Computer viruses today are far more sophisticated than their humble beginnings would suggest. Gone are the days when they flipped your images for fun or, at worst, infected several thousand machines. Now, they can bring down an entire nation’s healthcare system, infect devices we thought were immune and even rope AI into doing their bidding.
Want to know more about the five greatest virus threats we face today and likely tomorrow? Then keep reading!
Note: We broadly use the term virus to encompass other malware that poses a greater threat than viruses in the traditional sense. While they still exist, old-school viruses are rare occurrences that built-in programs like Windows Defender deal with effectively. Hackers have since moved on to more destructive and more lucrative malware, which we will explore below.
Ransomware
Ransomware is the most well-known and among the most devastating modern virus offshoots. Its development underwent fundamental changes. The named viruses of old written by gifted individuals now make way for the efforts of well-funded and coordinated groups like LockBit, Black Basta, and ALPHV.
Once it has access to a system, ransomware encrypts crucial files. The victim can’t access the files or even entire systems until they pay and receive appropriate decryption keys. There are already too many incidents to count in 2024. However, one that affected more than a hundred hospitals in Romania either directly or by taking their networks offline preemptively is a gruesome example of the threat’s magnitude and heinousness.
iOS Mercenary Spyware
Long considered the bastion of user safety, Apple products have become targets of mercenary spyware. Pegasus is the most infamous example. At first, it was highly specialized, targeting activists and journalists. The attacks’ scope and intensity have increased recently, as evidenced by Apple sending notices to users in 92 countries about being potential targets.
Some variants of mercenary spyware can embed themselves in images iMessage loads automatically, meaning victims don’t have to set it off manually.
Banking Trojans
Trojans are another example of an old malware category attackers are breathing new life into via sophisticated means. The newest example is a trifecta of Trojans that leveraged Google’s Cloud Run service and email phishing to steal sensitive information from hundreds of financial institutions throughout Latin America and Europe.
Astaroth, Mekotio, and Ousaban disguise themselves as Microsoft installer files deployed through Google Cloud Run or redirected Google Cloud Storage links. Once downloaded, they log user keystrokes and copy clipboard data.
Cryptojacking
Cryptocurrency mining isn’t profitable for individuals unless they resort to illegal means. Cryptojackers are malware that exploits either existing software vulnerabilities or users’ gullibility through social engineering. Once installed, it leverages computing services for mining purposes.
The most infamous case of cryptojacking in 2024 so far culminated with the arrest of a Ukrainian man who infected thousands of cloud service users by exploiting their weak account passwords. He managed to amass $2 million worth of cryptocurrency before getting caught. Worse yet, the cryptojacker he used leveraged the service’s vast computing power, leaving victims responsible for the exorbitant bill.
Morris II
Our last entry is a likely harbinger of things to come. Morris II is a worm developed by researchers to target generative AI. It can successfully trick ChatGPT, Gemini, and LLaVA to output user inputs. Letting Morris II loose on AI-powered email assistants resulted in user data extraction and spam email generation that affected the original infected account’s contacts.
Thankfully, Morris II is a proof of concept for research purposes. Still, it points out previously unrecognized vulnerabilities in generative AI models and is unlikely to remain unique for long.
How to Stay Safe?
The virus threat has evolved, and users need to adopt the latest cybersecurity best practices to keep up.
Sensible user behavior can thwart many of these attacks. Knowing how to spot a phishing email and avoiding associated links or attachments already puts you at an advantage.
Securing your accounts and local data is equally important. Complex, one-of-a-kind passwords ensure that one compromised account doesn’t lead to other breaches due to credential stuffing.
It’s best to use a password manager to speed up password diversification since they can instantly generate as many strong passwords as you need. Moreover, their encrypted vaults ensure all stored passwords remain secure even if someone gains system access.
Neglecting to update your operating system and software leaves you open to lingering zero-day exploits. A patched system isn’t foolproof, but it offers the best protection and newest features.
Don’t neglect network security either, especially if you use public Wi-Fi. A VPN can mitigate the risks by encrypting the connection, causing any attempts at eavesdropping or tracking through your IP address to fail. For the best protection, consider consulting a VPN comparison table to find the most secure and reliable options. Highly-regarded VPNs also leverage up-to-date information on malicious websites and will redirect you before you get exposed to viruses or other malicious programs.