During 2015, demand for new malicious programmes reached saturation point, as the number of new malware files detected every day by Kaspersky Lab products fell by 15 000 – from 325 000 in 2014 to 310 000.
Kaspersky Lab’s experts believe this is mainly due to the fact that coding new malware is expensive and cybercriminals have realised that they can get equally good results using intrusive advertising programs or legitimate digital signatures in their attacks.
This approach appears to be working, as results show that despite the cost-cutting in malware creation, in 2015 the number of users attacked by cybercriminals increased by 5%.
Between 2012 and 2013, there was a rapid increase in the number of new malicious files detected by Kaspersky Lab, from 200 000 new files every day in 2012 to 315 000 in 2013.
Thereafter, things started to slow down. In 2014, the total increased by just 10 000 files a day, and in 2015 the overall number has declined from 325 000 to 310 000. Cybercriminals in search of a quick return appear to have decided that complex coding tools such as rootkits, bootkits or replicating viruses, may bring results, but at a cost, reducing their overall margins and revenue. Moreover, these complex malicious programs, that can cost tens of thousands of dollars to develop, do not protect the malicious program from increasingly sophisticated antivirus software accustomed to detecting and analyzing far more complicated malware.
For this reason, 2015 saw adware, essentially harmless but often intrusive, become more prominent among overall anti-virus detections. This marks an evolution in cybercriminal tactics, with many now acting almost as businesses, engaged in selling quasi-legitimate commercial software, activity and other “essentials”.
Another trend is for cybercriminals and even advanced, state-sponsored threat actors to make greater use of legal certificates for digital products. With the help of bought or stolen certificates, attackers deceive security software, which trusts an officially-signed file more than a regular one. The value of the certificate may be only a few tens of dollars.
“Cybercrime has lost the last touch of romance. Today, malware is created, bought and resold for specific tasks. The commercial malware market has settled, and is evolving towards simplification. I think will we no longer see malicious “code for the code”. This trend is also observed among the operators of targeted attacks,” says Vyacheslav Zakorzhevsky, head of the anti-malware team at Kaspersky Lab.