What is meant by “malware”?
The word “malware” refers to any type of malicious computer program that is installed and executed through computer software or mobile applications. There are two types: viruses (whose main function is to damage the device or information) and ransomware (whose main function is to collect data, manipulate information or encrypt it to make it inaccessible).
How does “malware” infect our devices?
Cybercriminals use different methods to get programs onto computers and execute them. Most commonly, they do it with an attachment in a fraudulent email (for example, making the user believe that it is an invoice); taking advantage of a breach in the programs we have installed or the browser we use; through infected USBs; with programs that we download for free from unreliable websites, or through fraudulent applications.
Thus, cybercriminals use “malware” primarily to:
- Hijacking equipment or system data. One of the most active malware is ransomware that blocks access to the computer. In order to be able to use it again or give us access to the files, cybercriminals usually ask for a “ransom” to be paid.
- Introduce the device into a botnet (botnet). A botnet is a group of infected devices (also known as bots or zombies), which are remotely controlled by cybercriminals. Any of our equipment with an Internet connection can be part of a botnet: computers, servers, routers, etc.
- Stealing information. It can be any type of information: username and password for services (email, social networks, online banking, etc.), email address book, confidential company information (projects, documentation, financial offers or lists of suppliers and customers), etc.
How can we avoid it? Pay attention and don’t fall into their traps!
- Do not open suspicious emails, access their links or download files that can infect your devices.
- Do not download from unreliable websites.
- Check the URLs of the websites you access, in case you are redirected to malicious pages.
- If any website, which you normally access, asks you to perform any unusual action, do not do it.
- Change your passwords periodically.
- Find out about the security alerts that are published on cybersecurity websites and blogs.
IMPORTANT NOTE:
- If, despite complying with all these measures, you encounter situations that do not comply with the required security level or those established in internal policies, do not hesitate to communicate it to your line manager, the Security Manager, security personnel and/or the IT department, depending on the type of suspicion.
- If it happens to you on a personal level, report it directly to the police authorities, so that they can give you appropriate advice and conduct an investigation.