Chapter 3 - Crime Areas
3.2 Malware - Future threats and developments
On 8 April 2014, Microsoft ceased support for its Windows XP operating system. Windows XP is still widely used, running on up to 25% of PCs worldwide [34] as well as embedded systems such as ATM machines. 2014/2015 will undoubtedly see an increase in infections of systems running XP as new vulnerabilities are discovered and left unaddressed. It is likely that exploit writers have been stockpiling new exploits for Windows XP, simply waiting for support to be withdrawn in order to release them onto the market at a premium rate [35]. We will inevitably see more targeted attacks on private and public sector entities still running XP. These attacks will gradually decline as it ceases to become profitable for malware developers to target an operating system used by an ever-dwindling victim-base.
We will see not only further development and refinement of cryptoware but also encryption built into many other malware variants to increase their functionality and the range of attack options available to cybercriminals with a single product. Malware developers will increasingly target other Internet enabled devices, particularly as they may not enjoy the same level of technical support or built-in security as other digital devices [36].
However, as public awareness of ransomware increases, the success rate of the malware, at least with domestic victims, will be eroded by every attacker too malicious or lazy to release the encryption key once the ransom is paid [37]. Once victims begin to believe their files will not be returned nor computers unlocked despite paying the ransom, then they may well accept their losses and pay nothing. Law enforcement should highlight this as part of any awareness campaign.
Malware is becoming increasingly ‘intelligent’. Some malware includes code to prevent it either being deployed or run in a sandbox environment, as used by malware researchers for analysis. In this way malware developers can avoid automated analysis of their product, thereby remaining undetected for longer [38]. Malware developers will continue to refine their products to make them stealthier and harder to detect and analyse.
Internet companies are increasingly employing a more liberal approach to identifying new vulnerabilities in the form of ‘bug bounties’. Many companies offer such rewards, paying security researchers up to USD 100 000 for finding flaws and vulnerabilities in their products. Such schemes will no doubt develop if ad-hoc payments to independent researchers become a more cost efficient preventative method for improving the security of a company’s products. However, just as malware development is mirroring commercial software development, exploit kit developers are also offering bounties for zero day exploits for inclusion in their kits; in October 2013, exploit writer J.P.Morgan announced a budget of USD 450 000 for the purchase of vulnerabilities [39].
Research has demonstrated a technical possibility to propagate malware via open WiFi networks [40]. Should this become a reality and be developed for criminal purposes it has the potential to have catastrophic consequences and will likely usher in a new wave of Internet and mobile security.
By 2012, mobile malware had reached a level of magnitude which PC malware had taken more than a decade to reach [41]. It is expected that, as malware developers refine their skills and become more intimately familiar with this platform, their products will become increasingly sophisticated and professional, and produced as-a-service. Mobile cryptoware is already a reality, although currently in limited circulation, however it is inevitable that more widespread variants will appear in the near future.
Internet security companies are reporting hundreds of thousands of new malware samples every single day [42]. It is likely that the current signature based methods of malware detection will be unable to cope with future malware production. We will therefore see further development of antivirus which detects malware based on abnormal activity.