News
3/19/2014
05:10 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

A Cybercrime Gang-Software Pirate Mash-Up

New report illustrates lucrative market for malware-riddled, pirated software -- and the cost to enterprises

Cybercrime gangs are always looking for new revenue streams, so it should come as no surprise that they are using pirated software as yet another way to make money.

The explosion in bring-your-own devices coming to work every day has exposed enterprises to pirated and tainted software. A new report published today by IDC and the National University of Singapore found that organized crime is costing enterprises worldwide more than $315 billion a year, as they become more and more exposed to pirated software rigged with malware. The report projects that businesses worldwide will spend close to $500 billion this year to clean up and recover from pirated software infected with malware that makes its way into their organizations. Those costs break down to $127 billion for security issues and another $364 billion in costs of data breaches linked to the tainted software.

The study, which was commissioned by Microsoft, attributes two-thirds of those losses -- $315 billion -- to criminal organizations profiting from pirated, tainted software.

"It's not surprising to me that there are a lot of losses" with pirated software, says John Gantz, senior vice president at IDC. "I'm surprised we [as an industry] didn't realize before that criminal organizations would be there."

David Finn, associate general counsel and executive director of the Microsoft Cybercrime Center, says one of the most violent drug cartels in Mexico, La Familia, made more than $2 million a day just from illegally distributing Microsoft software. "Just as they put their logo on cocaine, they put their logo on counterfeit Microsoft software," Finn says. "It's another revenue stream for them, and probably a more secure one from their perspective" that is less risky, he says.

It's all about following the money and diversifying their business model, he says.

Pirated products -- software as well as movies and pictures -- are interconnected with the criminal world, says Richard Domingues Boscovich, assistant general counsel for Microsoft's Digital Crimes Unit. Pirated software is "a delivery mechanism for malware," he says.

The bad guys make money selling the counterfeit software, plus if their sale results in a new bot machine. "They have the opportunity to profit twice," Finn says. "The victimize the user, but then that machine can become part of a botnet that victimizes other people."

Some regions are suffering more than others, of course: The Asia-Pacific region, which has both a massive number PCs due to its high population, also has a high software piracy rate. That region is expected to suffer more than 45 percent of all enterprise losses from malware on pirated software, and more than 40 percent of all consumer losses.

Governments worldwide, meanwhile, this year are expected to lose some $50 billion in damages due to malware on pirated software. Government officials say they worry most about losing intellectual property and trade secrets (59 percent), unauthorized access to confidential information (55 percent), and critical infrastructure cyberattacks (55 percent).

Consumers are the obvious at-risk category for getting infected by software they buy in pirated form. They have a 33 percent chance of getting infected when they install pirated software or purchase a PC with pirated software. The National University of Singapore conducted an experiment for the report, purchasing in 11 different countries 203 PCs with pirated software. More than 60 percent of those machines were infected with malware.

BYOD is putting enterprises at risk of malware via pirated software. According to the study, 27 percent of employees install their own software on their work PCs, which accounted for 20 percent of pirated software found in those organizations. And that's just PCs -- the mass of mobile devices in use introduce yet another venue of infection via tainted apps.

"All it takes is one," Microsoft's Boscovich says. "You've got to make sure your supply chain is clean, you do BYOD updates, and that [the devices] are loaded with legitimate software" and are updated, he says.

The full report, "The Link between Pirated Software and Cybersecurity Breaches: How Malware in Pirated Software Is Costing the World Billions," is available here (PDF) for download.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0640
Published: 2014-08-20
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors.

CVE-2014-0641
Published: 2014-08-20
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.

CVE-2014-2505
Published: 2014-08-20
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.

CVE-2014-2511
Published: 2014-08-20
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter.

CVE-2014-2515
Published: 2014-08-20
EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.