Kaspersky: Malware May Have an Answer in the Cloud

By Paul Rubens | May 18, 2011 | Print this Page
http://www.enterprisenetworkingplanet.com/netsecur/article.php/3933931/Kaspersky-Malware-May-Have-an-Answer-in-the-Cloud.htm

Enterprise security vendors have failed to stop the inexorable rise in cybercrime over the last few years, but cloud technology could soon have cybercriminals on the run.

That's the view of Eugene Kaspersky, the charismatic co-founder of Russian security vendor Kaspersky Labs. "I think that we can see light at the end of the tunnel," he said, speaking at the InfoSecurity 2011 conference in London last month.

Kaspersky believes that the global cloud-based threat detection and monitoring networks set up by major security vendors, including Symantec's Quorum, McAfee's Global Threat Intelligence and Trend Micro's Smart Protection Network, as well as Kaspersky's own Kaspersky Security Network, will have a significant negative impact on the profits that many cybercriminals can make from malware. And since cybercriminals are motivated by profits, this will have the effect of "reducing the load of cybercrime on the world," as Kaspersky puts it.

To get an idea of the cybercrime load the world is currently facing and how it has grown over recent years, Kaspersky offers a few statistics: In 2009 12 million new pieces of malware were discovered, while the following year this almost doubled to 20 million. And in 2007, five new pieces of malware were released onto the Internet every two minutes; by 2010 this had accelerated to one every two seconds.

The reasons for this huge jump in malware creation all stem from the fact that it has become progressively easier for criminals to make profits from cybercrime. That's simply because there are more people using online services such as banking which are easy to prey on, Kaspersky believes.

Additional factors that make cybercrime attractive to criminals are:

  • Writing malware is technically simple to do
  • Cybercrime involves no physical contact with the victims, so it is not dangerous
  • Many cybercriminals can justify their actions by adopting the belief that cybercrime is not "real" crime
  • Cybercrime is low risk: national law enforcement agencies are not well suited to catching international criminals operating overseas

But despite the huge rise in cybercrime, certain types of cybercriminal activities have declined sharply over the last few years. These include scams involving dial-up Trojans that use the victim's modem to call premium rate phone numbers, and online game fraud such as stealing game characters and property

The reason for this is fairly obvious, Kaspersky believes: very few people in Western countries still use a modem to connect to the Internet, so the opportunity to make money from dial-up Trojans has all but disappeared. As for online game fraud, Kaspersky points out that the prices that game characters and property fetch on the open market have fallen dramatically over the last few years. "What this shows is that when it comes to cybercrime, the motivation is money. When the profits from a particular type of cybercrime decline, so does the associated malware."

This may not be a particularly surprising or profound revelation, but, says Kaspersky, it does provide a clue as to how to tackle the global rise in malware. "If you want to stop cybercrime, the you have to make it less profitable." Cloud-based threat detection and monitoring systems, such as the ones that the large security vendors are putting in place, are perfectly suited to doing that, he believes.

To understand why, Kaspersky points out that a typical example of malware goes through a distinct timeline. First it is developed and placed on the Internet. Next it is distributed, often using spam email or poisoned search engine results to entice victims to click on links and download the malware. Then comes the most important stage, as far as the cybercriminal is concerned, when the malware infects a victim's machine and can then get to work generating profits in whatever way it has been designed to do.

This period in which cybercriminals can monetize the machines their malware has infected is brought to an end when anti-virus products are updated to detect and remove the infection and prevent new machines getting infected. After this point profits are significantly curtailed, and the cybercriminals are forced to move on to a new criminal initiative.

Cloud security systems can be effective in reducing the period when cybercriminals can monetize machines infected by malware from days to a matter of minutes, Kaspersky claims. How can they do this? He says their sensors can detect a new piece of malware very soon after it is placed on the web, and then block access to the website hosting the malware. The beauty of this system is that end user systems don't need to wait until new virus signatures are available. "Because cloud reaction time is much faster, it can provide protection against new malware just a few minutes after it first appears on the web," says Kaspersky.

The good news is that that means cybercriminals have a very short period of time in which to generate profits. And since malware writers are motivated by profits, this should result in a decline in common malware - just as the small number of modems left in existence has led to a significant reduction in dial-up Trojans.

The bad news, says Kaspersky, is that cloud security systems don't mean the end of all cybercrime. Firstly, they will have to become widely adopted before cybercrime profitability starts to fall. Even then, cloud systems will only be able to stop simple malware executable (.exe) files; they can do little against non-executable malware, server side polymorphic malware that changes all the time, file infectors, newer types of malware such as the ultra- sophisticated Stuxnet virus, or highly targeted attacks where a piece of malware is designed to infect a particular organization such as a bank.

But cloud security systems will still have a significant impact, he maintains. "Malware that cloud systems can't detect is much harder to develop. That means the entrance ticket for cybercriminals is much higher, and junior cybercriminals can't get involved." With the cost of entry higher, and the opportunity to make profits lower, malware-based cyber crime becomes a much less attractive proposition.

The conclusion must therefore be that cloud security technology will lead to a decline in cybercrime, Kaspersky believes. Or, as he puts it: "Happy End!"