I remember I saw a tweet back in 2016 about how malware had evolved over the years. Viruses, trojans, spyware – all of these were simply made to make money. Cybercriminals are really just out to make a profit. The goal? To make as much money as possible in as little time as possible. Over the years, cybercriminals have evolved from benign to outright hostile. Here, we list down a few techniques they had acquired.
Since the dawn of internet messaging with DARPANET and the subsequent rise in the popularity of IRC post-World War II, people over the world have been finding a way to use the internet as a way to commercialize. Google, in the late 90s, was at first reluctant to join the trend of internet-for-business, but in the end, no one was safe.
In came Spamware. Spamware are means to send ads via emails. Some typically manage to stick to computers and send emails from the local user’s infected account. An example of these are the UDP-based trojans that serve as email tunnels, anonymizing the emails being sent.
These kinds of malware make money out of ad views and analytics. The more people view them, the greater the profits, and thus cybercriminals want to send as much spam as possible. In defense, email services now have Spam folders to keep potentially unwanted emails out.
What makes them different from pop-ups though, is that they tend to require that the authenticated user must manage to still see the ads even without viewing the web page, unlike in pop-ups and pop-unders where the ads cease when one stops browsing.
Examples of these are the ones that spread pre-2009 that showed pornography pop-ups even when offline. They still make the same money like pop-ups – they are dependent on analytics the same way.
When Bitcoin gained popularity in 2010 (after its doubtful rise in 2009), new trojans sprung out that targeted computers as vectors of a more direct form of exploitation of moolah: Ransomware.
Ransomware lock down the user’s device (computer, phone, smart TV, game console, and in one case even an entire Boeing 747) and would ask the user to give a specified amount of money to a cryptocurrency address (typically being Bitcoin or Monero). The attackers make use of the anonymity and ease of using crypto addresses as payment. Paying them would be easy, and getting the passcode to get back the “kidnapped” device is as easy as getting an email after the transaction.
Examples of these are the WannaCry attacks that targeted small businesses worldwide. One attack even struck an airplane in March 2018.
4. BotNet services
Since cybercrime is turning into a business, naturally, companies spring from those businesses. Botnets are a network of “robots” – infected devices (routers, computers, even security cameras) that are used to work cooperatively on a single task, usually being Denial-of-Service attacks or mass computing (usually for password cracking).
Botnets tend to be based on what is called a RAT, or Remote Administration Tool, and is controlled by a C&C, or Command and Control device. They typically happen to spread very quietly, and most of the time, they are not even noticed to be there until they start to get their commands from their C&C. These botnets are “rented” to do tasks, from simple decryption for hashes, to spreading ads for psychological warfare.
An example of this is the Mirai Botnet, a Linux-based botnet that was so effective at spreading that it has been the subject of study in various universities worldwide. Some botnets are even “consensual,” as is the case with the Low Orbit Ion Cannon, a tool used by the hacktivist community Anonymous, where all “infected” users attack targets upon the request of one of their members at a forum on the internet.
Though there may be many means of making money, let’s always note that not all of these ways are good. Cybercrime pays, it turns out. We have to be ever vigilant, and learn to use antiviruses and remember to patch our computers on time, lest we fall prey to these infections.