With more and more activity happening within the hacking industry and the malware market, you might wonder:

How can it scale so much and where does it end?

Just like any other business, the cyber criminals’ activity and the opportunities in the malware market are a matter of demand versus supply.

Naturally, there is no real demand for malware. But there is a market, which we all are responsible for making available.


The Macro and Micro malware economy

The malware market, like any other, offers a wide range of products to fit your “unattended needs”. Today, some of the best offerings are APT’s, ransomware and banking Trojans with as many names as we can possibly wish for. Just like when you go to the supermarket.

Financial Trojans statistics from The state of financial Trojans 2014 by Symantec:

  • Around 1,467 financial institutions in 86 countries are targeted with financial Trojans.
  • The top 9 targeted financial institutions were attacked with more than 40% of the Trojans.
  • Attackers are focusing on new targets outside of online banking, such as Boleto, Bitcoin, and password managers.
  • The number of infections of Zeus (Trojan.Zbot) and its variants grew by 10 times from 2012 to 2014.
  • The US is the country with the most financial Trojan infections, followed by the UK and Germany.

computers compromised with financial trojans in 2014
Source.

The underground financial fraud community has become increasingly organized, facilitating an expanded reach.

Everything from bots and intelligent configurations to localized distribution channels are being bought, sold, or rented out as a service. Attackers are no longer just participating in financial fraud; some are dedicated to creating tools to facilitate these activities. Attackers can leverage third-party services to operate more efficiently and can even outsource the cash-out process. Compromised banking accounts are traded for 5 to 10 percent of their current balance.

number of banking trojan detections in 2014
Source.

The number of total financial Trojan infections around the world has steadily decreased after
a spike in March 2014 and is now at a similar level as the number seen at the end of 2012.
This represents a drop of 53% from January to December, 2014.

The visible drop could be attributed to various takedown operations and malware author arrests.

Two such events are Operation Tovar or the Shylock Trojan Gang takedown operation.

The malware market has evolved from something that was tested and used ideologically or for fun, into a targeted weapon. Some groups still use their ability for ideological purposes, across borders such as Anonymous, whilst others, like DD4BC, which we covered recently, use them for money making purposes.

There is no doubt that the financial aim of malware or IT attacks outweighs by far the ideological aim in today’s market.

1,425% – attacker’s estimated return on investment for exploit kit and ransomware schemes

Source.

So the malware market has evolved, just like any other market, from an early-adopter stage to a fine-tuned, mass production and mass-distribution space.

Cyber criminals have seen malware move from small business, to a very big business of millions (or potentially billions of dollars). The business is still growing, but to continue its growth it is now being taken from macro-economic level to micro-economic level, which I’ll enlarge upon.

total malware last 5 years AV test

new malware created in the last 5 years AV test

Source.


Market established – time to divide and conquer!

The malware economy is now firmly established using macroeconomic strategies, with wide scale phishing attacks (mass marketing), massive and centralised malware distribution channels and big botnets.

other financial threats kaspersky 2014
Source.

However, during the last 1-3 years, law enforcement has been catching up to these distribution and harvesting tactics, because they are used at large scale, easier to find and easier to tumble.

Remember: the bigger they become, the harder they fall.

So within the last 2 or so years, the malware market has also developed. The surfacing of a new term, APT’s – Advanced persistent threats, has also become a palpable reality.

Malware is getting more stealthy, it is changing much faster, making it more challenging for traditional protection mechanisms to keep up.

average days to intrusion detection
Source.

Being smaller and more stealthy is getting more and more important for hackers, in order to stay under the law enforcement’s radar.

The market is now shifting to the micro-economic level, fine tuning its techniques and taking a much more granular attack approach. The market is becoming fragmented.

Main types of malware used in 2014:

malware types trustwave report 2015
Source.


Diversified attacks and multilayer protection

As the granularity of attacks increases, a new range of attack and deployment mechanisms have come into play from regular business economics as well.

Time to market is now a key factor in the malware sector. Using exploits almost as quickly as they occur, is one of the preferred methods of approach. Zero Hour exploits happen before everybody else knows about them, of course, and are ideal for the attacker to have.

