How Cybercriminals Use Malware to Steal Intellectual Property from Your Company (Or You Personally)
How Cybercriminals Use Malware to Steal Intellectual Property from Your Company
BY BERT RANKIN ON FEB 27, 2018
Stealing intellectual property (IP) is big business for cybercriminals, and they often use malware to do it. Many cyberthieves have turned to IP theft as their primary focus because it’s often easier than stealing credit card numbers or other forms of digital currency. IP thieves can operate from anywhere in relative anonymity, and armed with the latest malware, they pose a major threat to the world’s intellectual property.
Theft of IP Has Major Impact
Intellectual property is the very lifeblood of many enterprises. It fuels growth, innovation, and differentiation, and its theft is often catastrophic—leading to a loss of revenue, damaged customer relationships, and a devaluation of the company’s brand and reputation. IP theft not only hurts the victim organization, but the entire economy.
A recently updated report on the Theft of American Intellectual Property puts the annual cost to the U.S. economy at over $225 billion in counterfeit goods, pirated software, and theft of trade secrets. The estimated low-end cost of trade secret theft to U.S. firms is $180 billion, or 1% of U.S. GDP. The high-end estimate is $600 billion, amounting to 3% of the nations’ GDP and over $1.2 trillion dollars in economic damage over the last three years.
By stealing IP, or purchasing stolen IP, organizations can bring products to market much faster and cheaper than if they designed those products on their own. When IP theft occurs, an organization that invested in the creation, innovation, and design of a related product may find themselves competing with copies of their own merchandise—on sale at half the price.
Cybercriminals target trade secrets and proprietary business information that they can quickly monetize. The opportunities for thieves are endless, but examples include merger plans, new drug formulas, manufacturing processes, schematics, unique product designs, geological surveys showing mining deposits, sophisticated software, and all forms of copyrighted data. With this broad array of valuable information, IP theft is an issue for virtually every industry and sector.
Significant Examples of IP Loss
IP theft occurs every day, and the number is increasing—and so is the impact. Here are just a few of the more notable cases that have been publicly disclosed.
Lockheed Martin: Thieves stole terabytes of technical data about the F-36 Joint Strike Fighter Jet, including radar designs and engine schematics. The subsequent unveiling of the copycat Chinese J-31 fighter indicate that the attackers were in fact able to steal sensitive schematics that enabled foreign nations to piggyback off U.S. taxpayers’ investment in advanced weaponry.
Coca-Cola: Attackers used spear-phishing tactics to exploit employee systems, upload keyloggers, steal passwords from an executive, and gain access to extremely sensitive data pertaining to Coca-Cola’s plans to acquire China Huiyuan Juice Group. The multi-billion-dollar deal fell apart just days after the FBI let Coke executives know about the intrusion.
RSA: Cybercriminals stole data related to the company’s sensitive SecurID two-factor authentication technology, forcing RSA to reissue authentication tokens to 40 million users, costing the company over $66 million.
Sony: Attackers stole an enormous amount of IP, including copies of yet-to-be-released movies and TV episodes, employee salaries and data, embarrassing executive emails, and details regarding the company’s IT infrastructure. The criminals also deployed wiper software that caused a major disruption to Sony’s systems and operations.
AMSC: American Superconductors Corporation (AMSC) lost over a billion dollars in share value when cybercriminals stole all of its IP and a rival company allegedly used the data to create and sell competing products.
Malware Designed to Steal Intellectual Property
Cybercriminals use a variety of malware types to help them commit their crimes. Some of these malicious tools use modern state-of-the-art technologies. Other tools are older, but still effective—especially when used repeatedly and in mass. Here’s a short list of some of the more common types of malware and malicious techniques cyberthieves use to steal IP.
Keyloggers: Malicious software that captures data as it’s entered into the system. While keyloggers can potentially capture large amounts of data as it’s typed into the victim’s keypad, they are normally used to capture login credentials like the victim’s user ID and their password. The credentials are then used to log in and steal IP.
Cross Site Scripting: A type of injection attack where cybercriminals deliver malicious script or code to a client browser, often via a vulnerable web application. In this type of attack, cybercriminals trick a users’ browser into executing malicious code. A classic example is causing a browser to display a popup with a link to a website that installs additional malware which cybercriminals use to steal IP. In other cases, an XSS attack will cause a victim’s browser to send confidential data or cookies containing login credentials to the attacker. Read Lastline’s blog Malware Detection—Discovering Cross-Site Scripting Attacks to learn more about cross site scripting.
Drive-by Downloads: Criminals compromise a website, often a legitimate one, by embedding or injecting malicious objects inside the web pages. The infections are invisible to the user, and range from malicious JavaScript code to iFrames, links, redirects, malvertisements, cross-site scripting, and other malicious elements. Cybercriminals frequently use drive-by downloads to steal IP. See Drive-By Downloads and How to Prevent Them to learn more.
Ramscraping: Some malware is designed specifically to read and capture data from an infected machine’s RAM. This approach to IP theft is effective even when sensitive data is encrypted while it is stored on disk. To use encrypted data, a system must first decrypt that data. That typically occurs in RAM. Ramscraping malware copies the data while it’s in RAM and unencrypted.
Man-in-the-Browser: This malware sits in the browser, between the user interface and the connected website or application. From this vantage point, Man-in-the-Browser malware can view and capture everything the user enters or sees.
File Hosting Service Exploits: This type of man-in-the-cloud malware is specifically designed to copy cloud-based files. It often abuses vulnerabilities in a hosting service’s file synchronization features, capturing and copying IP and other sensitive data during the update process. Such exploits are increasingly dangerous to businesses as they escalate the use cloud-based services to share sensitive customer and corporate data.
Economic Espionage as a Service: Dishonest organizations and cybercriminals can easily find tools and services they need to spy on and exfiltrate highly confidential IP from competitors or other entities. It’s even possible to hire hackers to do the actual spying. Espionage-as-a-Service makes it relatively easy for not only state-sponsored cybercriminals to steal IP, but much less sophisticated and funded entities as well.
Companies Must Protect Their IP
There is no letup in attempts to steal IP from U.S. or other leading countries. Whether state sponsored or at the hands of organized crime, IP theft is here to stay and it’s important that companies take a proactive stance to protect their intellectual property. Since cybercriminals will target any trade secret of value, virtually every innovative organization is at risk.
Sadly, unless sophisticated security controls are in place, including advanced malware protection, organizations are often unaware that they’ve been victims of IP theft until it’s too late.
Fortunately, enterprises can dramatically reduce their odds of becoming a victim of IP theft by diligently and continuously implementing the very latest malware detection technologies.