Malware might seem like just an annoyance for some — something which disrupts systems and causes downtime — but it’s a tool which lies at the very heart of cybercriminal operations, allowing organised gangs to carry out espionage, sabotage, or theft.
“It’s really important to understand the impact that malware has. It’s a massive criminal enabler that underlines most cybercrime,” said Paul Edmunds, head of technology at the National Crime Agency’s National Cyber Crime Unit, the UK’s main body aimed to fight against organised cybercrime.
While some people see malware as “a bit of a nuisance”, he said, its impact in the wider world of hacking and cyberattacks means that it’s an important feature of online crime.
“It’s an infrastructure that’s used for compromising devices to conduct most of the prominent attacks that you see,” he said. “Malware takes over millions of machines around the world and re-purpose them for whatever purpose they want — whether that’s DDoS, spoofing, or taking over the machine.”
Indeed, major cybercriminal campaigns such as banking Trojans, ransomware attacks, and even nation-state level cyberespionage have all seen malware distribution to the target as one of the first stages.
Malware shouldn’t be underestimated as if it’s just the work of script-kiddies doing it for fun or to show off — it’s the basis of an entire criminal business.
“It’s huge and it’s an industry, and it’s a really mature industry. A lot of this software has instructional videos, software updates, patches with teams working on it making new releases when new versions of operating systems come out in order to keep functionality going,” said Edmunds.
Of course malware isn’t the only attack vector used to carry out cybercrime — but if you can install a Trojan on the computer or smartphone of a target, then it makes carrying out espionage, picking out targets, and knowing when and who to strike that much easier.
Ultimately, warned Edmunds, nobody is safe from cyberattackers or compromise especially as certain groups of cyberattackers are likely to be using high-level malware and exploits.
“You can bet your bottom dollar that most of the high profile gangs will have known about these and used them,” he said.
Large swathes of malware are distributed through phishing emails and malicious attachments. Edmunds previously has spoke of how these spam emails could be eradicated for good, thus going a long way to solving a problematic issue.
READ MORE ON CYBERCRIME
Source: SANS ISC SecNewsFeed @ May 4, 2017 at 07:54AM