Posted on Apr 19, 2019
Malware: The Targaryen Data Theft Legacy
As one of the last remaining Valyrian families, the House of Targaryen found themselves assimilated into Westeros. Although retaining some features, such as albino-blond hair and bright blue eyes (purple in the books), the House of Targaryen considered itself the ancestor of Old Valyria but adopted the language and faith of Westeros. Yet, despite its history, House of Targaryen remains powerful as Daenerys and her dragons work their way towards claiming the Iron Throne. In much the same way, malware and ransomware, despite being well known, remain a primary threat to information security through outdated browsers and poor cyber hygiene.
What is malware?
Malware is a suspicious software, such as viruses, worms, Trojan horses, and spyware. Although people often known malware exists in the wilds of the internet, it remains a persistent information security threat precisely because it appears to look like a normal computer program.
Just as the Targaryens assimilated into Westeros cultures while retaining their own sense of self, malware assimilates into systems and networks. The Targaryens remained a threat despite being the last of Old Valyria because they refused to give up their claim to the Iron Throne. Meanwhile, malware persists because cybercriminals continue to evolve new types.
How does malware work?
Cybercriminals often hide malware in USB drives or through the internet. However, since security administrators started to use anti-malware products, cybercriminals evolved their threat methodologies to hide the malware using fake IP addresses, ones that can change the code to avoid detection, ways that allow malware to detect analysis, and malware that resides only on the system’s memory.
Danaerys as the last of the Targaryens does much the same thing. After Drogo’s death, Danaerys builds her army of Unsullied by infiltrating and double-crossing the wealthy of Astapor. By hiding in plain sight and pretending to befriend the Astaporians, she does the same thing as malware, gaining power and control to siphon assets.
What are the most likely types of malware?
Although most people know that malware exists, particularly if they use an anti-malware program, many may not understand the hows and whys of the malicious software.
Virus: The Danearys
A virus, once downloaded, copies itself into a program on your computer, executes when you run the program, and then spreads to other programs and files.
In the same way, Danaerys needed to insert herself into the hearts of the Unsullied, win their loyalty, and then be able to take on other cities.
Worm: The Rhaegar
A worm does not need to insert itself into another program. It feeds off automatic operating system activities, replicates itself, and then spreads to other computers, often using shared networks.
Similarly, Rhaegar Targaryen pretended to kidnap the woman he loves and married her in secret. In doing so, he also hid his child who would have been murdered as people wanted to wipe out the Targaryen line. Rhaegar, therefore, replicated his lineage then hid the child so that the Targaryen bloodline could continue and spread throughout the Seven Kingdoms.
Adware: The Viserys
Often used in marketing, adware tracks a user’s browser and download history using cookies. Hidden on a browser, the malware is difficult to find, as it often runs without the user’s knowledge.
Behind Danaerys’s back, Viserys arranges her marriage to Dothraki Khal Drogo. By using a traditional Westeros political tactic, he hides his malicious intent underneath a veneer of normality, much like adware.
Keyloggers: The Aemon Targaryen
Keyloggers, also referred to as keystroke loggers or system monitors, are a type of spyware tool that records keystrokes on computers and smartphones. Since they record the keys a user types, they can obtain personally identifiable information, login information, and passwords.
Aemon Targaryen, the eldest Targaryen remaining, took the order of Maesters vow and became an advisor the the Night’s Watch. As an advisor, he knows the secrets embedded in life at Castle Black, ultimately using them for his own purposes, just as keyloggers use the secrets embedded within the user’s device.
Ransomware: The Powerful Dragons of Data Corruption
What is ransomware?
Although many types of ransomware exist, they all follow a similar pattern. Although ransomware originally targeted individual users, cybercriminals evolved their methodologies to attack larger organizations.
Delivered through the same methods as traditional malware, ransomware needs to be downloaded so that the file can start running. Often, cybercriminals use attachments contained in phishing emails or drive-by download from an infected website to spread the malware. Once downloaded, the ransomware encrypts files, functionally destroying all the information.
Although not human, Drogon, Rhaegal, and Viserion are the heart of House Targaryen. House Targaryen, known by its dragon-emblazoned sigil, stands as the only house whose bloodline can direct, albeit not always control, dragons. Not only did HOuse Targaryen use dragons to devastate Westeros after the end of Valyria, Danaerys uses Drogon, Rhaegal, and Viserion to vanquish cities on her rise to power. Known for their ability to destroy anything in their way, they are the ransomware of Game of Thrones. Just as cybercriminals use ransomware to hold information hostage, so does House Targaryen use dragons to hold its enemies hostage - or destroy them in the process.
Malware and Ransomware - the cybersecurity members of the House Targaryen - can destroy and infiltrate just as easily as the Mad King’s descendants.
Follow us next Friday to see who will win or die in the Game of Cybersecurity.
With hackers finding new ways to attack third-parties in hopes of infecting a larger organization, the third-party ecosystem is more fragile than ever before.
The purpose of IT security risk assessment is to determine security risks to your company’s critical assets, and how much funding and effort should be used in their protection. Get started with SecurityScorecard’s step-by-step guide to managing your cyber risk.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen. The right vendor risk assessment template can be crafted to assure compliance with regulatory requirements.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.