But even new vulnerabilities that are made public are often exploited and targeted within a day by cyber criminals! They try to penetrate user’s systems via segment-targeted spear phishing attacks, malvertizing campaigns or through web servers, which have been compromised and can be used to deliver malware.

You and your users are becoming victims of drive-by-attacks, malicious injections and exploits that use tricks that marketers have used on us for ages.

online threats in the financial sector kaspersky
Source.

Cyber criminals are stepping up their game and becoming much better at it. So we have to get better at it as well.


Common responsibility – improved cyber crime defense

We might not have asked for a malware market, but we are still serving it through unpatched software, the lack of sufficient firewalls or inadequate antivirus or APT products.

compromising factors
Source.

Here are some relevant facts from the 2015 Trustwave Global Security Report:

  • 28% of security breaches resulted from weak passwords and another 28% from weak remote access security
  • Weak passwords or weak remote access security contributed to 94% of POS breaches
  • Weak or non-existent input validation (including SQL injection) or unpatched vulnerabilities contributed to 75% of e-commerce breaches.

Your computer(s) might already be part of a botnet, which effectively means that you are helping to serve and deliver attacks and malicious messages across the globe.

Increasing the level of pre-attack barriers on your computer and in your organization is a common responsibility.

Make sure your software is patched, with no exceptions. If you need exceptions, make sure you employ Zero Hour exploit protection.

top exploited applications trustwave 2015
Source.

Use a good antivirus product and use reviews to find it.

For larger organizations, a next generation Firewall and HIPS (Host Intrusion Prevention System) protection, as well as APT (Advanced Persistent Threat) protection are a must!

Make sure you factor in that the more data you have or the more prominent your position or company, the stronger your defenses should be.

Comments

[…] The malware economy is nothing new, but the increasing level of sophistication in cyberattacks is definitely a concern for all organizations, no matter their niche or size. […]

[…] malware and infrastructure dedicated to cyber crime have become commercially available, costs have decreased and allowed more attackers to have access to these type of […]

[…] which is often modular and comes with pre-coded targets ready to be infected. Consequently, the malware economy is kept alive through this way of doing […]

[…] because cryptoware is such a big segment of the malware economy, malware creators have to constantly release new “products” to keep their […]

[…] creators and other cyber criminals involved in the malware economy are remorseless. They’ve automated their attacks to the point of targeting anyone and […]

[…] malware economy is alive and well! And cyber criminals are making big money by using this business […]

[…] Cybercrime-as-a-service is not new, and we’ve been talking about it for a while. Exploit kits such as Angler are sold in cybercriminal circles, for a good price. Sophos speculates that there may even be a “pay-per-install” payment model, where attackers are charged by Angler creators only for the successful malware infections. […]

[…] they operate as a business, ransomware creators are focused on diversifying their “assets”, just as investors do. So when […]

[…] of this context, cyber attacks are often successful. Not only that, but they also feed the malware economy, providing more vulnerabilities, having their machines enlisted in botnets and […]

[…] etc.), users are maintaining security holes that cyber criminals constantly exploit and fueling the malware economy. But what exactly are the most common mistakes that users make which expose them to cyber […]

[…] etc.), users are maintaining security holes that cyber criminals constantly exploit and fueling the malware economy. But what exactly are the most common mistakes that users make which expose them to cyber […]

[…] And it’s not just what companies do to protect our data (and theirs), it’s what we do as well. We’re all part of the cyber security ecosystem and all our common faults fuel the malware economy. […]

[…] the malware economy evolves, so does the cyber security industry, as a natural and much needed response to growing […]

[…] We all need to stop feeding the malware economy. […]

[…] security threat. By ignoring cyber threats and allowing vulnerabilities to exist, we’re fueling the malware economy, which is impacting all of […]

[…] security threat. By ignoring cyber threats and allowing vulnerabilities to exist, we’re fueling the malware economy, which is impacting all of […]

[…] security threat. By ignoring cyber threats and allowing vulnerabilities to exist, we’re fueling the malware economy, which is impacting all of […]

Great and well written article! Appreciate your work.

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP