True cost of pirated software

21 June 2017 | Research
Printer Friendly and PDF
The “Cybersecurity Risks from Non-Genuine Software” study aimed to quantify the link between software piracy and malware infections

A four-month study led by Associate Professor Biplab Sikdar from NUS Electrical & Computer Engineering and commissioned by Microsoft has found that cybercriminals are compromising computers by embedding malware in pirated software and online channels that offer them. The findings of the “Cybersecurity Risks from Non-Genuine Software” study, which aimed to quantify the link between software piracy and malware infections in Asia Pacific, were released on 21 June at the Microsoft Cyber Trust Experience 2017 event.

Asia Pacific has the highest software piracy rate in the world, with a value of $26 billion (US$19 billion) in 2016 and three in five personal computers found to be using non-genuine software. Cybercrime is expected to cost the global economy an estimated $8 trillion (US$6 trillion) by 2021.

“…what we would like to achieve with this report is to help users recognise that the personal and business risks and financial costs are always much higher than any perceived costs they save from using non-genuine software,” said Assoc Prof Sikdar.

The study analysed 458 samples from eight Asia Pacific markets, which covered pirated software downloads, new computers and laptops with pirated software, as well as CDs or DVDs with pirated software. Each sample was thoroughly examined for malware infections using seven anti-malware engines.

The researchers found that 100 per cent of tested websites offering pirated software downloads exposed users to multiple security risks in the form of popups, suspicious advertisements and objectionable content. In addition, about one in three of the downloaded pirated software came bundled with malware and close to one in four of the malicious programmes deactivated the computer’s anti-malware software. Pirated productivity tools and operating systems had the highest infection rates.

“Although the risk of contracting malware through all sources of pirated software is high, the online medium is turning out to be a more potent infection vector. It not only provides cybercriminals with the scale to attack anybody, anywhere, anytime, it also allows them to easily camouflage their malicious activities and attack remotely. This makes them harder to be detected and stopped,” explained Assoc Prof Sikdar.

For the brand new computers installed with non-genuine software, 92 per cent were found to be infected with malware. This poses a concern as consumers expect these devices to be risk-free and could therefore be less vigilant in checking for cyber threats.  

Of the CDs and DVDs, 61 per cent contained between 5 and 38 pieces of malware.

The team also observed that a number of pirated anti-virus software were embedded with malware, which could infect the computer and lull users into a false sense of complacency, leading to further exploitation.

Although the risk of contracting malware through all sources of pirated software is high, the online medium is turning out to be a more potent infection vector. It not only provides cybercriminals with the scale to attack anybody, anywhere, anytime, it also allows them to easily camouflage their malicious activities and attack remotely. This makes them harder to be detected and stopped.

Close to 200 malware strains were recorded across the samples. Among them, Trojans were the most common, with a total of 79 unique strains. Trojans provide a backdoor for hackers to access and command the device, allowing them to steal confidential information, modify firewall settings, and delete or encrypt data. A range of worms, viruses and droppers were also discovered, which can replicate without human intervention and spread rapidly.  

To guard against malware infections, the research team recommends that users follow safe cyber practices such as using only genuine software, buying hardware from reputable vendors, keeping software up-to-date, using multifactor authentication mechanisms, and backing-up data on trusted cloud storage services. 

See press release and media coverage.