NUS Study: Cybercriminals Exploit Pirated Software to Fuel Malware Infections in Asia Pacific

19:59 | 21/06/2017 Information Technology

The National University of Singapore (NUS) Faculty of Engineering today released the results of its new study, “Cybersecurity Risks from Non-Genuine Software”, which found that cybercriminals are compromising computers by embedding malware in pirated software and the online channels that offer them. The study was commissioned by Microsoft.

Keshav Dhakad, Assistant General Counsel & Regional Director, Digital Crimes Unit (DCU), Microsoft Asia

The study, which aims to quantify the link between software piracy and malware infections in Asia Pacific, discovered that 100% of the websites that host pirated software download links expose users to multiple security risks, including advertisements with malicious programs. Among other findings, it also found that 92% of new computers installed with non-genuine software are infected with dangerous malware.

“The study’s findings all point to the fact that uncontrolled and malicious sources of pirated software, particularly on the Internet, are being converted into effective means of spreading malware infections. And what we would like to achieve with this report is to help users recognize that the personal and business risks and financial costs are always much higher than any perceived costs they save from using non-genuine software,” said Associate Professor Biplab Sikdar from the Department of Electrical & Computer Engineering at NUS Faculty of Engineering, who led the study.

Pirated Software is a Major Source for Malware Infections

Software piracy is a recognized global problem and three in five personal computers (PCs) in Asia Pacific were found to be using non-genuine software in 2016. However, using pirated software expose users to a plethora of cyber threats.

“Hackers and organized cybercriminals today are adept at exploiting information technology vulnerabilities and human errors to compromise computers for malicious and financial gains at the expense of organizations and individuals. Cybercrime is predicted to cost the global economy an estimated US$6 trillion by 2021”, said Keshav Dhakad, Assistant General Counsel & Regional Director, Digital Crimes Unit (DCU), Microsoft Asia.

While cybersecurity defenses continue to evolve, users are slow at adapting, whereas cybercriminals are constantly advancing their attack vectors (malware strains) and delivery mechanisms. Piracy of software is increasingly becoming a key vehicle for cybercriminals to exploit computer vulnerabilities and breach security measures with ease.”

Key Insights from the Cybersecurity Risks from Non-Genuine Software Report

The new study analyzed 90 new laptops and computers as well as 165 software CDs/DVDs with pirated software. The samples were randomly purchased from vendors that are known to sell pirated software from across eight countries in Asia - Malaysia, Indonesia, Thailand, Vietnam, Sri Lanka, Bangladesh, South Korea, and Philippines.

Researchers also examined 203 copies of pirated software downloaded from the Internet. This aligns with the trend where software is increasingly being acquired through online downloads channels. Each of these samples was thoroughly investigated for the presence of malware infections using seven anti-malware engines – AVG AntiVirus, BitDefender Total Security, IKARUS anti.virus, Kaspersky Anti-Virus, McAfee Total Protection, Norton Security Standard, and Windows Defender.

Here are some key insights from the study:

  1. Traversing the Malware Minefield – Downloading and Installing Pirated Software from the Internet

One of the most alarming insights from this report is the multitude of risks that users are expose to when they visit websites that offer pirated software downloads. The study found that 100% of tested torrent hosting websites opened with multiple popup windows with suspicious advertisements. Many of these contain links that download malware when clicked or show objectionable content such as pornography.

In addition, the researchers encountered the following risks and suspicious behaviors when downloading and installing pirated software found on peer-to-peer networks:

  • 34% of the downloaded pirated software came bundled with malware that infect the computer once the download is complete or when the folder containing the pirated software is opened.
  • 31% of the downloaded pirated software did not complete installation which suggests other motives behind their presence on torrent hosting websites. These misleading torrents either tricked users into downloading malicious programs or are used to increase the traffic to the torrent hosting sites which subject the visitor to malware and unwanted advertisements.
  • 24% of the malicious programs bundled with the pirated software downloads deactivated the anti-malware software running on the computer. Once the anti-malware engine is blocked, the downloaded malware installs itself on the computer.
  • 18% of these installations prompt users to change default settings on browsers and install add-on toolbars during installation. These changes to the browser settings lead to new home pages and default search engine as well as unwanted toolbars.
  • 12% of these installations require users to contact additional websites to complete the process. This is often portrayed as steps to obtain the license keys or “cracks” needed to activate the pirated software, and they can lead to popups and additional malware exposure.
  1. Brand New Computers with Pirated Software – Unused but not Uninfected

The study found that 92% of new and unused computers that had pirated software installed were pre-infected with malware. These computer samples were purchased from vendors that are known to sell non-genuine software.

