The malware business is profit-driven and revolves around identity theft, gathering of personal data and fraud. It uses blackmail and extortion, threatening corporates with massive downtime unless sums of money change hands. It sends spam and unsolicited advertising and steals virtual property.
So says David Emm, senior regional researcher at Kaspersky Lab UK, at the company`s international press conference, in Moscow.
Malware has evolved from cyber-vandalism to cyber-crime, he says. Malware is no longer only written with the purpose of proof of concept, self-actualisation or revenge; it is now largely profit-driven.
Its global reach makes the business such a viable alternative for criminals: "The Internet transcends geo-political borders and so do the cyber-criminals. Unfortunately, law enforcement doesn`t, allowing cyber-criminals to hide between the cracks."
He says the malware business is the "flip-side of the legal economy". Like any legitimate successful business, numbers get bigger and bigger.
Prosecution difficult
Unfortunately, he says, these days, with anti-virus technologies, threats have a much shorter shelf life. This forces the criminals to become smarter, and malware to have more variants. In addition, criminals no longer want to draw attention to themselves, as the early malware authors did to prove a point; they are in this for money, and are keeping hidden, making capture and prosecution extremely difficult.
"We see cyber-criminals now using low-key small-scale attacks, which are less visible to anti-virus early warning radar. They are less visible to law enforcement agencies. It`s easier for them to manage compromised computers."
Emm says criminals steal data; for example, bank account login credentials or online gaming credentials and virtual property. They steal e-mail addresses, credit card numbers and other data such as instant messaging accounts or software licences.
"In addition, they misuse other computer resources, botnets, client-server injection or SMS and telephone calls to premium services."
Virtual assets are converted to real cash. "They do this in various ways - stealing money directly from a victim`s account, using money mules, or human proxies to transfer ill-gotten gains, and selling of stolen assets such as credit card numbers, e-mail addresses and suchlike."
A solution isn`t easy, Emm says. "Crime isn`t going away, nor is cyber-crime. In order to mitigate the risks, several factors must be taken into consideration. Good security technologies must be in place. Law enforcement agencies need better co-operation on a local and international level."
Lastly, the human factor comes into play. "People are victims, they also need to be more vigilant with their personal data and information."
* Are local companies positioned to deal with the growing threat of malware? Give us your opinion via our feedback facility.
Share