment.

What’s the Best Way to Protect Your Network Against Malware?

In addition to using trusted anti-malware and security software to protect computer systems, here are some best practices to consider:

• Apply updates as directed by IT: Software providers regularly offer updates to protect against malicious code, but they're not always secure. They might introduce a new vulnerability, contain a trojan, and so on—so it’s best to install updates based on IT's recommendations.
• Educate your staff: Practicing good cyber hygiene online goes a long way against malware. Make sure your staff know the basics, such as how to spot phishing emails, malicious pop ups, and suspicious software. This gives bad actors the smallest window of opportunity to attack.
• Rely on secure encrypted connections: Encrypt as much information as possible, both in transit and at rest, and ensure users only connect via secure tunnels.
• Leverage advanced endpoint security: If your workforce requires remote access or uses personal devices not under IT control for work, make sure all endpoints connecting into your system are secured and monitored.
• Use multifactor authentication: To better prevent unauthorized access, set up multifactor authentication to add further levels of verification when users request access to sensitive systems or data.
• Implement zero trust security: With zero trust security, anyone—no matter who they are, what they’re accessing, or where they’re connecting—is treated as a potential threat until they can prove otherwise.

Advanced Malware Protection (AMP)

The security marketplace is full of anti-malware solutions, and organizations worldwide spend millions on them each year—yet the breaches continue. From a lack of full traffic visibility to fundamentally ineffective passthrough inspection architectures, traditional malware protection just doesn’t work the way it needs to in today’s threat landscape.

What’s more, advanced malware is capable of penetrating tougher defenses, such as those on Apple iOS, Android devices, or Microsoft, to deploy executable files that facilitate data breaches, distributed denial of service (DDoS) attacks, cryptojacking, and more. This makes it all the more important to have AMP in your security stack.

At a glance, legacy approaches fall short when it comes to:

• Inspecting all traffic: Passthrough architectures like next-generation firewalls only perform packet-level inspection; they can’t inspect full content from start to finish.
• Performing at scale: Physical appliances and their virtualized counterparts have limited processing power, which can leave you exposed, especially when encrypted traffic demands massive compute.
• Stopping unknown malware: Legacy threat isolation solutions don’t operate inline, which means threats can’t be blocked—they can only be flagged after a compromise occurs, when it may be too late.
• Protecting off-network users: When users drop off the traditional network and VPN, your IT and security teams lose any ability to enforce policy and security controls.

Implementing the latest holistic threat protection gives your organization the best chance to repel malware and keep your network, endpoints, and data secure. To make this happen, you need security solutions built in the cloud, for the cloud, with a worldwide footprint that shares new protection instantly, anywhere. You need Zscaler Advanced Threat Protection.

How Does Zscaler Protect Against Malware?

Zscaler Advanced Threat Protection delivers always-on, airtight protection against zero-day threats and unknown malware. Built on a cloud native proxy architecture, the Zscaler security cloud inspects every packet from every user, on- or off-network, from start to finish, with unlimited capacity even for TLS/SSL-encrypted traffic.

With an integrated suite of security services across Cloud Sandbox, Cloud IPS, machine learning, and threat intelligence, you’ll close security gaps and reduce risks that result from other security solutions’ shortcomings, gaining the advantages of:

• Full inline prevention: An inline proxy architecture is the only reliable way to quarantine and block suspicious content and attacks.
• Inline sandboxing and ML: Zscaler Cloud Sandbox uses advanced ML-powered analysis to quickly stop threats at any stage of the attack.
• Always-on TLS/SSL inspection: Infinite inspection of encrypted traffic, distributed across a global platform of 150+ data centers, follows users wherever they go.
• The Zscaler cloud: Leveraging threat data from the world’s largest security cloud, Zscaler shares threat protections cloud-wide in real time.

Zscaler is proud to be named a Leader in the Gartner 2022 Magic Quadrant for Security Service Edge (SSE). Gartner evaluates vendors based on their ability to execute and rated Zscaler as the vendor with the highest ability out of 11 separate companies.