NUS Study: Cybercriminals exploit pirated software to fuel malware infections in Asia-Pacific

Infographic: Cyber security risks from non-genuine Software

RELATED CONTENTS:
	Cyber-attacks have become a fact of life
	Local firms learn the importance of cyber security
	Bank security lacking: SBV

The study, which aims to quantify the link between software piracy and malware infections in Asia-Pacific, discovered that 100 per cent of the websites that host pirated software download links expose users to multiple security risks, including advertisements with malicious programs. Among other findings, it also found that 92 per cent of new computers installed with non-genuine software are infected with dangerous malware.

“The study’s findings all point to the fact that uncontrolled and malicious sources of pirated software, particularly on the Internet, are being converted into effective means of spreading malware infections. And what we would like to achieve with this report is to help users recognise that the personal and business risks and financial costs are always much higher than any perceived costs they save from using non-genuine software,” said associate professor Biplab Sikdar from the Department of Electrical and Computer Engineering at NUS Faculty of Engineering, who led the study.

Software piracy is a recognised global problem and three in five personal computers (PCs) in Asia Pacific were found to be using non-genuine software in 2016. However, using pirated software expose users to a plethora of cyber threats.

“Hackers and organised cybercriminals today are adept at exploiting information technology vulnerabilities and human errors to compromise computers for malicious and financial gains at the expense of organisations and individuals. Cybercrime is predicted to cost the global economy an estimated US$6 trillion by 2021,” said Keshav Dhakad, assistant general counsel and regional director at the Digital Crimes Unit (DCU) of Microsoft Asia.

“While cybersecurity defenses continue to evolve, users are slow at adapting, whereas cybercriminals are constantly advancing their attack vectors (malware strains) and delivery mechanisms. Piracy of software is increasingly becoming a key vehicle for cybercriminals to exploit computer vulnerabilities and breach security measures with ease,” he added.

The new study analysed 90 new laptops and computers as well as 165 software CDs/DVDs with pirated software. The samples were randomly purchased from vendors that are known to sell pirated software from across eight countries in Asia - Malaysia, Indonesia, Thailand, Vietnam, Sri Lanka, Bangladesh, South Korea, and Philippines.

Researchers also examined 203 copies of pirated software downloaded from the Internet. This aligns with the trend where software is increasingly being acquired through online downloads channels. Each of these samples was thoroughly investigated for the presence of malware infections using seven anti-malware engines – AVG AntiVirus, BitDefender Total Security, IKARUS anti.virus, Kaspersky Anti-Virus, McAfee Total Protection, Norton Security Standard, and Windows Defender.

Key findings

One of the most alarming insights from this report is the multitude of risks that users are expose to when they visit websites that offer pirated software downloads. The study found that 100 per cent of tested torrent hosting websites opened with multiple popup windows with suspicious advertisements. Many of these contain links that download malware when clicked or show objectionable content such as pornography.

A NUS researcher investigating a website that offers pirated software downloads

In addition, the researchers encountered the following risks and suspicious behaviours when downloading and installing pirated software found on peer-to-peer networks:

34 per cent of the downloaded pirated software came bundled with malware that infect the computer once the download is complete or when the folder containing the pirated software is opened.

31 per cent of the downloaded pirated software did not complete installation which suggests other motives behind their presence on torrent hosting websites. These misleading torrents either tricked users into downloading malicious programs or are used to increase the traffic to the torrent hosting sites which subject the visitor to malware and unwanted advertisements.

24 per cent of the malicious programmes bundled with the pirated software downloads deactivated the anti-malware software running on the computer. Once the anti-malware engine is blocked, the downloaded malware installs itself on the computer.

18 per cent of these installations prompt users to change default settings on browsers and install add-on toolbars during installation. These changes to the browser settings lead to new home pages and default search engine as well as unwanted toolbars.

12 per cent of these installations require users to contact additional websites to complete the process. This is often portrayed as steps to obtain the license keys or “cracks” needed to activate the pirated software, and they can lead to popups and additional malware exposure.

The study also found that 92 per cent of new and unused computers that had pirated software installed were pre-infected with malware. These computer samples were purchased from vendors that are known to sell non-genuine software.

The presence of malware in these computers is concerning as end-users expect these devices to be risk free. They might be less vigilant in checking for cyber threats and monitoring for suspicious activities that may alert them that their computer has been compromised.

