BreachExchange mailing list archives
Cybercriminals now gearing towards deception-based attacks
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 15 May 2014 18:05:07 -0600
http://www.mis-asia.com/resource/industries/cybercriminals-now-gearing-towards-deception-based-attacks-microsoft/ Cybercriminals are increasingly turning to deceptive tactics for malicious purposes such as stealing people's personal and financial information. This is according to Microsoft's latest research findings, which show that in the last quarter of 2013, the number of computers that had to be disinfected as a result of deceptive tactics more than tripled compared to past years. This increase in deceptive tactics correlates with a 70-percent decline in the number of severe vulnerabilities exploited in Microsoft products between 2010 and 2013. This shows that newer products are providing better protection. Additionally, the increased adoption of several key security mitigations across the industry are making it more difficult and expensive for cybercriminals to develop software exploits. Types of deception-based attacks According to Microsoft’s new data, one of the most dominant deceptive techniques used worldwide in the second half of 2013 was deceptive downloads.These downloads were identified as a top threat in 95 percent of the 110 countries and regions that Microsoft polled. Cybercriminals enticed users to download malware hidden behind legitimate content such as software, music or videos found online. Infected machines often continue to function, and the only observable signs of infection might be slower system performancesor unexpected search results popping up in a browser. Over time, fraudulent activities happening surreptitiously could tarnish the victim’s online reputation, in addition to being banned from secured websites. Another form of deception is ransomware, which often pretends to be an official-looking warning from a renowned law enforcement agency. It then accuses its victim of committing a computer-related crime, and demands them to pay a fine to regain control of the computer. Ransomware is geographically concentrated, but its deployment is gaining popularity. In fact, the reported cases of top ransomware, Reveton, increased by 45 percent between the first and second half of 2013. Singapore is in the safe zone Singapore is one of the countries that has a very low malware encounter rate, together with New Zealand, Australia and United States. Countries like Thailand, Malaysia, Philippines, Vietnam, India and Indonesia however, experienced very high malware encounter rates. Microsoft’s research findings revealed that the top three deceptive threats in Singapore during the fourth quarter of 2013 were Rotbrow (1.9 percent), Brantall (1.9 percent), and Obfuscator (1.4 percent). Additionally, for the most common type of malware encountered in Singapore during that same quarter, the top three were noted to be miscellaneous Trojans (5.1 percent), Trojan Downloaders and Droppers (4.3 percent), and Worms (2.5 percent). Although these statistics show that Singapore is not impervious to cyber attacks, both the malware encounter rate and infection rate for Singapore is well below the worldwide average. Tim Rains, Trustworthy Computing Director of Microsoft, attributes this positive trend to “institutional stability”. Quoting the Arab Spring in Egypt as an example, he says: “When the Arab Spring started, malware infection rates started to go up because there’s unrest in the country. Then when the President stepped down, the malware infection rates went up even more. But when elections were announced, the infection rates went down. So what we saw was a correlation between some of the institutional stability factors like regime stability and demographic stability.” “What we postulate from this is public-private partnership. When the government stops working or becomes less effective, oftentimes, those public-private partnership stops working too. When that happens, you start to see malware infection rates go up,” he says. “In Singapore, I can tell the public-private partnership here – between Microsoft, the industry and the government – is very positive; and I think that’s a big reason why the malware infection rates here are kept consistently low.” Prevention is better than cure Microsoft’s Rains advises customers to take a few actions to help keep themselves protected. Some recommendations include using newer software whenever possible and keeping it up to date, only downloading from trusted sources, running up-to-date antivirus, thinking twice before clicking on a link or attachment, and backing up files. He further advises: “If you don’t trust the source of the software, then don’t trust the software itself. Don’t simply download it because it’s free."
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Cybercriminals now gearing towards deception-based attacks Audrey McNeil (May 23)