Pirated Software – Compromising Cyber Security
A recent joint research study by the IDC and the National University of Singapore revealed that consumers and enterprises have a 33 per cent chance of encountering malware when they obtain and install a pirated software package or buy a PC with pirated software on it. IDC estimates that malware related issues on using pirated software could cost enterprises US$491 billion this year with nearly $127 billion in dealing with security issues and $364 billion likely to be spent on handling data breaches. Asia Pacific region will incur more than 40 per cent of worldwide consumer losses and more than 45 per cent of enterprise losses from malware on pirated software
because of its large installed base of PCs and high piracy rate. This study, sponsored by Microsoft, found that nearly 46 per cent of computers purchased from common distribution sources – such as computer specialty shops, resellers, and local markets – came with dangerous malware, including viruses, worms, Trojan horses, rootkits, and unwanted Adware. These fears are well founded. Using data from the survey and information from other sources, the costs can be quantified to consumers from malware in counterfeit software. These costs include the monetary value of time lost dealing with issues, the cost of paying professionals to help, and the cost to replace lost data or rectify identity theft.
There is a whole industry that creates and distributes malware. At the top of the malware business pyramid are the hackers who create new tools and discover new vulnerabilities. In the middle are those who offer services, like hosting the servers to send out malicious spam, or who offer exchanges for buying and selling malware and malware tools. At the bottom are the miscreants themselves, the users who want to make money from the malware or activists who want to make a point. The Malware-as-a-Service Market reacts to supply and demand. The users pay $100 – $200 a month to third parties to host their malware tools or rent access to networks of computers pre-infected with malware. The malware-producing industry is, in fact, sophisticated enough now that there are even websites offering standardised services to help malware tool and service creators set up shopping sites for customers. The growth in the demand for software will probably mean more actual pirated copies of software will be available, an ideal medium to propagate malware, and almost $315 billion will be the result of organised crime – malware launched by financially motivated criminals.
In general, consumers use more pirated software than enterprises. A large percentage of employees bring their own software along with BYOD (Bring Your Own Device) , which is often pirated, to work. The pirated software can be installed on a laptop taken home or in a smartphone, downloaded from the Internet, or even installed at work from borrowed or personal copies of pirated software. The malware on a pirated software could steal passwords, imitate a banking site, log keystrokes, redirect internet search results to dangerous sites, gather contact information and send fake emails from the computer, use the computer as part of a denial of service attack, identify and steal confidential or secret information and allow hackers free access to the system, or it could even take control of the computer or the camera on the PC and record.
Whether you are knowingly or, unfortunately, unknowingly using pirated software, you will indubitably come face to face with malware somewhere along the way. Unless the use of pirated software declines, the security threats and potential losses to consumers and enterprises will go up.
Security systems are getting better, but the criminal creators of malware are getting more sophisticated at the same time. Don’t expect the environment to get less contagious, or an antivirus program to be a magic pill. The security risks faced by users of pirated software can only increase. Cutting the use of pirated software, running frequent security updates, monitoring the use of software installed in enterprises by employees, and buying a PC from a trusted source are all good practices.
Given the impact on consumers and enterprises from malware associated with pirated software, it’s easy to draw implications for governments, as they are users of software and victims of security attacks, too. But they have the added burden of dealing not only with the consequences of their attentiveness – of lack of it – to the security risks of using pirated software, but also of the consequences of the actions of their citizens and industries.
Cut piracy and reduce your exposure to risk, data loss, and financial loss.
The losses are a lot larger than the price tag of the legitimate software it would take to replace the entire world’s pirated software. But pursuing these practices is an individual decision. Piracy rates may drop across the world over the next few years, but the growth in demand for software will probably mean more actual pirated copies of software will be available.
In other words, your chances of encountering malicious code in counterfeit software are high – whether you know it’s counterfeit or not. And the cost to individuals, enterprises, and even governments and nations can be high:lost time, money, data, and patience. The dangers from counterfeit software are real. For consumers, it is not just lost time and money to fix the problem but also the risk of lost data and identity theft. For enterprises and governments, it is time and money better spent on other things, lost business and reputation from data breaches, and threats to critical infrastructure.
(The writer is a Governance, Risk and Compliance professional and Director at Layers-7 Seguro Consultoria (Pvt) Ltd. He can be emailed at sujit@layers-7.com)