Microsoft’s Security Intelligence Report version 10 indicates a “polarization” in cybercriminal behavior; increase in “marketing-like” approaches

Microsoft Corporation today released its Security Intelligence Report volume ten, where the findings indicate that the cybercriminals are increasingly targeting consumers. There is polarization in terms of cybercriminal behavior and a significant increase in the use of “marketing-like” approaches and deception tactics to steal money from consumers. SIRv10 (http://www.microsoft.com/sir), which is focused on the period of July to December 2010, gathers analysis of data from more than 600 million systems worldwide.The findings also indicate a divergence in cybercriminal behavior. On one side, highly sophisticated criminals skilled at creating exploits and informed with intelligence about a target’s environment, pursue high-value targets with large payoffs. On the other side, there are cybercriminals using more accessible attack methods, including social engineering tactics and leveraging exploits created by the more skilled criminals, to take a small amount of money from a large number of people. These attack methods include the use of rogue security software, phishing through social networks, and adware, which have increased in prevalence in 2010.

Attackers continue to incorporate social lures that appear to be legitimate marketing campaigns and product promotions. Six of the top ten most prevalent malware families in the second half of 2010 fall into these categories of attack methods. Criminals using these malware families make money through tricking users with pay-per-click schemes, false advertisements, or fake security software for sale. Additionally, the report highlights an increase of over 1200 percent in phishing through social networking sites, as these venues have become lucrative hot beds for criminal activity.

“Social networking is on a high and cybercriminals and these sites have creates new opportunities for cybercriminals to not only directly impact users, but also friends, colleagues and family through impersonation. These techniques add to an existing list of social engineering techniques, such as financial and product promotions, to extort money or trick users into downloading malicious content. In India alone, there are over 50 million users of social networking sites viz. facebook, orkut, LinkedIn, Twitter. Hence the opportunities for cybercriminals to create havoc too has increased manifold. Microsoft is committed to address issues related to online crime and this report is a guide for all consumers to make them aware of the threats that exist online”. Said Sanjay Bahl, Chief Security Officer, Microsoft India.

“With more consumers and devices coming online every day, cybercriminals now have more opportunities than before to deceive users through attack methods like adware, phishing and rogue security software. It’s becoming increasingly difficult for consumers to decipher legitimate communications and promotions given the sophistication of tools criminals are using, so it’s more important than ever to provide information and guidance about these online threats to increase protections and awareness.” Said Graham Titterington, Principal Analyst, Ovum.

Some notable findings [Global & Indian]

According to the report:

• Phishing through social networks increased from a low of 8.3 percent of all phishing in January to a high of 84.5 percent in December 2010
• The detection of a new pair of adware families, JS/Pornpop and Win32/ClickPotato, between July and September 2010 contributed significantly to this increase

1. ClickPotato is a program that displays pop-up and notification-style advertisements, based on the users’ browsing habits
2. Pornpop is an adware family that attempts to display pop-under advertisements in users’ web browsers that usually contain adult content.

The report also highlights some key findings vis-à-vis the Indian landscape:

• The most common category in India was Worms, which affected 42.5 percent of all infected computers, down from 45.4 percent in the last quarter
• The second most common category in India was Misc. Trojans, which affected 33.9 percent of all infected computers, down from 34.5 percent from the last quarter
• The third most common category in India was Misc. Potentially Unwanted Software, which affected 33.7 percent of all infected computers, up from 31.9 percent in the last quarter

Additionally, rogue security software, or scareware, has quickly become one of the most common ways for cybercriminals across the globe to acquire money and private information from unassuming computer users. Rogue security software families, including the most prevalent, Win32/FakeSpypro, appear similar to legitimate security software providing a false sense of protection, and if trusted and clicked by the user, downloads itself and compromises systems. In 2010, Microsoft protected nearly 19 million systems from rogue security software. The top five rogue security software families were responsible for 70 percent or approximately 13 million of those detections.

Microsoft encourages employing the following best practices for securing networks, software and devices:-

• Use genuine software as several research including the most recently concluded KPMG study “The unaccounted consequences of non-genuine software usage” has found that the correlation coefficient between software piracy rates and malware attacks is a strong 0.74. The security implications of deploying non-genuine software are multi-dimensional, including threats that directly affect the end-user and organization’s security making them more susceptible to security attacks, loss of vital information to hostile third parties as well as indirect threats leading to increased cost of protection and remediation.
• Protect Your PC: Online safety guidance to protect information when surfing online and accessing the many cloud services available.
• Protect Your Organization: Leverage best practices for securing networks, software and customers by implementing information security policies, promoting awareness, defending against malware and securing network infrastructure.
• Install Internet Explorer 9, (IE9) offers the most up-to-date protections to help keep information safe. Internet Explorer 9 has passed the review of TÜV Trust IT GmbH. TüV is Germany’s most recognized trustworthy organization regarding certifications. IE 9 meets all specifications to provide highest security standards both for private users and enterprises. IE 9 has been specially praised for its Tracking Protection feature.
• Keep all software. Microsoft or third party software on your systems updated
• Run anti-virus software from a trusted vendor or you can use Microsoft Security Essentials which is available free of cost. Download the Microsoft Security Update Guide www.microsoft.com/securityupdateguide
• Be cautious with software that is not digitally signed by its vendor
• Visit http://www.cert-in.org.in/securepc/index.html and www.microsoft.com/protect
• Develop and deploy software with Security Development Lifecycle