A Cybercrime Gang-Software Pirate Mash-Up
New report illustrates lucrative market for malware-riddled, pirated software -- and the cost to enterprises
March 19, 2014
Cybercrime gangs are always looking for new revenue streams, so it should come as no surprise that they are using pirated software as yet another way to make money.
The explosion in bring-your-own devices coming to work every day has exposed enterprises to pirated and tainted software. A new report published today by IDC and the National University of Singapore found that organized crime is costing enterprises worldwide more than $315 billion a year, as they become more and more exposed to pirated software rigged with malware. The report projects that businesses worldwide will spend close to $500 billion this year to clean up and recover from pirated software infected with malware that makes its way into their organizations. Those costs break down to $127 billion for security issues and another $364 billion in costs of data breaches linked to the tainted software.
The study, which was commissioned by Microsoft, attributes two-thirds of those losses -- $315 billion -- to criminal organizations profiting from pirated, tainted software.
"It's not surprising to me that there are a lot of losses" with pirated software, says John Gantz, senior vice president at IDC. "I'm surprised we [as an industry] didn't realize before that criminal organizations would be there."
David Finn, associate general counsel and executive director of the Microsoft Cybercrime Center, says one of the most violent drug cartels in Mexico, La Familia, made more than $2 million a day just from illegally distributing Microsoft software. "Just as they put their logo on cocaine, they put their logo on counterfeit Microsoft software," Finn says. "It's another revenue stream for them, and probably a more secure one from their perspective" that is less risky, he says.
It's all about following the money and diversifying their business model, he says.
Pirated products -- software as well as movies and pictures -- are interconnected with the criminal world, says Richard Domingues Boscovich, assistant general counsel for Microsoft's Digital Crimes Unit. Pirated software is "a delivery mechanism for malware," he says.
The bad guys make money selling the counterfeit software, plus if their sale results in a new bot machine. "They have the opportunity to profit twice," Finn says. "The victimize the user, but then that machine can become part of a botnet that victimizes other people."
Some regions are suffering more than others, of course: The Asia-Pacific region, which has both a massive number PCs due to its high population, also has a high software piracy rate. That region is expected to suffer more than 45 percent of all enterprise losses from malware on pirated software, and more than 40 percent of all consumer losses.
Governments worldwide, meanwhile, this year are expected to lose some $50 billion in damages due to malware on pirated software. Government officials say they worry most about losing intellectual property and trade secrets (59 percent), unauthorized access to confidential information (55 percent), and critical infrastructure cyberattacks (55 percent).
Consumers are the obvious at-risk category for getting infected by software they buy in pirated form. They have a 33 percent chance of getting infected when they install pirated software or purchase a PC with pirated software. The National University of Singapore conducted an experiment for the report, purchasing in 11 different countries 203 PCs with pirated software. More than 60 percent of those machines were infected with malware.
BYOD is putting enterprises at risk of malware via pirated software. According to the study, 27 percent of employees install their own software on their work PCs, which accounted for 20 percent of pirated software found in those organizations. And that's just PCs -- the mass of mobile devices in use introduce yet another venue of infection via tainted apps.
"All it takes is one," Microsoft's Boscovich says. "You've got to make sure your supply chain is clean, you do BYOD updates, and that [the devices] are loaded with legitimate software" and are updated, he says.
The full report, "The Link between Pirated Software and Cybersecurity Breaches: How Malware in Pirated Software Is Costing the World Billions," is available here (PDF) for download.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024