By Milica D. Djekic

The malware by itself is any piece of malicious code that is capable to cause damage to the current IT configuration. The malicious applications could function as viruses, worms, spyware and so on, but also there are some threats that could be so advanced by their nature and get the capacity to pass through any today’s defense. The purpose of malware research forensic laboratories is to investigate and examine any piece of the code and determine if it makes harm. Nowadays we are witnessing that there is also the next generation of cyber threats being known as the ransomware which can encrypt the entire files, folders, and IT systems and seek some ransom in return. These new types of malware are still waiting for an appropriate response from the forensic labs that would commonly cope with the artificial intelligence (AI) as well as machine learning (ML) in order to identify and classify the pattern of the code’s behavior. In addition, there are also so ongoing threats coming from the ordinary software that could deal with the programming flaws or some intending developed background processes that could also show the malware behavior in its operations. In this effort, we would want to discuss today’s malware landscape as well as the need for intelligently conducted investigations in such an area that could offer us some intelligence and evidence for further cybercrime prosecuting and proceedings. Finally, we would discuss a bit the coming requirements for the software approval procedures that should undoubtedly demand the higher security criteria, so far.

The black market is the real production line to the malware and the rest of similar malicious products. Every single day the black market produces the thousands of new malware that still need to get discovered and analyzed in order to become part of some anti-malware prevention system. It would appear that the malware developer’s career is the quite exciting one and there are a lot of challenges at the global scale seeking from those guys to dig deep and attempt to cope with the next generation of forensic investigations that could make them get discovered by the Law Enforcement agencies as well as the entire cyber industry. Someone could imagine the malware developer as so lone wolf sort of person who would spend the majority of his time in some dark room sitting in front of the computer and doing some bad code’s programming. The fact is that the entire academic, as well as expert’s communities of some region, could take part into such projects and even if they are not developing some cyber weapons to their governments – they could try to create some commercial software that would deal with some background process being so malicious by its character. In other words, it’s possible that someone could try to sell the quite convenient program to the developed economies marketplace claiming that piece of code could do so suitable calculation of some technological parameters, but such a solution would practically cope with its little dirty secrets, so far.

The main point with the malware applications is that they would have the ability to multiply themselves and execute some dangerous operations on their host and consequently spread such activity to the rest of the IT network. This is specifically alarming in case of the commercial software for a reason to get approved for the usage it should go through standard procedure that would require from the developer to complete some form, explain what his product can do and provide a copy of the source code that could serve as the proof for the further analyses. Basically, it’s up to the criminologists and investigators to determine why someone with a good reputation and the legal background could try to cheat on such an examination and offer the solution that would cause harm to many. Every single day we would use plenty of software working on our IT infrastructure and there is the well-accepted belief that some operating systems would be so unstable, so that’s why they would crash so frequently. The fact is maybe some of your commercial applications being downloaded from the web or bought in some software shop would cause such malicious behavior. On the other hand, it’s less suspicious if you attempt to distribute your software through some legal channels specifically if you know that there is the standard procedure of making a decision if such a program could go to the marketplace or not.

The experience would suggest that there is a certain number of the whistleblowers who would contact the Police Departments claiming that some legal firm being correlated with the academic or expert’s cycles is producing the commercial software with the quite malicious background process. Also, modern forensic laboratories would rely on AI and ML testing procedures and policies and they would deal with the capacity to investigate any single segment of some application. For instance, the coders of today got so powerless in front of the cutting-edge technology that is capable to recognize anything being so suspicious to the analysts. So, there is the capacity to challenge any commercial application, so far, and anyone trying to play with the authorities should know that he would sooner or later get himself into the trap which he made for himself only. In other words, the motive to such a crime could be diverse and if there are the actors who could try to distribute their little dirty product using the legal means – they would so promptly realize that they are in trouble only. Sharing some of such a skill with the Law Enforcement agencies could bring some chance to anyone getting engaged in such criminality to negotiate about some legal clearance and consequently avoid so hard punishment. From this perspective, it would appear that the commercial software conformation procedures should cope with the strong focus on security and in our opinion – that’s something that should get followed in any software engineering case for a reason of contributing to the better understanding of the entire software, hardware and procedural compliance reading some IT configuration.