The presence of malware in these computers is concerning as end-users expect these devices to be risk free. They might be less vigilant in checking for cyber threats and monitoring for suspicious activities that may alert them that their computer has been compromised.

A researcher sorting the CD and DVD samples acquired for this study

  1. Pirated Software in DVDs/CDs – The Classic and Effective Malware Infection Source

Out of the 165 DVDs and CDs samples acquired for this report, three in five (61%) contained malware. Infected discs contained an average of five pieces of malicious programs. In some cases, as many as 38 malware instances were found in just one DVD.

The researchers also observed that a number of pirated anti-virus software were embedded with malware. Using these compromised, non-genuine security programs not only infect the computer, but also lull users into a sense of complacency, which may lead to further exploitation of the computers and the users’ data and information.

The study found close to 200 malware strains in all the samples. Among those, Trojans were the most common category of high-risk cyber threats encountered, with a total of 79 unique Trojans malware strains. They also comprise 51% of all malware found embedded in downloaded pirated software. While Trojans usually depend on social engineering to trick or mislead users into executing them, bundling them with pirated software make it easier for cybercriminals to compromise PCs. Once a Trojan is active on an infected computer, it installs a backdoor for hackers to access and command the device. This allows cybercriminals to steal confidential information, modify firewall setting, and delete or encrypt data.

An enormous range of worms, viruses and droppers, which were created for stealing information and taking control of their host computers were also found in the samples. These malicious programs can replicate without human intervention and have the capability to spread more rapidly.

“Pirated software are effective malware carriers as cybercriminals are able to tamper the programs and embed malicious programs with files that autorun or are used for setup. This greatly increases the likelihood of the malware being executed on the computers and spread further in the network,” said Assoc Prof Biplab.

“Although the risk of contracting malware through all sources of pirated software is high, the online medium is turning out to be a more potent infection vector. It not only provides cybercriminals with the scale to attack anybody, anywhere, anytime, it also allows them to easily camouflage their malicious activities and attack remotely. This makes them harder to be detected and stopped.”

Pirated software remains a lucrative revenue stream for many cybercriminals and unscrupulous vendors. The Asia Pacific commercial market of non-genuine software has hit a high of US$19 billion in 2016.

The most effective defense against malware from pirated software is to use genuine software products. Consumers and small businesses can further protect themselves from pirated and counterfeit software as well as malware with the following best practices.

  • Source and buy your computers and laptops from reputable vendors.
  • Always insist on genuine software from your vendors and opt for computers which come pre-installed with genuine software by hardware manufacturers.
  • When purchasing a computer, always request for an invoice which clearly calls out the software title and version which has been installed on the machine.
  • Keep your software current with latest product updates and security patches, and strengthen your security posture by having a strong anti-virus software.
  • Do not use old operating systems such as Windows XP which have reached their end of life.

For enterprises and government organizations, there are also several recommendations they can consider to build a stronger stronger IT security ecosystem.

  • Augment basic identity management systems with multi-factor authentication mechanisms to achieve greater levels of trust.
  • Organizations should ensure that their software and operating systems are regularly updated and all security patches are applied immediately on release.
  • All older and unsupported versions of software are recommended to be retired immediately once the modern and secure versions are available.
  • All computing devices in an organization should be protected with a robust and reputable anti-malware solution. The anti-malware definitions should be updated every day to ensure up to date protection against cyberthreats.
  • Train employees on safe cyber practices and educate them on the importance of using trusted software platforms.

“Organizations need to recognize that cybersecurity is no longer just a protector of online assets, it is also a critical business enabler. The KPMG 2017 CEO Outlook survey found that a significant proportion of CEOs (71%) saw their investment in cyber as an opportunity to find new revenue streams and innovate, rather than as an overhead cost,” said Daryl Pereira, Head of Cyber Security, KPMG in Singapore.

“However, cybersecurity vulnerability is at an all-time high – the 2017 Harvey Nash/KPMG CIO Survey found that a third of IT leaders’ organizations (32%) had been subject to a major cyber-attack in the past 24 months. Establishing a solid foundation for cyber-hygiene is vital to the success of any digital transformation journey. For example, organizations need to embed “security by design” into their business processes and product designs right from the outset, and staff must be trained to recognize malware attacks and the need to use trusted software platforms. Without a “cybersecurity-ready” mindset becoming part of your business DNA, it will be challenging for any company to innovate and stay relevant in today’s digital age.”

Download the infographic for the report here.

Nam Phương