News
3/19/2014
05:10 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

A Cybercrime Gang-Software Pirate Mash-Up

New report illustrates lucrative market for malware-riddled, pirated software -- and the cost to enterprises

Cybercrime gangs are always looking for new revenue streams, so it should come as no surprise that they are using pirated software as yet another way to make money.

The explosion in bring-your-own devices coming to work every day has exposed enterprises to pirated and tainted software. A new report published today by IDC and the National University of Singapore found that organized crime is costing enterprises worldwide more than $315 billion a year, as they become more and more exposed to pirated software rigged with malware. The report projects that businesses worldwide will spend close to $500 billion this year to clean up and recover from pirated software infected with malware that makes its way into their organizations. Those costs break down to $127 billion for security issues and another $364 billion in costs of data breaches linked to the tainted software.

The study, which was commissioned by Microsoft, attributes two-thirds of those losses -- $315 billion -- to criminal organizations profiting from pirated, tainted software.

"It's not surprising to me that there are a lot of losses" with pirated software, says John Gantz, senior vice president at IDC. "I'm surprised we [as an industry] didn't realize before that criminal organizations would be there."

David Finn, associate general counsel and executive director of the Microsoft Cybercrime Center, says one of the most violent drug cartels in Mexico, La Familia, made more than $2 million a day just from illegally distributing Microsoft software. "Just as they put their logo on cocaine, they put their logo on counterfeit Microsoft software," Finn says. "It's another revenue stream for them, and probably a more secure one from their perspective" that is less risky, he says.

It's all about following the money and diversifying their business model, he says.

Pirated products -- software as well as movies and pictures -- are interconnected with the criminal world, says Richard Domingues Boscovich, assistant general counsel for Microsoft's Digital Crimes Unit. Pirated software is "a delivery mechanism for malware," he says.

The bad guys make money selling the counterfeit software, plus if their sale results in a new bot machine. "They have the opportunity to profit twice," Finn says. "The victimize the user, but then that machine can become part of a botnet that victimizes other people."

Some regions are suffering more than others, of course: The Asia-Pacific region, which has both a massive number PCs due to its high population, also has a high software piracy rate. That region is expected to suffer more than 45 percent of all enterprise losses from malware on pirated software, and more than 40 percent of all consumer losses.

Governments worldwide, meanwhile, this year are expected to lose some $50 billion in damages due to malware on pirated software. Government officials say they worry most about losing intellectual property and trade secrets (59 percent), unauthorized access to confidential information (55 percent), and critical infrastructure cyberattacks (55 percent).

Consumers are the obvious at-risk category for getting infected by software they buy in pirated form. They have a 33 percent chance of getting infected when they install pirated software or purchase a PC with pirated software. The National University of Singapore conducted an experiment for the report, purchasing in 11 different countries 203 PCs with pirated software. More than 60 percent of those machines were infected with malware.

BYOD is putting enterprises at risk of malware via pirated software. According to the study, 27 percent of employees install their own software on their work PCs, which accounted for 20 percent of pirated software found in those organizations. And that's just PCs -- the mass of mobile devices in use introduce yet another venue of infection via tainted apps.

"All it takes is one," Microsoft's Boscovich says. "You've got to make sure your supply chain is clean, you do BYOD updates, and that [the devices] are loaded with legitimate software" and are updated, he says.

The full report, "The Link between Pirated Software and Cybersecurity Breaches: How Malware in Pirated Software Is Costing the World Billions," is available here (PDF) for download.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2003-1598
Published: 2014-10-01
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.

CVE-2011-4624
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

CVE-2012-0811
Published: 2014-10-01
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files gene...

CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.