Sponsored

The business of malware

Malware isn’t just bad software but the focus of a growing criminal industry. Find out how it works, and how it’s making millions

If you think malware is the product of a bunch of hackers hoping to cause some disruption or make a fast buck, think again. These days, malware is a mature and growing business a serious criminal enterprise involving networks of developers and criminal organisations. Right now, there are teams working on new malware kits and exploits with the aim of selling them on to groups and organisations, so that they can use them for their own criminal or political ends. This is a global industry worth millions or even billions of dollars, and one that touches more and more of us every year.

Advertisement - Article continues below

How, then, do the authors and users of malware make their money? Well, on the one hand you have the various fraudulent or otherwise criminal ways that cybercriminals extract money, either from ordinary members of the public or from businesses and public services. On the other hand, you have a maturing underground service industry that's providing products and cyber-capabilities to other criminals, gangs and even nation states. Between them, they've created a powerful malware ecosystem; one built to exploit every opportunity in an increasingly connected, always-online world.

Making money from Malware

From ransomware to extortion to advertising rackets and straight-up theft, there's no shortage of ways that cybercriminals can put malware to use.

Advertisement
Advertisement - Article continues below
  • Identity theft and financial crime: While a growing amount of bank account and credit card theft involves phishing attacks or social engineering, Trojans, keyloggers and other forms of spyware still played a part in the 5.4billion lost in the UK through identity theft every year. Cybercriminals use these malware tools to recover log-in credentials and either steal money directly from your bank account or order goods and services for themselves. They may also use your identity to set-up new loans or credit agreements in your name.
Advertisement - Article continues below
  • Partner networks and shopping fraud: Here browser hijackers and other forms of adware continuously direct or redirect you to sites that sell goods or services. In some cases these are actual stores selling software, services or actual goods. In other cases, they're offering  counterfeit goods or incredible but non-existent bargains in the hope of stealing your payment card information along the way. Either those behind the stores distribute the malware, or rely on the services of a third-party distributor who gets paid for the traffic they bring in.
  • Click fraud: With click fraud the aim isn't so much to defraud affected users as to defraud online media and advertising networks. Malware is used to create a botnet' of infected PCs, mobile devices or increasingly simpler connected devices such as routers, IP cameras and Internet of Things (IoT) devices. The bots then click' on online adverts, boosting revenue for the blog or website that hosts them. New variants do the same thing for Twitch channels, with the botnets watching streams to boost a channel's cashflow or chatting in a channel's chat section.
Advertisement - Article continues below
  • Fake security: In this variant of the classic shoeshine scam, malware or an infected website informs end-users they have malware, then charges for a tool to get rid of it. As you might guess, the tool actually includes more malware, which may be used to infect other systems on the network or for identity theft.
Advertisement
Advertisement - Article continues below
  • Extortion: Now we're onto big-time criminal activity. In some cases, criminals may create or rent a botnet to unleash a coordinated Distributed Denial of Service (DDoS) attack on a company, threatening disruption to their business unless a fee is paid. In other cases they may use malware to infiltrate a network and steal corporate or personal data, threatening the business with exposure unless it pays up.
  • Ransomware: Arguably the biggest growth area in modern malware. Ransomware infiltrates a system and then blocks access to the system and/or encrypts vital data. To get their systems and data back again, the company or user has to pay a fee, which may be anywhere between $100 to $400 (75 to 300) for an individual user to several million for a large corporation. A 2015 study by TrustWave claimed that cybercriminals using ransomware could earn up to $90,000 (67,000) a month, while 2017 research from Google suggests that global profits from ransomware had reached $2.5million (1.86million) per month over the last two years. Hit the right target, and the payout could be even bigger. In June 2017 Nayana, the South Korean webhost, agreed to pay a $1million (750,000) ransom to unlock its computers.
Advertisement - Article continues below

Malware as a Service

The criminals that put malware to direct use are supported by a fast-growing industry of hackers and developers that provide malware services, either through Darknet forums and marketplaces or through underground websites that, with surprising polish, offer malware and associated services in the same way that a legitimate business might sell webhosting or cloud storage. Some even offer after-sales service, helpdesks and customer support.

Beyond criminals, there's even evidence that some nations or their security services pay for malware or hackers' services, either for espionage or as a means of disrupting other nations. For instance, it's widely believed that the North Korean and Russian governments have sponsored malware used to attack businesses or utilities in South Korea and the Ukraine.

Advertisement
Advertisement - Article continues below

These services might include:

  • Ransomware kits: Want to get started in the ransomware racket, but don't have the technical skills to build your own? You can buy an off-the-shelf kit with an easy-to-use dashboard and start your attacks straight away. Kits might cost anywhere between $175 and $6,000 (130 to 4500), but that's a small investment if you can achieve a $90,000 (67,000) monthly turnover. Alternatively, the Ransomware creator may simply want a percentage of the ransom, using affiliate schemes like those used by legitimate Web businesses. It's estimated that some schemes, like those based on the Cerber ransomware family, have netted the original developers an average of $1million (750,000) p.a.
Advertisement - Article continues below
  • Malware Kits and Exploitkits: Malware developers make a lot of money developing toolkits for criminal use. Malware Kits come with the files and instructions needed to package malware in documents or emails. Exploit Kits are designed to sit on a compromised site or a webserver, then scan any systems that connect to that server for any vulnerabilities that can be used to infect that system with malware. Some kits are available for purchase, while others may be rented, with upgrades and support thrown in, for hundreds of dollars per month.
  • Botnet herding: Here, malware is used to create, manage and control multiple botnets, which the malware service provider can then sell or lease to interested parties. Many will be used for targeted DDoS attacks, brute-force hacking attempts, spam distribution or click fraud and Twitch fraud. Renting out a botnet could bring in anywhere between $200 (150) and $2000 (1500) a month, depending on the number and capabilities of the bots. At one point Georg Avanesov, mastermind of the Bredolab botnet, was earning over 100,000 Euros (at the time 80,000) a month.
Advertisement - Article continues below

Malware is a big business with opportunities for massive profits, so it's no wonder that the developers, hackers and criminals involved put so much effort into targeting businesses and individuals and the applications that they use. It's also why it's so important that organisations protect themselves with the right network and endpoint security strategy; one that protects their systems against infection and enables them to recover quickly from attacks. After all, when malware is a growing industry, you don't want your business to fuel its growth.

Find out how to keep your business safe from hackers like The Wolf...

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement
Advertisement

Recommended

Malware attacks using machine identities doubled in 2019
cyber security

Malware attacks using machine identities doubled in 2019

4 Aug 2020
Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020
British teenager charged over Twitter hack
hacking

British teenager charged over Twitter hack

3 Aug 2020
Mid-year report says vulnerabilities up 22% in 2020
hacking

Mid-year report says vulnerabilities up 22% in 2020

30 Jul 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020
Labour Party donors caught up in Blackbaud data breach
data breaches

Labour Party donors caught up in Blackbaud data breach

31 Jul 2020