Malware
Malware is a summary term for different forms of malevolent software designed to infiltrate and infect computers, typically without the knowledge of the owner (ITU, 2008).
Primary reference(s)
ITU, 2008. ITU Study on the Financial Aspects of Network Security: Malware and Spam. International Telecommunication Union (ITU). Accessed 31 October 2024.
Annotations
Additional scientific description
Malware is a portmanteau of "malicious software". It refers to software designed to cause damage, disrupt operations, or gain unauthorized access to computer systems, networks, or devices. It encompasses various harmful software types, each with specific characteristics and propagation methods. Malware is often categorized into "families" (referring to a particular type of malware with unique characteristics) and "variants" (usually a different version of code in a particular family) (International Telecommunication Union, 2008).
Malware encompasses various types of software, such as:
- Viruses: attach themselves to legitimate programs and propagate from device to device when those programs are executed.
- Worms: replicate themselves to spread to other systems without needing a host program.
- Trojan horses: masquerade as benign software to trick users into executing them, thereby compromising the system.
- Ransomware: cyber criminals encrypt data and demand payment in return for decryption keys.
- Spyware: covertly gather information by monitoring users' activities.
- Wiper: permanently delete or corrupt data stored on infected machines.
- Rootkits: enable unauthorized access by hiding their presence within the system.
The history of malware dates back at least to the 80s, when the first ones were created (Milošević, 2014). Notable incidents include the Morris Worm in 1988, which disrupted a significant portion of the early internet, and the more recent WannaCry ransomware attack in 2017, which affected organizations worldwide.
Malware can be delivered through multiple vectors, such as email attachments (especially in the context of phishing attacks), malicious websites, infected software downloads, or via network vulnerabilities. Today, attackers can leverage artificial intelligence to create advanced malware, such as polymorphic ones, which can alter their code to evade detection by traditional security measures.
In addition, fileless malware is an increasing threat due to its ability to evade detection by traditional antivirus programs (Liu et al., 2024). Unlike standard malware that depends on files or executables, fileless malware exploits legitimate system tools and leverage existing files, applications and system services to implement malicious activities. Fileless malware can enter systems through multiple vectors, such as phishing emails, compromised websites, or watering hole attacks. Once it gains access, it can steal sensitive information and spread the infection throughout the network to national and international hazards when other systems are targeted deliberately or otherwise e.g. Third-party suppliers being targeted, or one of their suppliers or sub suppliers. A precedent is the Stuxnet worm discovered in 2010, which was designed to sabotage Iran's nuclear facilities. This sophisticated malware highlighted the potential for cyber weapons to cause physical damage and disrupt national security (Zetter, 2014).
Malicious actors frequently rely on malware due to its versatility and effectiveness. Malware remains one of the most common forms of cyber-attack, with millions of new malware samples detected annually (Statista, 2024). It serves various purposes, from financial gain through ransomware to espionage and disruption of services.
Metrics and numeric limits
Over 1 billion new malware variants were detected globally in 2023 (Statista, 2024).
Key relevant UN convention / multilateral treaty
International legal instruments addressing malware are encompassed within broader cybercrime frameworks.
The Council of Europe's Budapest Convention on Cybercrime provides guidelines for international cooperation in combating cybercrime, including offencses involving the creation, distribution, or use of malware.
The Pall Mall Process Code of Practice for States updated 2025 is a globally inclusive dialogue to address the proliferation and irresponsible use of commercial cyber intrusion tools and services.
Drivers
Software vulnerabilities, Rise in digital dependency, Cybercrime economy, Geopolitical tensions.
Impacts
Malware attacks can escalate to national hazards when they target critical infrastructure or government systems. A precedent is the Stuxnet worm discovered in 2010, which was designed to sabotage Iran's nuclear facilities. This sophisticated malware highlighted the potential for cyber weapons to cause physical damage and disrupt national security.
Multi-hazard context
Malware can result in significant disruption to services, financial loss, potential revenue loss, data and intelligence loss or theft, loss or damage to IT infrastructure, reputational damage to organisations and individuals, and result in significant payment of ransoms and regulatory fines. There may also be increased costs in recovery. In addition, the mpacts of a successful malware attack can contribute to the loss of public trust in organisations, politicians, and the public sector. There is also the threat of further exploitation if information is compromised.
Software systems are interconnected with physical systems. Malware can be used to enable access to systems that can open up other hazards such as increasing chemicals in water distribution facilities to poison large parts of the population by tampering with water systems. This has been attempted in Florida (2021), California (2021), Israel (2020), and USA (2016) (Sikder et al., 2023).
Risk Management
Defending against malware requires, first, user awareness since most of the malware is activated following a user-generated input (like clicking on fraudulent or compromised links). Technical measures, including the use of antivirus and anti-malware software, regular system updates and patches, and network segmentation, can provide additional layers of protection but should not be considered as an alternative to user awareness.
Monitoring
Threat monitoring is undertaken at international, national, sectoral and organisational levels where information on malware identification is shared via various mechanisms to mitigate the risks.
References
International Telecommunication Union (ITU), 2008. ITU Study on the Financial Aspects of Network Security: Malware and Spam. Geneva: ITU.
Liu, S., Peng, G., Zeng, H. and Fu, J., 2024. A survey on the evolution of fileless attacks and detection techniques. [online] Accessed 16 January 2025.
Milošević, N., 2014. History of malware. [online] Accessed 16 January 2025.
Sikder, M.N.K., Nguyen, M.B.T., Elliott, E.D. and Batarseh, F.A., 2023. Deep H2O: Cyber-attacks detection in water distribution systems using deep learning. Journal of Water Process Engineering, 52, 103568 [online]. DOI: 10.1016/j.jwpe.2023.103568. Accessed 16 January 2025.
Statista, no date. Annual number of new malware variants detected worldwide from 2019 to 2023. [online] Accessed 16 January 2025.
Zetter, K., 2014. An unprecedented look at Stuxnet, the world's first digital weapon. Wired. [online] Accessed 16 January 2025.