So what are the different types of Computer threats and how do they work?
Virus
A computer virus is a piece of software that can ‘infect’ a computer, install itself, and copy itself to other computers, without the user’s knowledge or permission. It usually attaches itself to other computer programs, datafile, or the boot sector of a Hard drive.
Malware
Malware is short for malicious software. Malware is the name that is given to any type of software that could harm a computer system, interfere with and gather a user’s data, or make the computer perform actions without the owner’s knowledge or permission.
Trojan horse
A type of malware that uses malicious code to install software that seems ok, but is hidden to create back doors into a system. This typically causes the loss or theft of data from an external source.
Worm
Unlike a virus, a worm is a standalone piece of malicious software that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security flaws in the target system to allow access.
Spyware
Spyware is software that aids in gathering information about a person or organization without their knowledge. Spyware can monitor and log the activity that is performed on a target system, like logging keystrokes or gather credit card and other information.
Adware
Adware is software that can automatically cause pop-up and banner adverts to be displayed to generate revenue for its author or publisher. A lot of freeware uses Adware but not always in a malicious way. If it was malicious, it would then be classed as spyware or malware.
Scareware
Included into the class of malware known as Rogueware, this comprises several classes of ransomware or scam software with malicious payloads, usually of limited or no benefit, that are sold to consumers via certain unethical marketing practices. The selling approach uses social engineering to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user. Some forms of spyware and adware also use scareware tactics.
A tactic frequently used by criminals involves convincing users that a virus has infected their computer, then suggesting that they download (and pay for) fake antivirus software to remove it. Usually the virus is entirely fictional and the software is non-functional or malware itself.
Ransomware
This is the latest and probably most vicious class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware (usually in cryptocurrency) in order for the restriction to be removed. Some forms of ransomware encrypt files on the system’s hard drive (cryptoviral extortion), while some may simply lock the system and display messages intended to coax the user into paying.
A brief history of Ransomware
The first documented and purported example of ransomware was the 1989 AIDS Trojan, also known as PS Cyborg1. Harvard-trained evolutionary biologist Joseph L. Popp sent 20,000 infected diskettes labeled “AIDS Information – Introductory Diskettes” to attendees of the World Health Organization’s international AIDS conference.
But after 90 reboots, the Trojan hid directories and encrypted the names of the files on the customer’s computer. To regain access, the user would have to send $189 to PC Cyborg Corp. at a post office box in Panama. Dr. Popp was eventually caught but never tried for his scheme as he was declared unfit to stand trial. His attorney said he began wearing a cardboard box on his head to protect himself from radiation2.
Fast Forward to the Internet Age
With the Internet making it easier to carry out Popp’s ransom idea, cyber criminals began to realize that they could monetize ransomware on a far wider scale.
In 2006, criminal organizations began using more effective asymmetric RSA encryption.
The Archiveus Trojan3 encrypted everything in the My Documents directory and required victims to purchase items from an online pharmacy to receive the 30-digit password.
The GPcode4, an encryption Trojan, which initially spread via an email attachment purporting to be a job application, used a 660-bit RSA public key. Two years later, a variant (GPcode.AK) used a 1024-bit RSA key.
Starting 2011, ransomware moved into big time. About 60,000 new ransomware was detected in Q3 2011, and more than doubled in Q3 2012, to over 200,0005.
The New Wave6
In 2013: CryptoLocker, the first ransomware to be spread by botnet and social engineering, shows both threat actors and the cybersecurity world how easily ransomware could spread and take over a system. The virus propagated through email attachments that were then spread via the botnet, allowing it to rapidly spread across the internet. In December 2013, it was reported that the group behind CryptoLocker had made over $20 million USD in bitcoin.
2013 –2016: Ransomware explodes in popularity as variants multiply and new targets such as Mac and Linux systems, as well as mobile devices appear.
2016 – 2023: Ransomware Grows Sophisticated
The rise of the dark web, cybercriminal networks, and the digitization of organizations around the globe ushered in a new age where ransomware rose exponentially.
2016: Petya becomes the first variant to overwrite the master boot record and encrypt the master file table within a system, locking victims out of the entire hard drive, faster.
2017: A variant of Petya, NotPetya, made headlines as it was used to target Ukraine, as well as Ukraine-allied countries France, the United Kingdom, and the U.S., during an ongoing conflict between Russia and Ukraine. The NotPetya attacks have been blamed on Russia by experts.
2017: The WannaCry ransomware attack hits hundreds of thousands of devices across more than 150 countries, making it one of the biggest ransomware attacks in history.
2019: Leak sites begin to pop up on the dark web, exposing victims to further financial and reputational losses, as well as allowing for stolen credentials and personally identifying identifiable information (PII) to be used in future attacks
2025 onwards:
As cybersecurity evolves alongside the increased involvement of international law enforcement in stopping cybercrime, ransomware operators have had to out-maneuver tools and people, as well as change their tried-and-true tactics. We’ve already seen the tactic take sinister turns this year. Scattered Spider, a ransomware group adept at compromising identities to launch massive attacks — as they did during the MGM breach of 2023 — has already targeted dozens of finance and insurance companies this year, even as the FBI works overtime to stop them.
Additionally, previously off-limit sectors like healthcare are now fair game for threat actor
Information sources
1 http://virus.wikia.com/wiki/AIDS_trojan_disk
2 https://medium.com/un-hackable/the-bizarre-pre-internet-history-of-ransomware-bb480a652b4b
3 https://www.knowbe4.com/archiveus-trojan
4 https://www.knowbe4.com/gpcode
5 http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q4-2012.pdf
6 https://arcticwolf.com/resources/blog/the-history-of-ransomware