What is the most devastating malware for the PC currently?
In your experience, which current malware type is the most devastating for the PC? I think fileless malware is pretty bad but it still doesn’t seem to be very prevalent, surprisingly. Most fileless malware i’ve seen uses dated Internet Explorer ActiveX weaknesses which are not as common now adays. Wondering if you guys have encountered anything more recent in this realm
Maybe not the answer you were looking for but the malware I fear the most is the malware I can’t find, e.g. the stuff that is “living off the land” and using only legitimate OS tools , the stuff you can’t decipher from legit sysadmin activity. That’s what keeps me up at night !
We always fear what we can’t see. And that’s in a way correct that malware that cannot be seen is the most to be feared. I have had that kind of feeling once, looking at the events you can tell something wrong is happening but not able to see what is causing it. But someway or the other you’ll be able to reach to the cause. Almost all of the times, memory forensics can help you seeing the things that cannot be seen with regular methods. Rootkits are known to be stealthiest of all. You should really be worried about that if not scared.
This question is really hard to answer which is also why you find “what is the most devastating” substituted by “what do I fear the most”, in which case rootkits, and any malware that is well hidden makes perfectly sense. But it doesn’t tell anything about how much devastation it causes.
What makes something devastating and how to measure it? Is it:
- damage done to the computer system --> Then I would argue viruses do the most damage, as they affect the whole system, disinfection is nearly impossible (files can usually be stripped from malicious code but not be reverted to their original state, often they are still detected by AV after disinfection). Virus families like Ramnit, Virut and Sality are still prevalent.
- costs and losses for companies, organizations --> Then, if you look into the media and published statistics, it is probably ransomworms (WannaCry, Petna etc). However, they only cost so much because ransomware cannot be ignored, their damage and infection is visible for everyone using the system. Silent infections may do more damage in the long run (e.g. imagine all your company secrets get stolen by spyware), but hidden things can hardly be measured. So this isn’t really something we can answer but someone should write their PhD about it.
- most devastating incident possible --> Then I would say it is malware that was designed to infect and control/destroy critical infrastructure and systems like nuclear plants. An example is Stuxnet. As worst case scenario I imagine a nuclear meltdown caused by malware.
tl;dr I have no idea.
There’s a saying in the military, something along the lines of “The target dictates the weapon and the weapon dictates the movement”. This implies that the method employed is entirely dependent on the target.
With this in mind I think that the “devastation factor” would be much more closely tied to a target than to the method of attacking that target. For instance if someone were to target say a college computer lab that shuts down the entire university with file-less malware, would THAT be more devastating than if someone plugged a usb into 1 computer that spread ransomware throughout that hospital?
That said any “truly fileless” malware is defeated, simply by rebooting the system. There is usually some persistence mechanism (something on disk or in a network) that must be implemented to ensure a reboot doesn’t revert their actions and thus makes it detectable outside of memory.
So, I’d say a persistent individual or group with a solid understanding of multiple advanced methods of exploitation is likely the most devastating thing that can happen to any system.