Experts found coding malware is now expensive for cybercriminals and they can get good results using intrusive advertising programmes or legitimate digital signatures in their attacks. Between 2012 and 2013, there was a rapid increase in the number of new malicious files detected by Kaspersky Lab, from 200,000 new files every day in 2012 to 315,000 in 2013.
Thereafter, things started to slow down. In 2014, the total increased by just 10,000 files a day, and in 2015 the overall number has declined from 325,000 to 310,000. Cybercriminals in search of a quick return appear to have decided that complex coding tools such as rootkits, bootkits or replicating viruses, may bring results, but at a cost, reducing their overall margins and revenue. Moreover, these complex malicious programmes, that can cost tens of thousands of dollars to develop, do not protect the malicious programme from increasingly sophisticated antivirus software accustomed to detecting and analyzing far more complicated malware.
For this reason, 2015 saw adware, essentially harmless but often intrusive, become more prominent among overall anti-virus detection. This marks an evolution in cybercriminal tactics, with many now acting almost as businesses, engaged in selling quasi-legitimate commercial software, activity and other “essentials”.
Another trend is for cybercriminals and even advanced, state-sponsored threat actors to make greater use of legal certificates for digital products. With the help of bought or stolen certificates, attackers deceive security software, which trusts an officially-signed file more than a regular one. The value of the certificate may be only a few tens of dollars.
“Cybercrime has lost the last touch of romance. Today, malware is created, bought and resold for specific tasks. The commercial malware market has settled, and is evolving towards simplification. I think will we no longer see malicious “code for the code”. This trend is also observed among the operators of targeted attacks,” says Vyacheslav Zakorzhevsky, Head of Anti-Malware Team at Kaspersky Lab.
“The infrastructure of the internet itself has shown signs of tension and cracks in recent years. Concerns over massive router botnets, BGP hijacking and dampening, DNS attacks en masse, or server-powered DDoSes betray a lack of accountability and enforcement on a global scale. Looking further down the line to long-term predictions, we can consider what the internet might look like if that narrative of a globally connected village continues to wither. We may end up with a balkanized internet divided by national borders.
At that point, concerns over availability may come down to attacks on the service junctures that provide access between different sections, or perhaps geopolitical tensions that target the cables that connect large swathes of the internet. Perhaps we’ll even see the rise of a black market for connectivity. Similarly, we can expect that as technologies that power the internet’s underbelly continue to gain mainstream attention and widespread adoption, developers with a stake in shadow markets, exchanges, and forums are likely to develop better technologies to keep the underground truly underground.” The experts predicted.
Now, is it good news that Coding malware is now expensive for cybercriminals?