Cloud Security Action Can Ruin Malware Economics

Cloud technology can be harnessed to make it less profitable – or at least less lucrative – to develop and distribute run-of-the-mill malware, Eugene Kaspersky, the CEO of Moscow-based Kaspersky Lab, told eWEEK.

If developers are forced to add sophisticated features to develop malware that cannot be easily thwarted, it also raises the bar on who can enter the malware business.

Of the more than 20 million pieces of malware detected by Kaspersky Lab every year, a significant portion of them are considered “typical”. They are often created using readily available tool kits or just re-skinned versions of existing malware.

Reducing The Profit Margin

Attack kits like Neosploit or Black Hole have made malware development easy to do from a technical standpoint. As a result, practically anyone can create common malware, such as those designed for banking fraud and botnet creation, according to Kaspersky. “While it’s not possible to stop all of it, there are ways to make the [malware] business less profitable,” he said.

Right now, writing malware is not only technically simple but also low risk because national law enforcement agencies are not well-prepared to catch international criminals overseas. A change in the landscape that would require more technical know-how to operate a criminal enterprise online would weed out a lot of the low-level criminals, Kaspersky said.

Designing sophisticated malware is difficult and is possible only for “a genius”, Kaspersky said, noting that “teenagers can’t develop this kind of [sophisticated] malware”.

Building on a theme he introduced at the Infosecurity Europe event in late April, Kaspersky said cyber-criminals are primarily motivated by money. If they see profits decline in a certain type of attack, they switch to a more profitable line, he added.

For example, malware designed to steal resources and money from online games used to be common a few years ago, according to Kaspersky. However, with the glut of stolen goods on the black market, thieves are making less money.

Game Over For Artifact Sales

The average prices criminals can get for characters and artifacts from online games declined by about two-thirds between 2008 and 2010, Kaspersky said. Over the same time period, the number of malware samples targeting game fraud dropped by nearly 60 percent.

When profit declines, malware of that type also decreases, according to Kaspersky. A recent Cisco report agreed with Kaspersky’s assessment, finding that cyber-criminals were abandoning large-scale mass spam operations in favour of low-volume targeted attacks with bigger financial rewards. Highlights from the report include the following:

• Returns from mass email-based attacks declined by more than 50 percent, from US$1.1 billion in June 2010 to $500 million in June 2011.

• Mass spam volumes plummeted from 300 billion daily spam messages to just 40 billion between June 2010 and June 2011.

• There is an increase in spear phishing and personalised scams and malicious attacks.

• Spear phishing attacks have increased threefold, while scams and malicious attacks have increased fourfold.

“I have some ideas to make the cyber-crime business much less profitable,” said Kaspersky. His grand vision revolves around global cloud-based threat detection and monitoring networks operated by major security vendors, including Kaspersky Lab, Symantec, McAfee and Trend Micro, among others.

Continued on page 2