Malware 101: Introduction to objectives

So far this blog series has covered how malware gains access to a system and potentially spreads to other systems. These steps on their own, however, don't actually provide any gain for an attacker, aside from potentially notoriety in the case of a worm that manages to spread to a record number of systems.

Almost all malware has objectives, though, because it is created and used by attackers who have their own motivations and goals behind the malware. This next five articles in this series will cover the various objectives for malware as mapped to common type names used in the cybersecurity industry.

The difference between objectives and goals

For these articles, objectives will relate specifically to the types of malware and what they aim to achieve. While somewhat synonymous with "objective," the term "goal" may also be used periodically and will relate to what the attacker aims to achieve with the malware.

This distinction is important because there isn't a one-to-one mapping between the two. For example, the objective of a password stealer is to steal login credentials. However, the goal of the attacker in stealing these credentials may vary.

The goal might be money, which may involve selling the credentials or in the case of credentials that provide access to money, stealing it directly. The goal might instead be access to accounts or networks, in which case the credentials will instead by used to gain this access. Ultimately, any purchased credentials also resolve to the goal of "access," but the transitive goal of "money" in the case of selling the credentials is an important distinction because it can affect the tactics used and composition of the malware.

Multiple goals and objectives

Much like a particular piece of malware can encompass multiple types, including multiple objectives, multiple goals might be at play as well. An attacker might have multiple goals or secondary goals in case the primary isn't achieved. For example, the goal of ransomware is money, but some variants steal the data for attackers to leak if the ransom is not paid, which is a separate goal of punishing the organization for not paying in addition to helping leverage getting paid in the first place through additional incentives to pay.

Needless to say, complex interworkings are at play, which is part of what motivated this series in the first place as a chance to simplify the understanding of each component that might compose a particular piece of malware.

Depending on your existing knowledge of malware, these examples may or may not make sense now, but they will be covered in the coming articles to make things clear. As a final note, since many objectives are similar and/or don't warrant entire articles, some will be grouped when appropriate based on this similarity.