Blog Catch Me If You Can: The Changing Faces of Malware

Bromium Web of Profit Catch Me If You Can

November 14, 2018 Category: Web of Profit By: Dr Michael McGuire Comments: 0

Catch Me If You Can: The Changing Faces of Malware

  • The reappearance of malware variants shows how platform criminality is enabling hackers to teach old code new tricks
  • The security industry and authorities need to work together to understand how platforms are being used to resurrect malware

New malware is constantly emerging into the ever-growing threat landscape, and the diversity and number of attacks that organizations need to defend against are multiplying. But “new” malware is very rarely new. As detailed by my report on the Web of Profit, platform criminality — the development of criminal platforms and marketplaces which mirrors their legitimate counterparts — has created a vast economy that makes it dangerously easy to share both code and knowledge. Innovation in cybercrime is becoming too fast for authorities to keep up, and a Catch Me If You Can scenario has emerged. Instead of starting from scratch, hackers are taking old malware and giving it a new face, or new technique, to help breach security.

The many faces of malware

Much like the con artist Frank Abagnale, whose story inspired the 2002 movie “Catch Me If You Can,” malware can continue to reappear, donning new disguises and pseudonyms. A great example of this is McAfee’s report on the discovery of OceanSalt, which reused the SeaSalt code from 2010. The original creators gained infamy after executing a series of successful attacks on more than 100 US companies, but the group went dark in 2013 after being exposed. The reappearance of the code does not necessarily mean the group is back, but it demonstrates that malware can long outlive its creators and be repurposed for new attacks.

Platform criminality is aiding this cycle of innovation, helping to create “new” versions of old malware in rapid succession. Authorities have barely defeated one threat before another pops up. Authorities and organizations must stop firefighting each attack as it arises. Instead, they must work towards understanding the nature of cybercrime in its entirety and look at the origins of attacks.

Platform criminality fuels innovation

A crucial step in understanding cybercrime is recognizing that it is a sophisticated market modeled from legitimate online platforms and marketplaces. Just as items can be bought and sold online at a click of a button, so can malware. Buying malicious code on illicit online marketplaces can cost relatively little. The average malware exploit kit costs as little as $200. Compared with the monetary gain that can be made from just one attack, it’s clear that the return far outweighs the cost.

There are also plenty of forums that share this knowledge, either on the Dark Web or sites like Reddit. These forums provide a community for hackers to discuss malware and attack techniques. Essentially, these can act as a training ground for hackers, providing a catalyst for the creation of new attacks. Platform criminality is enabling both innovation and collaboration, allowing malware to be continually reinvented, and this is never going to slow down.

Knowledge is power

The sophisticated nature of platform criminality has created an environment where hackers can easily buy, sell and repurpose malicious code. This has created a way for malware to be immortalized and returned to terrorise organizations. If we’re going to hold our ground against cyber attacks, then we must transform our approach. Organizations, the security industry and authorities need to work together to understand the online platforms that allow criminal innovation to be so easy. Fighting each individual attack as it arises does nothing for the long-term battle against cybercrime. For any real impact, we need to disrupt the platforms that facilitate success. Only when we have a full understanding of the nature of these platforms can we begin to disrupt them and close in on the elusive digital Frank Abagnales of the cybercrime world.

To learn more about platform criminality, download the Into the Web of Profit report here.

About the Author

Dr Michael McGuire

Dr Michael McGuire
Surrey Crime Research Lab

Recent Posts

2018-12-21T14:29:25-07:00November 14th, 2018|Web of Profit|

Leave A Comment

See Bromium in Action

Request a demo and see how Bromium isolation will put an end to malware and attacks once and for all.

Request a Demo

By continuing to use the site, you agree to the use of cookies. More information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.