On the other hand, out of the 165 DVDs and CDs samples acquired for this report, three in five (61 per cent) contained malware. Infected discs contained an average of five pieces of malicious programs. In some cases, as many as 38 malware instances were found in just one DVD.

A researcher sorting the CD and DVD samples acquired for this study

The researchers also observed that a number of pirated anti-virus software were embedded with malware. Using these compromised, non-genuine security programs not only infect the computer, but also lull users into a sense of complacency, which may lead to further exploitation of the computers and the users’ data and information.

The study found close to 200 malware strains in all the samples. Among those, Trojans were the most common category of high-risk cyber threats encountered, with a total of 79 unique Trojans malware strains. They also comprise 51 per cent of all malware found embedded in downloaded pirated software.

While Trojans usually depend on social engineering to trick or mislead users into executing them, bundling them with pirated software make it easier for cybercriminals to compromise PCs. Once a Trojan is active on an infected computer, it installs a backdoor for hackers to access and command the device. This allows cybercriminals to steal confidential information, modify firewall setting, and delete or encrypt data.

An enormous range of worms, viruses and droppers, which were created for stealing information and taking control of their host computers were also found in the samples. These malicious programs can replicate without human intervention and have the capability to spread more rapidly.

“Pirated software are effective malware carriers as cybercriminals are able to tamper the programs and embed malicious programs with files that autorun or are used for setup. This greatly increases the likelihood of the malware being executed on the computers and spread further in the network,” said professor Biplab.

“Although the risk of contracting malware through all sources of pirated software is high, the online medium is turning out to be a more potent infection vector. It not only provides cybercriminals with the scale to attack anybody, anywhere, anytime, it also allows them to easily camouflage their malicious activities and attack remotely. This makes them harder to be detected and stopped.”

Best IT/cyber-hygiene practices for individuals, small businesses and organisations

Pirated software remains a lucrative revenue stream for many cybercriminals and unscrupulous vendors. The Asia-Pacific commercial market of non-genuine software has hit a high of $19 billion in 2016.

The most effective defense against malware from pirated software is to use genuine software products. Consumers and small businesses can further protect themselves from pirated and counterfeit software as well as malware with the following best practices:

• Source and buy your computers and laptops from reputable vendors.

• Always insist on genuine software from your vendors and opt for computers which come pre-installed with genuine software by hardware manufacturers.

• When purchasing a computer, always request for an invoice which clearly calls out the software title and version which has been installed on the machine.

• Keep your software current with latest product updates and security patches, and strengthen your security posture by having a strong anti-virus software.

• Do not use old operating systems such as Windows XP which have reached their end of life.

For enterprises and government organisations, there are also several recommendations they can consider to build a stronger stronger IT security ecosystem.

• Augment basic identity management systems with multi-factor authentication mechanisms to achieve greater levels of trust.

• Organisations should ensure that their software and operating systems are regularly updated and all security patches are applied immediately on release.

• All older and unsupported versions of software are recommended to be retired immediately once the modern and secure versions are available.

• All computing devices in an organisation should be protected with a robust and reputable anti-malware solution. The anti-malware definitions should be updated every day to ensure up to date protection against cyberthreats.

• Train employees on safe cyber practices and educate them on the importance of using trusted software platforms.

“Organisations need to recognise that cybersecurity is no longer just a protector of online assets, it is also a critical business enabler. The KPMG 2017 CEO Outlook survey found that a significant proportion of CEOs (71 per cent) saw their investment in cyber as an opportunity to find new revenue streams and innovate, rather than as an overhead cost,” said Daryl Pereira, head of Cyber Security at KPMG in Singapore.

“However, cybersecurity vulnerability is at an all-time high – the 2017 Harvey Nash/KPMG CIO Survey found that a third of IT leaders’ organisations (32 per cent) had been subject to a major cyber-attack in the past 24 months. Establishing a solid foundation for cyber-hygiene is vital to the success of any digital transformation journey. For example, organisations need to embed “security by design” into their business processes and product designs right from the outset, and staff must be trained to recognise malware attacks and the need to use trusted software platforms. Without a “cybersecurity-ready” mindset becoming part of your business DNA, it will be challenging for any company to innovate and stay relevant in today’s digital age.”