The number of new malware strains fell for the first time in 2015, but it wasn’t all good news as cyber-criminals have begun to use other techniques to get the same results, according to Kaspersky Lab.
The Moscow-based AV firm claimed that malware reached saturation point this year, with the number of new files detected by its products dropping by 15,000—from 325,000 in 2014 to 310,000.
Kaspersky Lab researchers believe the reason for this drop off is that the cyber-criminals behind such malware think they can get a better RoI from other strategies.
The vendor claimed that this new approach is working, with the volume of users attacked increasing by 5% in 2015 despite the drop in new malware files detected.
The truth is that rootkits, bootkits, replicating viruses and the like take time and money to develop, and run the risk of being detected by increasingly advanced security tools—all of which cuts revenue and margins for cybercrime enterprises, Kaspersky Lab argued.
Despite a rapid increase in new malicious files—from 200,000 in 2012 to 315,000 the following year—things then began to slow down as other techniques were tried out. In 2014 the year-on-year increase in new malware files was down to 10,000.
These new strategies include the promotion of adware—technically more ‘nuisance’ than ‘harmful’ but with the potential to make the cyber-criminal significant sums.
They’ve also been increasingly looking to use either bought or stolen legal digital certificates in order to fool security software to let them through.
Head of the anti-malware team at Kaspersky Lab, Vyacheslav Zakorzhevsky, claimed cybercrime had lost some of its ‘romance’ as a result.
“Today, malware is created, bought and resold for specific tasks. The commercial malware market has settled, and is evolving towards simplification,” he argued.
This trend is also being observed among those responsible for targeted attacks, he claimed.
Kevin Bocek, chief security strategist at Venafi, agreed that the most urgent new security threat is the growing misuse of cryptographic keys and certificates.
“Keys and certificates provide the foundation of trust on the internet. But thanks to complexity in IT, lack of protections, and rise in automated collection by trojans it is becoming much easier for hackers to gain access to them,” he told Infosecurity.
“Once they do, they can appear ‘trusted’ inside businesses and wreak havoc to their IT systems whilst remaining totally undetectable.”
Bocek claimed cybercriminals are able to buy and sell keys and certs at will on the darknet, predicting that they will soon turn their attention to taking control of IoT devices to blackmail companies.
Photo © PinkBlue