Unlicensed software and Cyber Attack

A software license is a legal instrument that provides  use of the software with specific guidelines. Any software which is illegally copied, downloaded or borrowed is termed as “unlicensed, pirated, counterfeit, infringement” software. Users, who violate the copyright of software by inappropriate usage leads to piracy of software. There are several licensing metrics such as: per device, per user, concurrent user, remote user, per virtual machine, per instance etc. By buying the software, user gets the rights to use the licensed software with the exception that he is allowed to make copies of the software only for backup purposes, however it is against the law to distribute copies of that software

How businesses become non-compliant?

Compliance is a necessity of the hour. Software manufacturers have so many different licensing programs that it takes a lot to make sense out of them. Manufacturers also include in their contracts the ability to change usage rights according to the business needs, which means that even the organizations who are under the impression of following the licensing rules may fall out of compliance without even realizing it, the increased rate of non-compliance for software industry has a direct or indirect impact on the cyber security leading to data leakage, information distortion and a threat to the sensitive and confidential data. The following points describes how non-compliant may take place:·       

·        IT people may use pirated software to reduce the overall cost and distribute them to all the employees according to their business needs;

·       If an employee has knowingly installed pirated copies of commercial software on a business system and is using it for official purposes.

·       Using licensed software without following the licensing terms and condition (norms). This is also possible if the license agreement is not read, understood & reviewed carefully.

There are several points which needs to be taken into consideration before installing  any software in order to be compliant:

·       How many users are permitted to use the software?

·       How many times a single copy of software can be installed on the systems?

·       Whether the software can be used for commercial purposes (versus domestic use only)?

·       Whether the software can be used by employees working remotely?

·       What are the term & conditions for trial use of the software?

These are some commonly overseen restrictions already mentioned in the contract agreements. Without carefully reading and understanding the license agreement and ensuring all employees are adhering to it at all times – it is very easy to become non-compliant.

Unlicensed Software: A Negative Impact

One of the reasons for the rise in cyber-attacks is the use of unlicensed software. Installing pirated software copies may infect the system, for example cracked software might actually be a poorly disguised malware, which can lead to slowing down the system, sending out information, damaging your files and so on. This includes credit card and bank account numbers, passwords and address books, company’s confidential data etc. In addition to the potentially devastating financial impact and loss of customer data, enterprises can suffer damage to their reputation and declining customer confidence. Even just one successful cyber-attack “can do serious harm to a company’s reputation and credibility,”

Data privacy risks: Employees purchasing and using the third party software without IT department’s knowledge would result in putting sensitive data at risk. Decentralized control of software assets would prevent the IT team from developing and putting in place any risk mitigation steps since such unauthorized software are out of their bounds.

Compliance risks: Organizations would have to face audits from software publishers who own the IP rights for the software. This would result in companies running the risk of being non-compliant and thereby leading to fines, penalties, data loss, and significant vulnerabilities. 

Statistics

End users and enterprises have a 33% chances of encountering malware when they obtain and install a pirated software/suites or purchase an assembled computer (pre- installed pirated software).

The National University of Singapore forensic conducted a survey on the assembled computer purchases (pirated software pre-installed) and the malware risk rate. As per the results of the survey, 203 computers purchased in 11 countries; 61% of those systems were infected with malware.

BSA’s study with IDC also found a strong correlation between unlicensed software and malware, which is the equivalent of giving criminals a set of keys to your company network. Cyber-attacks cost businesses more than $400 billion in 2015.

The below graph represent the percentage of infected systems worldwide through various engines mentioned below in 2014:

The below chart represents the rate of software piracy vs malware infection taken from NUS forensic analysis, 2014

Below are some of the most common viruses linked with unauthorized software causing cyber security attacks

Win32/Enosch.A : This is a worm that searches for all Microsoft Word documents (.doc and .docx) in the infected computer and emails them to a remote attacker.

Win32/Sality.AT : This is a virus that stops the functioning of few security software and windows utilities. Further, it continues to download other malicious files/programs.

 Win32/Pramro.F : This is a Trojan that creates a proxy server on an infected computer. The proxy server may then be used to relay spam e-mail and web traffic as well as to hide the origin of the attackers responsible to the malicious activity.

