Top myths about malware, ransomware, and spyware

One of the downsides of always being connected is the constant threat of malicious software and threats that come in many different guises. There is a treasure trove of risks that have become buzzwords, such as malware, ransomware, and spyware. It can also feel incredibly daunting trying to keep up to speed with so many myths promoted as facts online.

Mainstream entertainment often causes further confusion. There are endless examples of technobabble delivered in shows such as CSI New York. Who could forget the memorable line, "I will create a GUI interface in visual basic, to track an IP address." While we all recognize the importance of having up-to-date security software, we should also tackle the increasing amount of misinformation out there.

Three misleading malware myths

Most people reading this will have a basic understanding of malware. The problem is that it's often a generic term for a broad range of malicious software, and as we all know, too little knowledge can be a dangerous thing. For these reasons, many still foolishly believe that they are safe because they are a Mac user that only visits reputable websites.

Apple stopped making this claim a long time ago. In 2020, the reality is that security threats to Macs now outpace Microsoft Windows by 2 to 1. Earlier this year, the Malwarebytes State of Malware Report revealed that the volume of threats against Apple's operating system had increased by more than 400% year-on-year in 2019.

Just because you avoid pornography and streaming pirated movies doesn't mean that you can take the moral high ground either. Malvertisements can embed malicious code on almost any website. From the moment the ad is displayed, the damage is done. The worst part is that the infected user is usually blissfully unaware they are infected.

Another myth is that Malware only targets big organizations. We are all under attack, and there isn't an operating system or browser that is immune from such threats. It can quickly compromise your devices, bring your machine to a grinding halt, or steal your personal information. It can event seize control and leverage your resources for illegal activities.

The widespread underestimation of ransomware

The National Crime Agency and National Cyber Security Centre warned that ransomware represented a significant threat to businesses a few years ago. But many chose to ignore the words of caution and foolishly believed that their firewalls and data backups would be all they needed to recover and recoup stolen data.

The reality is that sophisticated attackers now have an increasing number of attack vectors at their disposal to create maximum disruption. A long list of web applications, infected emails combined with the human error of remote workers, means that traditional protection methods are no longer going to cut it. As the threat landscape continues to evolve, businesses need a different approach to surviving an inevitable ransomware attack.

Panicking and paying adversaries is not an effective strategy. The prevention, detection, and recovery from an attack require businesses of all sizes to improve their cyber hygiene. A belts and braces approach predictably involves applying up-to-date security patches, vulnerability management, whitelisting, and network segmentation.

Education, training, and awareness are critical. It's not a matter of if, but when you'll be the victim of a ransomware attack. No matter how sophisticated or effective you think your countermeasures are or how elegant your security architecture might be, you will still be blindsided when it happens. Adversaries are continuously improving, and access to malicious tools has never been easier. 

All businesses need the right level of maturity preparedness when it comes to ransomware. But if you are serious about having a bulletproof ransomware proof environment, you will need more than a firewall and set of backups.

Spyware superstitions

Spyware is another form of malware that is a popular tool with hackers. One of the biggest myths is that only Windows users are at risk of having their personal data mined. The reality is that your bank details, account logins, and everything you have ever typed into any device is at risk. Yes, that means MACs and smartphones, too, not just Windows-based devices. 

Some forms of spyware will steal information from everything that you type into your browser of choice. But that is just the tip of the proverbial iceberg. For example, on your smartphone, it could involve handing over access to your microphone, camera, location, and messages. For these reasons alone, it would be foolish to believe the myth that anti-malware and anti-spyware are not worthwhile on smartphones or any device.

Another dangerous myth is that private browsing offers protection against spyware and keystroke loggers. Pegasus developed by the infamous NSO Group can find its way on your phone through an infected link on WhatsApp. Once installed, it can hoover all communications from apps such as iMessage, WhatsApp, Gmail, Facebook, etc.

These are just a few examples of why it's dangerous to believe myths around your devices' security. Whether it’s a laptop, desktop, mobile, or tablet, you should always regularly run security scans to ensure your private information stays private. Common sense awareness will help you stay protected, but possibly the biggest myth of all is that common sense is good enough to replace antivirus software.