What Are the Top Ways Malware Gets Spread? 

Malicious bad actors such as black hat hackers, criminals or organized crime groups gets their way by infecting targets with Malware.

One of their strongest ways is to infect a target system with Malware. This way they will gain full access to a remote system.

When they have obtained full access they can use this to blackmail customers.  

The Top Ways Malware gets spread

  1. Email Attachments via Email.
  2. Phishing Emails tricks the user to clicking malicious toxic links.
  3. Google / Bing Ads or other paid advertise.
  4. Youtube or other video sites that trick the user to click a link.
  5. Telegram / WhatsAPP / Messenger groups, channels messages from bots or malicious users sending attachments or tricking the user clicking a link.
  6. LinkedIN.
  7. Github.Maclicious
  8. Pastebin etc.
  9. Filesharing services such as P2P Torrent.
  10. Hacking forums.
  11. Compromised malicious websites that spread malware when visiting them.
  12. Social Engineering. An attacker can call or trick a user to perform actions to install malware.
  13. Downloading software from untrusted websites.
  14. USB drives or other media. An attacker can visit a location and drop USB drives hoping someone will find and connect it.
  15. Exploiting Software Vulnerabilities. Unpatched systems gets breached by bots that installs malware.
  16. Network Shares. 
  17. Fake Security Software. Fake software that claims to fix a security issue or fake Anti Virus.
  18. Botnets. An attacker can use a botnet to inject malware on a large scale to vulnerable targets.
  19. Connecting to insecure WiFi Networks and can be subjected by man in the middle attacks.
  20. Malicious Macros in Office documents such as a Word or Excel files.

 

How to Guard Against Malware and Avoid Getting Infected

What are the top advice to follow to prevent your devices or systems getting infected by Malware?

Always apply critical thinking. Always always questions to your self if a given thing is a good idea.

If someone try to get you to do something again evaluate with your self if anyone can benefit from it.

If you are not sure about a specific topic it is always better wait to take action think about it another time.

Search about the topic and wait to take action. 

  1. Always use strong unique passwords with Two Factor Authentication (2FA) or Multi Factor Authentication (MFA)
  2. Keep all your operating system, browsers and software up to date.
  3. Only install trusted reliable Security Products.
  4. Always be careful when clicking any links or open any attachment in an email. 
  5. Always use email security filtering before open any attachments or clicking any links.
  6. Only download software from trusted sources.
  7. Enable strong Firewalls. Block traffic from undesired countries, block toxic IPs, block exploits.
  8. Only use Public WiFi when having a VPN enabled.
  9. Do weekly backups of everything so you can easily restore your data without paying a ransom.
  10. Disable Macros in Office documents such as Word and Excel.
  11. Never give out sensitive information to prevent social engineering attacks. Example if someone call on the phone never give any sensitive information.
  12. Perform Vulnerability Scanning of your local and public IPs and patch all your vulnerabilities.
  13. Monitor your accounts check there no unauthorized logins or transactions.
  14. Scan any removable USB drive before connecting it.
  15. If you are not sure about a specific item consult a security professional before taking action.