Truth Labs’ Report reveals that 65% DVDs and PCs with pre-installed programs have malware
Bangalore, India, July 25, 2014: Truth Labs, India’s first independent Forensic Science Lab, today reiterated linkages between the proliferation of cybercrime through the use of pirated and counterfeit software to the breaches in the information, communication and network security that eventually lead to multidimensional risks and threats to Public Safety and National Security. The detailed vulnerability study titled ‘Piracy and Counterfeit Software: Emerging Risks and Threats to Public Safety and National Security’, launched today by Truth Labs, tested 230 samples consisting of 174 in DVD form and 56 as preinstalled products in laptops, which led to a conclusion that different types of malware detected in majority of the samples are susceptible to wide variety of risks and threats related to Intellectual Property (IP) theft, data leakage among others.
The report was launched by Dr. Gulshan Rai, Director General, CERT- In in the presence of Dr. Gandhi Kaza, Founder Chairman, Truthlabs in New Delhi. The report was commissioned by Microsoft India.
The use of malware infected products can cause substantial productivity losses to the manufacturers, economic losses to the businesses, besides posing serious security risks and threats to the critical infrastructure of the Government.
As per the report, 65% of the samples were found to have more than one category of malware, which can bring down an entire network and can be misused by hackers to create bots that can attack larger networks including SCADA systems protecting national resources such as Power Grids, Satellite communications. The majority of the malware identified in the samples enabled remote access and control by hackers followed by backdoors and keylogger which pose a threat to the privacy of the user. Increasing risks were highlighted in the areas of Remote Access, Remote Code Execution and attacks by Trojans & worms, which also forms three major categories of threats found in the samples under study.
Founder Chairman of Truthlabs Gandhi Kaza said, “Our study suggests the massive scale at which malware was being distributed through usage of pirated and counterfeit software in India. This urgently calls for a series of measures to preclude impending risks and vulnerabilities to Public Safety and National Security. We are extremely concerned about the serious security risks and threats to the critical infrastructure of the Government that has been on the radar of cybercriminals.”
Vipin Aggarwal, Senior Attorney and Director IP, Microsoft, said, “Cybercriminals exploit every opportunity to make an easy profit by inserting malware onto pirated software which threatens consumers, businesses and governments. Microsoft has been continuously working on combating cybercrime for many years. As part of our focus on fighting this growing hazard, this research was commissioned to demonstrate the connection between cybersecurity, malware and piracy around the world. ”
The research based analysis of security related risks due to use of pirated and counterfeit software initiated by Truth Labs in collaboration with Microsoft India is primarily aimed at identifying the piracy landscape and the nature and level of vulnerabilities of pirated Microsoft products across India. Meanwhile, the research found that indirect security threats also include users or organizations unknowingly becoming part of a larger nexus of anti-social elements funding and supporting illegal activities such as organized crime, money laundering, drug trafficking, cyber terrorism and other related risks and vulnerabilities. Today’s networked environment with global internet connectivity thus has enormous potential to cause damage and destroy the critical infrastructure of any nation or group of nations anywhere across the globe.
The study further identifies that most of the pirated and counterfeit software are aimed at data stealing and therefore its use in the critical infrastructure of the government would pose a high security risk to Public Safety and National Security. The threats include stealing of confidential data like internet banking usernames, passwords, credit card details etc., leading to huge monetary loss to the end-user besides making the installed system continuously vulnerable to attacks.