Cloud-based security services can cut into the profitability of criminal enterprise and thin out the number of cyber-criminals operating online, according to the CEO of Kaspersky Lab.
Cloud technology can be harnessed to make it less
profitable-or at least less lucrative-to develop and distribute run-of-the-mill
malware, Eugene Kaspersky, the CEO of Moscow-based Kaspersky Lab, told eWEEK.
If developers are forced to add sophisticated features to
develop malware that can't be easily thwarted, it also raises the bar on who
can enter the malware business.
Of the more than 20 million pieces of malware detected by
Kaspersky Lab every year, a significant portion of them are considered
"typical." They are often created using readily available tool kits
or just re-skinned versions of existing malware.
Attack kits like Neosploit or Black Hole have made malware
development easy to do from a technical standpoint. As a result, practically
anyone can create common malware, such as those designed for banking fraud and
botnet creation, according to Kaspersky. "While it's not possible to stop
all of it, there are ways to make the [malware] business less profitable,"
Right now, writing malware is not only technically simple,
but also low risk because national law enforcement agencies are not well-prepared
to catch international criminals overseas. A change in the landscape that would require more technical
know-how to operate a criminal enterprise online would weed out a lot of the low-level
criminals, Kaspersky said.
Designing sophisticated malware is difficult and is possible only
for "a genius," Kaspersky said, noting that "teenagers can't
develop this kind of [sophisticated] malware."
Building on a theme he introduced at the Infosecurity Europe
event in late April, Kaspersky said cyber-criminals are primarily motivated by
money. If they see profits decline in a certain type of attack, they switch to
a more profitable line, he added.
For example, malware designed to steal resources and money
from online games used to be common a few years ago, according to Kaspersky. However,
with the glut of stolen goods on the black market, thieves are making less
The average prices criminals can get for characters and
artifacts from online games declined by about two-thirds between 2008 and 2010,
Kaspersky said. Over the same time period, the number of malware samples
targeting game fraud dropped by nearly 60 percent.
When profit declines, malware of that type also decreases,
according to Kaspersky. A recent Cisco report agreed with Kaspersky's
assessment, finding that cyber-criminals were abandoning large-scale mass spam
operations in favor of low-volume targeted attacks with bigger financial
rewards. Highlights from the report include the following:
- Returns from mass email-based attacks declined by
more than 50 percent, from
US$1.1 billion in June 2010 to $500 million in June 2011.
- Mass spam volumes plummeted
from 300 billion daily spam messages to just 40 billion between June 2010 and
- There is an
increase in spearphishing and personalized scams and malicious attacks.
- Spearphishing attacks have
increased threefold, while scams and malicious attacks have increased fourfold.