Dictionary

Threatware

What Is Threatware?

Threatware is a general term encompassing all types of malicious software on computers and electronic devices. A term often used interchangeably with “malware”, threatware includes viruses, trojans, worms, spyware, keyloggers, ransomware and rootkits.

Threatware is a persistent problem that grows year on year. Between 2020 and 2021, companies noticed a 50% increase in threatware incidents. In 2022, one survey found that 75% of organizations experienced incidents of threatware that “spread from one employee to another”.

Threatware is often a key tool when bad actors execute various types of online fraud.

How Does Threatware Work?

Threatware is a broad-brush term that incorporates everything from viruses and worms to ransomware and key-loggers. It can find its way onto computers and other devices by various means. For example:

  • Users may be tricked into installing it themselves via scam emails and malicious websites.
  • It may be installed alongside seemingly innocuous software (such as cracked applications downloaded from filesharing sites).
  • It can arrive via infected removable devices such as USB flash drives and external disks.
  • It can be installed as part of fake software or fraudulent applications in proprietary app stores.
  • It may arrive via browser extensions, and via software that users are encouraged to install via online pop-ups.
  • It may be installed manually by cybercriminals posing as technicians and software support staff.

The above is far from an exhaustive list. Hackers and cybercriminals constantly work to find new and innovative ways to place threatware and malware on users’ computers.

Often, threatware is designed in a way that means it will attempt to replicate itself and spread to multiple machines. For example, a virus may try to reach other computers on a network by replicating across open file shares. Another means of replication is to use infected machines to send out additional malicious emails that encourage individuals, via social engineering, to click links and unwittingly infect their own machines.

Discover How Fraudsters Are Advancing

With AI and other tools, fraudsters are becoming more sophisticated. Learn about current trends and how you can stay safe.

Learn More

Threatware Types

Just as fraudsters innovate the ways in which threatware makes its devious way onto your devices, the threatware itself is also constantly on the move. A list of examples should never be considered complete, and should serve as a guideline for identifying new threatware technology.

That being said, persistent instances of threatware that everyone should have on their radar includes:

Ransomware

This typically uses encryption to lock an individual or a company out of their electronic files. The criminal(s) behind an infection then demand a ransom (often in Bitcoin or other cryptocurrency) in return for decrypting the data and restoring access.

However, a study found that only 4% of those paying ransoms were able to get all of their data back.

Spyware

This type of threatware involves the collection of users’ data without their knowledge. This can range from web browsing data to much more personal information such as logins and passwords.

The latter usually involves a type of threatware called a keylogger, which records keystrokes and sends the data back to the fraudster.

Trojans

Trojans hide themselves in seemingly legitimate software. They’re a considerable problem for those who use file sharing sites, but they can also often find their way onto computers via attachments on malicious emails, or fraudulent app installs.

Users who unknowingly install a trojan may hand full remote access to a fraudster, cause their machine to send out spam emails, or facilitate replication over a network.

Worms

Hackers often use worms to exploit known vulnerabilities in operating systems or software programs. Once in place, they can perpetuate DDoS attacks, steal personal data, or be used to circulate other threatware.

Rootkits

These work at a low level on a system, typically giving full control to a hacker. They’re circulated via various means, including infected flash drives, phishing emails and network shares.

Why Is Threatware Dangerous?

Threatware can expose businesses and individuals to financial loss, reputational damage, and more. It can also cause considerable knock-on effects.

In 2017, ransomware known as WannaCry had a huge global impact, causing operational difficulties for the UK’s National Health Service, and organizations including FedEx, Telefonica and Deutsche Bahn. Although WannaCry primarily spread through emails with malicious attachments, it also took advantage of an unpatched vulnerability in the Windows operating system.

Reduce Fraud Rates by 70–90%

Partner with SEON to reduce fraud rates in your business with real-time data enrichment, whitebox machine learning, and advanced APIs.

Ask an Expert

How to Protect Against Threatware

The best way to protect against threatware is to ensure a balance of user education and the use of security software such as anti-fraud solutions, malware prevention, firewalls and VPNs. The exact combination will depend on your circumstances. A fraud prevention API, for example, can help catch suspicious traffic, conduct automatic blocking and even allow humans to make better decisions.

User education is also particularly important. The World Economic Forum says that 95% of cybersecurity issues can be traced to human error.

Many threatware incidents could be avoided if its victims didn’t click suspicious links, interact with malicious websites, or download questionable software from file sharing sites.

Other precautions include cybersecurity protection for individual users and comprehensive endpoint protection for businesses. Fraud investigation software can help you look into past occurrences and learn from them, boosting your risk prevention against specific threats you have experienced before or seen in your sector. The use of VPNs on public Wi-Fi networks can also protect against certain threatware incidents.

Finally, when it comes to ransomware in particular, effective and regular data backups are crucially important. There’s no need to pay a ransom to a hacker if a full backup of all data is readily available.