The Malware Landscape
Malware has diverse purposes. Several formidable types of malware are distributed to create criminal hosting infrastructures such as botnets that can be used to perpetrate spam or phishing campaigns, or to disrupt services or merchant activities through denial-of-service attacks. Other types of malware target personal, financial, or other sensitive information.
Malware is being fueled by several factors:
The technical sophistication and efficacy of malware have been improving substantially over recent years. Many malware variants exploit multiple vulnerabilities and bring powerful tools to leverage each compromise to extend reach beyond the initial exploit. The Solar Winds and Kaseya incidents are examples of how this pivoting reaches well beyond initial intrusions.
Malware has been openly commercialized by legitimate businesses, and the use of malware by nation states, as evidenced during events preceding and during Russia’s incursion into Ukraine, has fundamentally changed the threat landscape.
Malware actors have exploited the same high-performance technology (e.g., cloud computing) that serves global enterprises and have even adopted the as a service model for commercializing malware and ransomware attacks.
Ransomware is a particularly vicious form of extortion malware, and it is growing rapidly: a 2022 Ransomware Threat Report documents that “the average ransom demand on cases worked by Palo Alto’s Unit 42 consultants last year climbed 144% to $2.2 million, while the average payment rose 78% to $541,010.”
Financial losses, business disruption, and harm to life and limb have turned ransomware into a priority global public concern. A ComplyAdvantage State of Financial Crime Report indicates that cybercrime has overtaken fraud as the top predicate offense of concern for corporate compliance teams. In addition to the indirect costs of business and service disruption, ransomware inflicts a substantial direct financial cost in the form of ransom payments. In a recent survey, the U.S. Treasury Department’s Financial Crimes Enforcement Network identified 177 unique Bitcoin wallet addresses used for ransomware payments. Those wallets sent Bitcoin valued at $5.2 billion to known criminal entities.
These financial rewards accrue to state-supported or -sanctioned criminal enterprises as well as to ordinary criminals: malware is both a law-enforcement and a geopolitical issue. The government of North Korea, for example, engages in overtly criminal activity ranging from bank heists to the deployment of ransomware and the theft of cryptocurrency from online exchanges. In 2019, a United Nations panel of experts on sanctions against North Korea issued a report estimating that the country had raised two billion dollars through cybercrime. The nexus of state involvement and criminal enterprise is a grave concern. The Director of the U.S. Federal Bureau of Investigation, Christopher A. Wray, told The Wall Street Journal in an interview published on June 4, 2021, that the ransomware threat was comparable to the challenge of global terrorism in the days after the September 11, 2001 World Trade Center attack.[xii]
With the stakes this high, understanding — and reliably measuring — the malware landscape is among the highest priorities for members of the cybersecurity community.