Malware, hacker attacks and cyber crime are all a part of the digital world, and cyber crime is an organised underground industry that mirrors the legitimate economy.
So said Eugene Kaspersky, CEO and co-founder of Kaspersky Lab, speaking at the Kaspersky Lab Virus Analyst Summit, in Malaga, Spain, this week.
He explained that cyber criminals each perform certain functions, such as writing malware, collecting data, and monetising data. They trade access to infected computers, sell stolen data and suchlike.
“We also find 'criminal supermarkets' where you can find masses of stolen data. The only place where the legitimate economy is not mirrored is that these criminals don't pay taxes.”
According to him, the last five years have been the golden age of cyber crime. “Cyber criminals have a lot of cash, and have been very successful in their illegal endeavours. The number of malicious programs found by Kaspersky has grown exponentially year on year, from under 10 million, in 2009, to nearly 20 million, in 2010.”
He said this is happening for several reasons. “Firstly, it's profitable. There are more and more online services that criminals can prey on. There is also a high demand for criminal services such as spam and botnets. Some cyber criminals have their own Web sites, even going as far as to offer technical support.”
Secondly, said Kaspersky, it is technically speaking, very simple. A little knowledge and a computer is all that is needed. There is no physical contact with the victims. And because it happens over the Internet, it is seen as a victimless crime.
Thirdly, he continued, it's a low-risk business. “It's a case of international crime versus national legislation. Cyber police departments are limited with national borders. It's complicated to connect police departments between countries as there is not enough global co-operation and no international body fighting the problem. It's also difficult to trace as the perpetrators are anonymous international professionals. They leave no trace of themselves; it is almost impossible to find them.”
Taking action
“So, is it possible to have totally secure systems? Not really. Is it possible to make it less profitable? Only by cutting all online businesses. Are we able to get back to the pre-Internet era? Of course not. However, we have some ideas and some technologies to make it less profitable.”
He said where there is no business, there is no crime. “Some cyber crime businesses have vanished, such as Trojan diallers and online game malware. No business, no money, no crime. As dial-up has become unpopular, so has it been avoided by criminals.”
In terms of gaming, he said as little as four years ago, top virtual characters in games such as World of Warcraft exchanged hands for £5 000, now the same are under £100. Malware designed to steal virtual characters is no longer profitable.
Cyber crime is motivated by money. Profit decline decreases malware attacks, he explained.
Kaspersky said malware has a specific life cycle. “Web pages have malware planted in them. Visitors to these pages become infected, data is gathered. But as soon as their anti-virus is updated, the attack is over. However, this gap gives them plenty of time to generate profit. They have a positive return on investment.
“Can it be stopped?” He asked. “We have formed a KLoud Security Network that connects millions of computers. The computers report new threats back to the service. The data is immediately available to other computers in the network. Just the fingerprints though, we don't collect any private data.”
The difficulty factor
He said this results in a few users protecting millions of other users. “If we see that just a few applications are suspicious, we can stop them, and warn other users not to download them. In this way, the rest of the community is protected. We can blocks users from infected pages, preventing infection from malware.”
Kaspersky said this significantly shortens the gap for cyber criminals, as it is not nearly as profitable for them. “Protection is released by Kaspersky Lab within two to three minutes, drastically reducing the lifetime of the malware. Cyber criminals cannot cross the profitability threshold.
“Is this a silver bullet? Unfortunately not; we cannot stop 100% of malware. This helps us stop the more common malware, the traditional, not too complicated malware.”
He said there are ways to bypass the cloud, such as non-executable malware, server-side polymorphic malware, file infectors and new behaviours that Kaspersky has not yet recognised.
Kaspersky concluded that while not perfect, it makes malware hard to develop and unprofitable. The entrance ticket to the cyber crime industry becomes more expensive, and only professionals will stay in the business. This technology is a great tool to make cyber crime less profitable, and less visible, he noted. It will decrease the population of cyber criminals.
Share