Bangkok--1 Jun--Hill & Knowlton
Recent study indicates a “polarization” in cybercriminal behavior and increase in “marketing-like” approaches.
Today Microsoft Corp. released its Security Intelligence Report volume ten, which highlights a polarization in terms of cybercriminal behavior and a significant increase in the use of “marketing-like” approaches and deception tactics to steal money from consumers. The Security Intelligence Report focuses on the period of July to December 2010 and gathers analysis of data from more than 600 million systems worldwide.
From the Security Intelligence Report, we are seeing a divergence in cybercriminal behavior. On one side, highly sophisticated criminals skilled at creating exploits and informed with intelligence about a target’s environment, pursue high-value targets with large payoffs. On the other side, there are cybercriminals using more accessible attack methods, including social engineering tactics and leveraging exploits created by the more skilled criminals, to take a small amount of money from a large number of people. These attack methods include the use of rogue security software, phishing using social networking as the lure, and adware, all which have increased in prevalence in 2010.
Attackers continue to incorporate social lures that appear to be legitimate marketing campaigns and product promotions. Six of the top ten most prevalent malware families in the second half of 2010 fall into these categories of attack methods. Criminals using these malware families make money through tricking users with pay-per-click schemes, false advertisements, or fake security software for sale. Additionally, the report highlights an increase of over 1,200 percent in phishing using social networking as the lure, as these venues have become lucrative hot beds for criminal activity.
“Microsoft and the rest of the software industry have significantly improved customer protections and guidance for some time now,” said Vinny Gullotto, general manager of the Microsoft Malware Protection Center (MMPC). “These efforts are making a difference but there is more work to do. We continue to see cybercriminals evolve attack methods such as a significant rise in social network phishing.”
According to the report, phishing using social networking as a lure increased from a low of 8.3 percent of all phishing in January to a high of 84.5 percent in December 2010. The popularity of social networking sites has created new opportunities for cybercriminals to not only directly impact users, but also friends, colleagues and family through impersonation. These techniques add to an existing list of social engineering techniques, such as financial and product promotions, to extort money or trick users into downloading malicious content.
The Security Intelligence Report also shows that worldwide detections of adware increased 70 percent from the second quarter to the fourth quarter of 2010. The detection of a new pair of adware families, JS/Pornpop and Win32/ClickPotato, between July and September 2010 contributed significantly to this increase. ClickPotato is a program that displays pop-up and notification-style advertisements, based on the users’ browsing habits, and Pornpop is an adware family that attempts to display pop-under advertisements in users’ web browsers that usually contain adult content.
“With more consumers and devices coming online every day, cybercriminals now have more opportunities than before to deceive users through attack methods like adware, phishing and rogue security software,” said Graham Titterington, principal analyst, Ovum. “It’s becoming increasingly difficult for consumers to decipher legitimate communications and promotions given the sophistication of tools criminals are using, so it’s more important than ever to provide information and guidance about these online threats to increase protections and awareness.”
Additionally, rogue security software, or scareware, has quickly become one of the most common ways for cybercriminals across the globe to acquire money and private information from unassuming computer users. Rogue security software families, including the most prevalent, Win32/FakeSpypro, appear similar to legitimate security software providing a false sense of protection, and if trusted and clicked by the user, downloads itself and compromises systems. In 2010, Microsoft protected nearly 19 million systems from rogue security software. The top five rogue security software families were responsible for 70 percent or approximately 13 million of those detections.
“While criminals work to evolve their attack methods, Microsoft and the industry will continue to collaborate with partners and customers to improve security and privacy and increase awareness. A combined effort helps to protect the broader online community from the threats propagating today and develop more secure software solutions to prevent criminals from reaping the benefits,” said Gullotto.
Microsoft encourages employing the following best practices for securing networks, software and devices.
Protect Your PC: Online safety guidance to protect information when surfing online and accessing the many cloud services available.
Protect Your Organization: Leverage best practices for securing networks, software and customers by implementing information security policies, promoting awareness, defending against malware and securing network infrastructure.
Get The Latest Software: For Microsoft customers, newer software, like Windows 7 and Internet Explorer 9, offers the most up-to-date protections to help keep information safe.
For more information about SIRv10, please visit http://www.microsoft.com/sir.
About MicrosoftFounded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.
Established in 1993, Microsoft (Thailand) Limited provides world-class software that is easy to use and localized to suit the local market’s needs. It also has a compelling and consistent platform to build powerful business solutions that can scale from a notebook computer to a mainframe — class multiprocessor systems using Microsoft technology. For further information, information, please visit the Microsoft (Thailand) website at: http://www.microsoft.com/thailand.
Microsoft is a registered trademark of Microsoft Corp. in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass/ on Microsoft’s corporate information pages.
For further information, please contact:
Microsoft:
Suphada Chaiwong
Hill & Knowlton Thailand
Tel: 0-2627 3501 ext 209
Fax. 0-2627 3510
Email:
[email protected]