Executive Summary
- Our article series on malware continues with a look at one of the more common forms of malware delivery, the trojan horse.
- Unusually named, (but for a very good reason), trojan horse attacks are one of the most insidious forms of malware delivery – and appear in many different forms.
- In this article, we explore the different types of trojan horse attack, the risk they pose to businesses, and how to mitigate that risk.
Introduction
What do you think of when you hear the phrase “trojan horse”?
For many, it’ll bring to mind visions of ancient Greek soldiers breaching the walls of a castle with some masterful subterfuge (and a rather large model of a horse).
But in the modern day? A trojan horse is something quite different – though the metaphor of covertly raiding a castle still holds true.
The modern trojan horse is a form of malware attack, and it uses several methods to disguise itself and gain access to a target computer – from which it launches an attack.
Let’s learn more about what a trojan horse is, how it works, and how you can protect your business from such cyberattacks.
What is a trojan horse cyberattack?
The clue to the trojan horse is in the name.
Just like the story from ancient Greece, a trojan horse virus is designed to deceive a user into thinking it’s harmless or legitimate. Once executed on the target computer, the payload of the trojan horse gets to work.
This might be stealing critical data and sending it elsewhere, monitoring a user’s activity (similar to spyware), deleting or modifying files, or otherwise disrupting the regular use of your IT infrastructure.
It’s the requirement for user interaction that makes a trojan horse different. Unlike other types of malware, like worms, trojan horses are not designed to self-replicate. Instead, they’re like a vehicle – a wooden horse is a fitting analogy – that a piece of malicious code will use to stealthily infiltrate a computer.
Trojan horses rely on human error – and that can often be crucial to combatting them, as we’ll soon see.
Types of trojan horse attacks
While the concept of a trojan horse is often thought of as a singular cyberattack, they actually come in different forms. As we’ve learned, the goal of a trojan horse is always the same – to deliver a malicious payload – but the means by which hackers achieve this can differ.
Here are some of the most common types of trojan horse attacks:
- Backdoor Trojan: Once executed on the target computer, the backdoor trojan will enable full remote access to the machine for the attacker – without their knowledge.
- Downloader Trojan: As the name suggests, this type of trojan will secretly download and install malicious programs (and yes, that includes other trojans).
- Exploit Trojans: This type of trojan targets a known exploit or unpatched bug in the code of existing software, essentially hijacking it on behalf of the attacker.
- Rootkit Trojans: These devious programs infect the administrative areas of an operating system, giving the trojan the ability to mask or conceal any existing malware.
- DDoS Trojan: This trojan will use the host computer as just one of an army of machines which will then carry out a Distributed Denial of Service (DDoS) attack. A DDoS is a brute force attack in which so computers connect to a website at once that the server fails, bringing down the site.
Managing the risk of trojan horse attacks for small businesses
So far, we’ve seen that trojan horses are, by design, incredibly difficult to deal with once they’ve infected a host computer.
They’re not impossible to eliminate, mind you – especially not if you employ a more advanced threat mitigation system like Endpoint Detection and Response – but they’re still a big risk for businesses.
The most important thing to remember about trojans is that they rely on human error. Unlike other forms of malware, they don’t simply appear on a machine and start wreaking havoc – they need to be manually opened, triggered, or otherwise executed. Trojans also rely on other factors, like out-of-date software.
With all this in mind, here are a few key strategies you can deploy at your business to mitigate and manage the risk of trojan horse malware attacks:
- Offer all staff comprehensive training. This is really the most important point – you must make sure your staff know how to identify potential trojan horse attacks (e.g. via opening unknown email attachments). Any form of anti-phishing training will help them to better identify, and thus avoid, a trojan horse attack.
- Need a quick solution? Remember the golden rule. If you need a way to prevent trojan horses fast, remind your team of the simple philosophy: Never open an email attachment if you aren’t 100% sure of the source. Most trojans are delivered via email attachments, so this simple measure can be a lifesaver for a business.
- Keep all of your software up to date. If you’re running any old or out-of-date systems, it’s essential that you get them updated or replaced as soon as possible. Cyberattackers are always looking for new exploits, and that could mean you’re opening yourself up for potential damage should a trojan slip through your defences. Take heed of the notorious “WannaCry” attack, which was made possible by an exploit in an old version of Windows.
- Get complete protection with an EDR platform. Unlike traditional antivirus, an Endpoint Detection and Response platform will proactively detect activity which resembles trojan behaviour – even if it’s never been encountered before. Even better, EDR can actually roll back any changes should the attacker breach your defences.
Need to toughen up your cybersecurity? We can help
If you’re new to our series on malware and would like to know more, check out the links below to get started:
• The Plain English Guide to: Malware• What is Spyware? The Essential Guide for Small Business• What is Ransomware? The Essential Guide for Small Business
Or, if you’re concerned about your company’s cybersecurity – or simply want an IT healthcare check-up – we can help.
Fill in the form below to get in touch, or simply pick up the phone and call our friendly team on 01865 59 4000.