A PAYLOAD, when used in the context of computing and telecommunications, describes the part of data which is transmitted for a specific purpose. An example might be input data that is sent when requesting content from a remote database server. In the context of cybersecurity, however, a payload refers to any malicious and executable code that can inflict harm onto a targeted system.
A computer worm is perhaps the oldest example of a threat which makes use of a payload. When implemented, it will transfer and deploy its code, causing a significant amount of damage to a device or system. It should be noted that a payload isn’t restricted to a single type of malware. It can include ransomware, botnet recruitment and other malicious implementations. Of course, the success of such payloads are subject to the presence of antivirus (AV) software and other security measures, and, how efficient they are in detecting and countering live threats.
Today, a payload associated with malware is often intended for the theft of sensitive and classified information. This is especially true for phishing emails and programs that can execute without the assistance of a host program. When implemented successfully, a malicious payload can be used to clear out bank accounts, run credit cards to their limit, and steal a user’s identity. It is also used by cyber criminals to track user activity for the purpose of blackmailing them, or, to auction off their data to the highest bidder.
Black hat marketing aside, a malicious payload might simply erase or modify your data, or impact the performance of your computing device or network. Extreme scenarios might involve the disabling of a device’s operating system and startup processes, or “bricking” it altogether and rendering it of no use.
How is a Malicious Payload Executed?
Social engineering and DNS hijacking are perhaps the most common methods used to deploy malicious payloads onto a targeted system. Once inside, they operate with a terrifying stealth: They might lay inactive until a predetermined condition is met, or invoke right away and begin compromising a system. An attacker often has many different options to choose from when delivering and executing malware with malicious payloads.
When socially engineered, the targeted user is “baited” into downloading and installing an executable (exe) file. Such attacks are often masked as email attachments, direct downloads of illegal or pirated software, and sometimes rogue applications which stem from virus hoaxes. Similarly, a specific set of behavioral conditions, also known as a logic bomb, can be triggered at preset times. Such scenarios might involve unscrupulous workers who plant scripts to affect their employer’s network. Once the script no longer detects them on the company’s payroll, the logic bomb will “detonate” and its malicious payload will be executed.
But there are also cases in which non-executable files carry malicious payloads. For example, image-borne malware are cyber attacks in which malicious payloads are hidden in an image file’s binary representation. When a targeted user opens these image files, its payload is executed.
Malicious payloads, much like the programs that carry them, can be deterred with antivirus software and other security mechanisms. But if they escape detection or mitigation, they can sprawl laterally, infecting other end point systems or launching further attacks throughout a given network.