Spyware is one of the oldest cyber threats. It is also one of the most prevalent among attackers looking to access sensitive business data, sell that data, or gain control over employee devices like smartphone microphones to eavesdrop on meetings.
Spyware commands headlines to this day, whether it’s governments and activists trading accusations that it’s being used for political espionage, businesses and consumers coming under attack, or security researchers discovering new types of spyware. Recent examples include a spate of attacks on industrial enterprises using spear phishing emails with malicious attachments. Other victims have been targeted using fake “system updates” to take over their Android devices.
Companies can protect against spyware much like other malware, with defenses including secure email and web gateways, automated management of software patches and frequent awareness training for employees. For example, Mimecast’s secure gateways block malicious emails and protect against illegitimate downloads.
What is Spyware?
Spyware is a form of malware, or malicious software, that infects victims’ computers and mobile devices to then collect data about them or their employers. That data might include a person’s username and passwords, browsing history, downloads, emails and payment information. For businesses, the threat extends to sensitive customer data, financial information and confidential files.
How Does Spyware Work?
Before exploring how spyware collects and exposes business data, it is worth describing how attackers break in. Spyware attacks use a variety of methods including:
Email and messaging: As attackers’ No. 1 choice for delivering malware, email has been widely used for spyware, relying on user interactions such as the downloading of infected attachments. More recently, smartphone messaging apps have even carried “zero-click” exploits, which require no interaction from users.
Patch management shortcomings: Software vendors regularly release patches to plug vulnerabilities in their products. Prudent businesses waste no time in updating their operating systems to stay one step ahead of the cyber attackers. Many rely on cloud-based software applications that provide automatic updates, which include the latest security patches.
‘Malvertising’: The Android spyware mentioned above is an example of how attackers use deceptive advertising, promising helpful software but actually tricking people into downloading programs that are embedded with harmful spyware.
Common Types of Spyware
In addition to exploiting a range of vulnerabilities, spyware also uses many techniques, including:
Trojans: Often delivered via email, Trojans can act as a delivery vehicle for malware including spyware. Trojans disguise themselves as trustworthy files or software updates to get past defenses on their victims’ devices.
System monitors: System monitors, or keyloggers, can collect data on virtually any activity on a target user’s device. From keystrokes to online chat, browsing history or downloaded programs, system monitors can be comprehensive in the breadth of their information gathering.
Infostealers: Once they exploit vulnerabilities in a target device, infostealers seek out sensitive information that attackers can then store on their own servers, or in another location on the infected device for quick access. This data can include usernames and email addresses, passwords, web browsing history, system information and files such as documents, financial spreadsheets and media files.
Recent Spyware Examples
- Pegasus: One of the highest profile zero-click spywares, Pegasus earned notoriety after it was used to access devices owned by journalists, political activists and business executives.
- CoolWebSearch (CWS): A veteran of the spyware world, CWS redirects its victims to a new homepage when they go online and then presents them with a barrage of pop-up ads for sites they would otherwise deem unsafe. To add to the risk, CWS also changes victims’ browser permissions to mark these sites as “safe,” so that they are no longer blocked by default.
- HawkEye: Like many keyloggers, HawkEye captures a range of employee activity and data, including keystrokes, login credentials and sensitive details about their work.
Tips to Detect and Remove Spyware
Spyware exploits existing vulnerabilities in a target’s systems, making it difficult to detect and remove. It is deceptive by nature and works quietly behind the scenes to gather intelligence for as long as possible. That said, devices infected with spyware do exhibit some tell-tale signs, including:
- Reduced performance and speed, sometimes accompanied by unexpected crashes and error messages in applications that previously worked smoothly.
- A sudden drop in available hard drive space, indicating that the spyware has been saving duplicate files on the drive for retrieval.
- Browsers that redirect employees to pages they did not navigate to.
- The appearance of desktop icons that were never there before.
- The appearance of new browser plugins or toolbars that were never previously installed.
- Constant (and increasingly frustrating) pop-ups.
Businesses must be vigilant in running malware scans to identify and remove any malicious spyware. At that point, employees should be encouraged to change their passwords, in case they’ve already been stolen, and alert any partners that might be affected by the breach.
How to Prevent Spyware
The best way to minimize the effects of spyware attacks is to prevent attacks before they occur. It is impossible to avoid exposure to malicious ads or emails, but with the right combination of anti-malware software and employee training, businesses can stop their teams from engaging with spyware posing as helpful software or messages. Specifically, companies should:
- Deploy anti-malware software.
- Ensure all operating and security solutions are updated regularly.
- Train employees to spot and avoid suspicious emails and pop-ups, and be wary of any attachments from unknown sources.
- Similarly, train employees never to open messages or push-notifications on their mobile device if they don’t recognize the sender.
A secure email gateway with advanced malware protection helps identify and filter malicious messages before they reach employees, while also analyzing URLs in any email or attachment and even converting suspicious attachments to a safe format.
Like any infection, spyware can be devastating if left unchecked. While there is no way to eliminate the threat completely, companies can build strong defenses with security technologies, good patch management and employee awareness training.