New Data Sheds Light on Shifting Cybercriminal Tactics

New data released today suggests that the security mitigations that Microsoft has included in newer software has helped make malicious cyber acts more difficult for would-be attackers. Effective security mitigations raise the cost of doing business for cybercriminals. The data also indicates that cybercriminals are increasingly utilizing deceptive tactics in their attempts to compromise systems.

This is a key finding of our latest cybersecurity report, that we publish twice a year to help our customers, partners, and the broader cybersecurity community understand the tools, tactics and threats posed by cybercriminals. This knowledge is essential for IT and security professionals trying to better protect themselves and their organizations from cyber-attacks.

New research conducted by Trustworthy Computing’s Security Science team shows a 70 percent decline in the number of severe vulnerabilities (those that can enable remote code execution) that were exploited in Microsoft products between 2010 and 2013. This is a clear indication that newer products are providing better protection, even in cases where vulnerabilities exist. While this trend is promising, cybercriminals aren’t giving up. Our data shows that in the second half of 2013 there was a noticeable increase in cybercriminal activity where attackers used deceptive practices. The continued increase in deceptive tactics is striking; in the last quarter of 2013, the number of computers impacted as a result of deceptive tactics more than tripled. The security mitigations included in newer Microsoft products have raised the technical bar for would-be attackers, which may be one of the factors driving an increase in the use of deceptive tactics.

Foremost among the tactics many attackers are using is “deceptive downloads.” In more than 95% of the 110 countries/regions we studied, deceptive downloads were a top threat. Cybercriminals are secretly bundling malicious items with legitimate content such as software, games or music. Taking advantage of people’s desire to get a good deal, cybercriminals are bundling malware with free programs and free software packages that can be downloaded online. For example, a typical scenario is someone that has a file they downloaded from a website that they can’t open because they don’t appear to have the right software installed to open it. As a result, they search online and come across a free software download that might help them open the file. The free download also comes with other add-ons.  In addition to what the person thought they were getting, the download also installs malware. The malware may be installed immediately or at a later date as it assesses the victim’s computer’s profile. It could be months or even years before the victim notices the infection, as often these malicious items operate behind the scenes with the only visible effect being slower performance on the system that was infected.

In the last half of 2013, deceptive downloads were definitely in vogue with cybercriminals. But that wasn’t the only tactic they used. A second notable deceptive tactic in use was Ransomware. The concept is simple: cybercriminals digitally hijack a person’s machine and hold it for ransom; refusing to return control of it or their files until the victim pays a fee. In many cases, control of the computer or files is never returned to the victim, causing them to lose valuable data, pictures, movies, music, etc. Between the first and second halves of 2013, the top ransomware threat encountered globally, increased by 45 percent. The data suggests that ransomware threats are typically geographically concentrated for periods of time. For cybercriminals looking to make a quick buck, this is an increasingly alluring tactic.

It is important to note that while deceptive tactics have increased in prevalence, there are actions people can take to help protect themselves and their organizations. Using newer software whenever possible and keeping it up to date, only downloading software from trusted sources, avoid opening email and instant messages from untrusted or unknown senders, running antivirus software and keeping it up to date, and backing up valuable data and files, make it much harder for attackers who use deceptive practices to be successful.

The new report contains a lot of valuable information. If you want to learn more about deceptive tactics and other key findings, please visit: www.microsoft.com/sir.

Tim Rains
Director
Trustworthy Computing

About the Author
Tim Rains

Director, Cybersecurity & Cloud Strategy

Tim Rains has over 20 years of experience in the technology industry across several disciplines including engineering, consulting, and marketing communications roles. He currently manages security marketing and corporate communications in the Trustworthy Computing division at Microsoft. His expertise ranges Read more »