The malware research laboratories would deal with the tools that would analyze, monitor and cope with the behavior of some software trying to find some kind of malicious activities. The main point with the malware application is that it would find its place on the machine of its host commonly coming there through the network traffic and perhaps doing so such a program would copy itself in so many samples and consequently execute some bad behavior. So many malware would get produced on the black market and any part of the globe should know how to isolate and define such a piece of the code. Apparently, it’s so important to recognize the code with the malicious process for a reason its signature could get put into some malware prevention software that is capable to identify and remove such an application. The crucial problem with any sort of malware is that it can infect so many files, folders and the entire operating system causing the loss of so vitally significant data and applications. In other words, such a bad code would go through the network traffic and once it arrives on some host it would multiply itself and make harm to that environment. Maybe your anti-malware software would not warn you that you are under attack, but your entire working surroundings can collapse within a few hours as the infection progresses. This is quite a trickery because your entire operating process could get disturbed and for such a reason it’s necessary to develop the useful malware research procedures and policies that would cope with the AI and ML-driven investigative tools getting able to discover any kind of suspicious activity, so far.

In the practice, there could exist the programs with some functions and features that could get capable to resolve the total set of the problems and in such a case; so many malware researchers could get with the belief it’s not necessary to do any kind of forensic analytics in the labs. Basically, in the legal marketplace, there would appear so many software being developed for commercial purposes that would pass through the regular assessments and testings before they get accepted for the commercial usages. It would seem that no hacker’s group or even state-sponsored cyber warriors could deal with the intent to produce and try to sell something that could obtain some sort of operations and additionally cause damage to its users. For instance, try to imagine that you would buy some software within some online shop and once you install that application on your device – you would notice that your entire system would slow down. That would mean your processor’s unit would deal with some kind of interrupt and it would use so many of its power and time in order to cope with such bad code. The obvious consequences of such a choice could get the frequent working environment crash as well as some inaccurate operation of the majority of applications. In the reality, the typical procedure for getting the license for some program would mean that you would develop the software and further complete the form with the detailed description about with your solution could demonstrate in the practice. Some skillful examiners would try to confirm if your software can do all of so and once they get confident about your effort – you would gain the approval stamp.

On the other hand, no one would figure out that such an effort should pass through the careful security analyses in the forensic laboratories because there could always be the malware behavior that could function in the background. From some perspective, it may appear that someone so unhealthy could select to do so, but if we apply the rational way of thinking – we would realize that so many people over the world could get the interest to cope with such a path. For example, maybe your competitors would figure out that they can produce the software with some crap background process and in such a manner; they could try to compromise some operating system platform making the impression that such a surrounding is quite unstable and less appropriate to get used by many. Also, you can find the classical malware amongst the webshops software offerings coming from some opponent country and from that point of view; it’s quite clear that your enemies could try to send something into your marketplace. The fact is the process of getting the software license by itself needs so many improvements and plenty of innovative thinking for a reason the security of devices, networks, and end-users should get the ultimate goal to the modern IT industry.

The fact with this concern is even if you are looking for the attest for your hardware or software – you should figure out that there are some requirements that should get met. The guys working in the IT industry would be so clever and they would get that those demands got so obtainable and the modern cyber environment would not care so much about the consumers’ security. From today’s point of view, there are a lot of options to discover the malware behavior relying on the intelligent tools in the forensic investigation and so obvious stuff that should get done is to add such a step into your standard testing procedure. Finally, it’s quite clear that if we talk about the lone wolf attacks and remember there are no purely those offenses because the people would cope with some ideology and undoubtedly get connected with each other – you can figure out that no country in the world or its Law Enforcements bodies should let anyone within their society to try to compromise the reputation of such a community and make so powerful enemies to its nation causing that the entire state could get untrusted and quite suspicious at the international scale which could so seriously affect the overall economy, finances and probably the future of that area for a reason no one would want to import the trash from anywhere.

About The Author

Milica D. Djekic is an Independent Researcher from Subotica, Republic of Serbia. She received her engineering background from the Faculty of Mechanical Engineering, University of Belgrade. She writes for some domestic and overseas presses and she is also the author of the book “The Internet of Things: Concept, Applications, and Security” being published in 2017 with the Lambert Academic Publishing. Milica is also a speaker with the BrightTALK expert’s channel and Cyber Security Summit Europe being held in 2016 as well as CyberCentral Summit 2019 being one of the most exclusive cyber defense events in Europe. She is a member of ASIS International since 2017 and contributor to the Australian Cyber Security Magazine since 2018. Milica’s research efforts are recognized with the Computer Emergency Response Team for the European Union (CERT-EU). Her fields of interest are cyber defense, technology, and business. Milica is a person with a disability.