Sick on the Inside

The American Cancer Society deals with illnesses of the human sort, but recently they had to deal with another kind of toxic illness silently taking over. On the outside, things looked fine. But on the inside, there was a silent plague.

Hidden as analytical code, security experts discovered malware embedded in the American Cancer Society’s storefront of their website. It functioned by searching for “checkout” and then skimmed users’ credit card information and directed payment to the hackers. If there is a “good news” part of this story, it is that the hacker’s web address was exposed upon discovery of the malware and the discovery was made and remedied within a few days.

This incident was also similar to the breach of Mission Health; their site, however, was infected for nearly three years.

Security experts are alerting individual clients and businesses of the increase in e-skimming threats, warning them to keep their systems updated, as well as maintaining constant monitoring of any changes.

What is Malware?

The term “malware” is a contraction of “malicious software.” Put simply, malware is any piece of software that was written with the intent of damaging devices, stealing data, and generally causing a mess. Viruses, Trojans, spyware, and ransomware are among the different kinds of malware.

Malware is often created by teams of hackers: usually, they’re just looking to make money, either by spreading the malware themselves or selling it to the highest bidder on the Dark Web. There can be other reasons, however, for creating malware too—it can be used as a tool for protest, a way to test security, or even as weapons of war between governments.

But no matter why or how malware comes to be, it’s always bad news when it winds up on your PC. Fortunately, that’s what we’re here to prevent.

What Does Malware Do?

All kinds of things. It’s a very broad category, and what malware does or how malware works changes from file to file. The following is a list of common types of malware, but it’s hardly exhaustive:

Virus: Like their biological namesakes, viruses attach themselves to clean files and infect other clean files. They can spread uncontrollably, damaging a system’s core functionality and deleting or corrupting files. They usually appear as an executable file (.exe).

Trojans: This kind of malware disguises itself as legitimate software, or is hidden in legitimate software that has been tampered with. It tends to act discreetly and create backdoors in your security to let other malware in.

Spyware: No surprise here—spyware is malware designed to spy on you. It hides in the background and takes notes on what you do online, including your passwords, credit card numbers, surfing habits, and more.

Worms: Worms infect entire networks of devices, either local or across the internet, by using network interfaces. It uses each consecutively infected machine to infect others.

Ransomware: This kind of malware typically locks down your computer and your files, and threatens to erase everything unless you pay a ransom.

Adware: Though not always malicious in nature, aggressive advertising software can undermine your security just to serve you ads—which can give other malware an easy way in. Plus, let’s face it: pop-ups are really annoying.

Botnets: Botnets are networks of infected computers that are made to work together under the control of an attacker.

We ask that all law firms stay diligent with your own security and use as many verification points as possible in practices.

In addition, we highly recommend letting all your employees understand that this is yet another way that malware can be introduced into your firm’s systems. It’s a major issue that we all need to contend with.

Check Also


Virginia’s New Data Protection Law

The new law signals an increased need for adaptability in privacy compliance.