Below are some of the most recent viruses have led to cyber-attacks:

Conficker: Is a fast spreading worm that targets a vulnerability in windows operating systems. It disables many security features and automatic backup settings, deletes restore points and opens connections to receive instructions from a remote computer. Once the first computer is configured, Conficker uses it to gain access to the rest of the network. It can spread by several means, copying itself to shared folders.

As a result of counterfeit software, most users experience decreased computer performance, viruses, spam, or complete failure of the software or computer. Dealing with infected software is estimated to cost the world more than $100 billion annually, while the indirect costs related to data losses and identity theft could cost another $350 billion.

Conficker worm spread through computers around the world in 2008 and 2009, security analysts warned that downloading unlicensed software was among the likeliest ways to get infected. 

Citadel Botnet:

For cyber criminals it is a powerful and state-of-the-art toolkit to both distribute malware and manage infected computers (bots). Citadel is an offspring of the (too) popular Zeus crimekit whose main goal is to steal banking credentials by capturing keystrokes and taking screenshots/videos of victims’ computers.

Citadel botnet created 5 million zombie computers across 90 countries which revealed that the criminals behind it had infected PCs in part by selling unlicensed versions of Microsoft Windows pre-infected with Citadel malware. Realising the impact of unlicensed software FBI issued and alert in 2013 warning that unlicensed software may contain malware.

Efficiently managing the software and preventing unauthorized use:

Efficiently managing the software and preventing the unauthorized use entails a step by step process.

Step 1:

Organizations must have a  strong software policy. The  policy should express the company’s goals to manage software for maximum benefit, deal only in authorized software and define the steps for acquiring authorized software. An effective software purchase procedure consists of the following elements:

·       Centralize all software purchases, including services, through a purchasing department or other designated company authority.

·       Require all software purchase requests, including services, be in writing and made available to the purchasing department or another agreed upon department.

·       Set up proper processes and procedures for procurement of software

Employees must be provided with adequate training on the importance of using authorized software and the key role that they play in the cyber and information security.

 Important components of a software policy are as follows:

 · Centralized software requisition and procurement team.

· Ensuring software licenses are purchased from authorized list of vendors or resellers.

 · Centralized repository of all licenses

· Exhaustive list of approved software in the organization.

· Get original user materials (e.g., manuals, registration cards, etc.), licenses, and receipts for each purchase.

· Presence of strong firewalls and anti-virus software to prevent the employees from downloading the software over the internet.

Every employee needs to acknowledge the software policy and the consequences of violating it. In turn, employers must take steps to educate employees on what constitutes illegal use of software.

Step 2:

Conducting a proactive audit of all the software assets in the organization. Proactive audit should focus on the areas such as,

·       What software licenses are purchased?

·       Which are the different assets on which software licenses are deployed such as desktops, laptops, servers, etc.

·        Is the most suitable version of  software being used

·        Are there illegal, unauthorized, or unlicensed programs in  the business

·       Does each employee have the correct set of available programs

·       Are we using outdated or unnecessary programs that can be deleted

Step 3:

With the required software inventory in hand, compare the software installed on computers or utilized versus what has been purchased.

Once unauthorized software copies or improperly utilized account registrations have been identified, delete these or cease the account sharing. This is also an ideal time to remind employees about the company’s software policy and the dangers associated with unlicensed software.

Now compare the legitimate copies of software and accounts with the corporate needs that are identified when taking inventory. This allows for informed decisions about which software and accounts are legally owned that should be kept, upgraded, or discarded. Programs can be moved —not copied — from computers where they are not needed to computers where they are.

Based on the inventory, upgrades, new purchases, and input from employees, create a formal list of the software and online services that your company will allow its employees to use. This should include program names, serial numbers, version numbers, number of copies or users permitted by the license, the computers on which the copies are installed, and plans to add, upgrade, or discard the software in the future.

Step 4:

Establish a routine software Monitoring  mechanism, guarding against the introduction of unauthorized software and keeping a list of supported software and services up-to-date  on a continual  basis. In many businesses, it makes sense to have someone, oftentimes called a SAM manager, responsible for the process in order to centralize the job.

Conclusion:

One can easily conclude that organizations can prevent themselves from cyber security risks by ensuring that the software deployed and used is a licensed one. In order to achieve the maximum use of licensed software, organizations should implement effective Software Asset Management (SAM) policies and procedures and investing in creating awareness related to the pitfalls of using unlicensed software.