All this specialization and market interaction is trouble enough today but what might be around the corner? One worry is the automation of development for new malware variants. Using machine learning techniques on par with those employed by defenders to identify and take apart malware, attackers could churn out thousands of functionally distinct samples a day. No longer the small changes designed to fool intrusion detection and prevention systems, these variants could each vary in purpose and design, overwhelming defenders. Groups might offer these automated assembly lines up for rental or sale to the highest bidder with competition driving innovation in new features and capabilities.
Currently, few malware kits and tools target embedded systems like DVRs or automobiles, but that is going to change. As disruptions like the Mirai botnet show, the Internet of Things is a large and growing underbelly to the digital landscape that’s proving incredibly vulnerable. As participants in the malware markets find ways to monetize this vulnerability, the stakes will go up. Imagine ransomware that locks you out of your car, your house, or a critical medical device like a dialysis machine. Now consider what it looks like when the tools used to build that ransomware are leaked and available all over the internet.
What is the Future of the Malware Markets?
Key Trends
Increased Use of Encryption
As attackers find new ways to encrypt their malicious payloads and even whole malware packages, defenders may find it more difficult to analyze and defeat this software. Coupled with the threat of massive automated malware creation, improvement in obfuscation techniques could substantially lower the percentage of samples information security firms can analyze.Attackers Outpacing Defenders
Improved machine learning techniques could allow malware authors to produce hundreds of thousands of new version of their code each day. Each new variant might come with a different design and new functions, inundating defenders. Machine learning is used on defense as well, aiding with malware identification and forensics. The question is, who can integrate these tools and adapt faster?The Internet of Insecure Things
As the internet of things becomes more widespread, ever more important systems will be vulnerable to manipulation and compromise for money. The ransomware scourge could grow doubly worse as criminals move from targeting laptops and hard drives to cars and industrial equipment.Continued Human Error
As has long been the case, humans will remain the weak link. Though new products and research is helping people make better security decisions, or take them out of the loop altogether, cyber crime will still find plenty of take advantage of.Conclusion
In the end, the malware markets are a way of describing the interactions of states, companies, criminals, and individuals across the world. Attackers and defenders participate, chasing vulnerability information and profit across the wire. Understanding more about these markets can help underline the importance of high-profile arrests and convictions but demonstrate how difficult truly shuttering them can be.
About this Project
Authors
Brian de Luna is a data scientist at Airbnb. He has done a range of side projects that include data visualizations and analyses on topics ranging from malware markets to venture capital funding.
Brian de Luna is a data scientist at Airbnb. He has done a range of side projects that include data visualizations and analyses on topics ranging from malware markets to venture capital funding.
Luke Heine is a director at the Lab for Entrepreneurship and Development at the Harvard Institute of Quantitative Science. His research includes how risk is legitimised by capital and the bottlenecks of cluster formation.
Luke Heine is a director at the Lab for Entrepreneurship and Development at the Harvard Institute of Quantitative Science. His research includes how risk is legitimised by capital and the bottlenecks of cluster formation.
Trey Herr was a fellow in the Cybersecurity Initiative and formerly with the Belfer Center's Cyber Security Project at the Harvard Kennedy School. His work focuses on trends in state developed malicious software, the structure of criminal markets for malware components, and the proliferation of malware.
Trey Herr was a fellow in the Cybersecurity Initiative and formerly with the Belfer Center's Cyber Security Project at the Harvard Kennedy School. His work focuses on trends in state developed malicious software, the structure of criminal markets for malware components, and the proliferation of malware.