All this specialization and market interaction is trouble enough today but what might be around the corner? One worry is the automation of development for new malware variants. Using machine learning techniques on par with those employed by defenders to identify and take apart malware, attackers could churn out thousands of functionally distinct samples a day. No longer the small changes designed to fool intrusion detection and prevention systems, these variants could each vary in purpose and design, overwhelming defenders. Groups might offer these automated assembly lines up for rental or sale to the highest bidder with competition driving innovation in new features and capabilities.Currently, few malware kits and tools target embedded systems like DVRs or automobiles, but that is going to change. As disruptions like the Mirai botnet show, the Internet of Things is a large and growing underbelly to the digital landscape that’s proving incredibly vulnerable. As participants in the malware markets find ways to monetize this vulnerability, the stakes will go up. Imagine ransomware that locks you out of your car, your house, or a critical medical device like a dialysis machine. Now consider what it looks like when the tools used to build that ransomware are leaked and available all over the internet.
What is the Future of the Malware Markets?
Increased Use of EncryptionAs attackers find new ways to encrypt their malicious payloads and even whole malware packages, defenders may find it more difficult to analyze and defeat this software. Coupled with the threat of massive automated malware creation, improvement in obfuscation techniques could substantially lower the percentage of samples information security firms can analyze.
Attackers Outpacing DefendersImproved machine learning techniques could allow malware authors to produce hundreds of thousands of new version of their code each day. Each new variant might come with a different design and new functions, inundating defenders. Machine learning is used on defense as well, aiding with malware identification and forensics. The question is, who can integrate these tools and adapt faster?
The Internet of Insecure ThingsAs the internet of things becomes more widespread, ever more important systems will be vulnerable to manipulation and compromise for money. The ransomware scourge could grow doubly worse as criminals move from targeting laptops and hard drives to cars and industrial equipment.
Continued Human ErrorAs has long been the case, humans will remain the weak link. Though new products and research is helping people make better security decisions, or take them out of the loop altogether, cyber crime will still find plenty of take advantage of.
In the end, the malware markets are a way of describing the interactions of states, companies, criminals, and individuals across the world. Attackers and defenders participate, chasing vulnerability information and profit across the wire. Understanding more about these markets can help underline the importance of high-profile arrests and convictions but demonstrate how difficult truly shuttering them can be.