Malware in pirated software to cost US$500 billion worldwide

Enterprises worldwide are expected to spend nearly US$500 billion (S$635 billion) in 2014 to deal with issues caused by malware deliberately loaded onto pirated software — US$127 billion dealing with security issues and US$364 billion dealing with data breaches — according to a new study jointly conducted by IDC and the National University of Singapore (NUS), while governments could lose more than US$50 billion to deal with the costs associated with the same problem. 

Consumers, on the other hand, are expected to spend US$25 billion globally and waste 1.2 billion hours this year because of security threats and costly computer fixes stemming from malware on pirated software.

 

Source: Microsoft

The study, titled The Link Between Pirated Software and Cybersecurity Breaches, surveyed consumers, IT workers, chief information officers, and government officials from 15 countries including Singapore and found that 60% of consumers surveyed say their greatest fear from infected software is the loss of data, files or personal information, followed by unauthorised Internet transactions (51%) and hijacking of email, social networking and bank accounts (50%). 

Singapore consumers surveyed are actually more worried, with 65% of local consumers naming loss of data, files or personal information as the biggest fear associated with infected software, followed by unauthorised Internet transactions (64%) and hijacking of email, social networking and bank accounts (61%). Paradoxically, 43% of all respondents (28% in Singapore) do not install security updates, leaving their computers open to attack by cybercriminals.

 

Government officials expressed concern about the potential impact of cybersecurity threats to their nations. According to the survey, governments are most worried about the loss of business trade secrets or competitive information (59%), unauthorised access to confidential government information (55%), and the impact of cyberattacks on critical infrastructure (55%). 

In Singapore, government officials polled are most concerned about cybersecurity issues between trading partners (65%), the impact of cyberattacks on critical infrastructure (62%) as well as the loss of business trade secrets or competitive information (62%).

Source: Microsoft

“Cybercriminals are profiting from any security lapse they can find, with financially devastating results for everyone,” said Keshav Dhakad, Regional Director of Intellectual Property & Digital Crimes Unit, Microsoft Asia. “Motivated by money, they’ve found new ways to break into computer networks so they can steal your identity, your passwords and your money, and unprotected, non-genuine software provides that easy way for cybercriminals. 

"That’s why at the Microsoft Digital Crimes Unit, we’re focused on attacking and curbing such malicious acts by disrupting cybercriminal networks to keep our customers’ personal and financial data safe and secure, while reducing the financial incentive for criminals. The Microsoft Cybercrime Center, a centre of excellence for advancing the global fight against cybercrime, affirms our efforts to work closely with our industry partners, law enforcement and customers to create a safer internet and develop best practices for cybersecurity.”

 

Business highlights from the survey include: 

• Nearly two-thirds of enterprise losses (US$315 billion) will be at the hands of organised criminals. 
• Almost 20% of the pirated software in enterprises is installed by employees.
• Twenty-eight percent of global enterprise respondents and 27% of Singapore enterprise respondents reported security breaches causing network, computer or website outages occurring every few months or more; globally, 65% of those outages involved malware on end-user computers while in Singapore, the figure is higher at 71%.

“Using pirated software is like walking through a field of landmines: You don’t know when you’ll come upon something nasty, but if you do it can be very destructive,” said John Gantz, Chief Researcher at IDC. “The financial hazards are considerable, and the potential losses could leave once-profitable businesses on shaky ground. Buying legitimate software is less expensive in the long run — at least you know that you won’t get anything ‘extra’ in the form of malware.”

 

A NUS forensics analysis of 203 new PCs loaded with pirated software found that a staggering 61% of the PCs were already pre-infected with unsafe malware, including Trojans, worms, viruses, hacktools, rootkits and adware. These PCs, purchased through resellers and PC shops in 11 markets, included more than 100 discrete threats.

 

“It is hugely concerning that brand new PCs are coming pre-infected with dangerous malware due to pirated software, making the users and companies readily vulnerable to security breaches,” said Professor Biplab Sikdar, Department of Electrical & Computer Engineering, National University of Singapore. “The university’s forensic tests clearly indicate how cybercriminals are increasingly leveraging the unsecure supply chain of piracy to spread malware and compromise PC security in a serious way. We would only recommend usage of genuine software for online safety and cybersecurity.”

 

This year’s research is an extension of IDC’s 2013 study, The Dangerous World of Counterfeit and Pirated Software. The study was released March 19 as part of Microsoft’s Play It Safe campaign, a global initiative to create greater awareness of the connection between malware and piracy.

  

More information about the IDC study is available at the Microsoft Play It Safe website, and the Digital Crimes Unit newsroom. Users can also visit http://www.microsoft.com/security to learn more about malware and ensure their machines are not infected; if malware is present, the site offers tools to remove the infection.

*The Link Between Pirated Software and Cybersecurity Breaches surveyed  a total of 1,700 respondents consisting of consumers, IT workers, chief information officers, and government officials from 15 countries including Singapore. and Brazil, China, France, Germany, India, Indonesia, Japan, Mexico, Poland, Russia, Thailand, Ukraine, the United Kingdom, as well as the United States. In addition, 203 computers acquired in 11 countries, namely Brazil, China, India, Indonesia, Mexico, Russia, South Korea, Thailand, Turkey, Ukraine, and the United States were also analysed by NUS.