With malware and security breaches becoming an increasingly commonplace occurrence, The question on the mind of many is how and why is this happening?
I caught up with Tim Rains who is the head of security marketing at the Trustworthy Computing Division at Microsoft. Tim also manages the Microsoft Security Intelligence Report which provides in-depth analysis on the global cyber threat landscape.
Q: What is the main source of malware infection?
Deceptive downloads were the top threat facing 95% of the 110 countries/regions studied in 4Q13.
They are a tactic that cybercriminals use to trick victims into installing malware by bundling it with legitimate content such as software, videos or music downloaded online (such as Rotbrow and Brantall, legitimate software applications that were used to install Sefnit which is the malicious malware).
A user wants to find software that opens up a file because they don't have the right software to open that file. They find a free software package, they download, but it has been bundled with malware.
Q: Given Windows XP's huge install base and its support ending, could this change in the near future as vulnerabilities are exploited?
Microsoft in general has a 10 year support lifecycle policy which is very long compared to most others out there. We have actually extended Windows XP twice (on separate occasions) and ended up having 13 years of support. We were very vocal about the end of support coming and reminded people early.
We continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1, not only will they get better security moving to 7 or 8 but they will also get better functionality.
Q: What is the weakest link that leads to systems being compromised?
It's deceptive download tactics. We are seeing a specific family downloaded over time called Rotbrow and once it compromises a system they use it to use click fraud (such as driving clicks to a site for advertising revenue).
In the event a user believes their system may be compromised, we recommend users should run a full-system scan with an up-to-date antivirus product either from a trusted vendor or MS Security Essentials or Windows Defender.
For me the mantra is if you don't trust the sources of the software, don't trust the software. This is one of the things that the app store distribution model is really helpful for, as users can go to the app store and look at the different people who have submitted the apps; they have some level of assurance that the app store has looked at the apps and they're not malicious.
Q: I'm also seeing security issues on social media leading to accounts being hacked, is this a growing trend?
According to our latest cybersecurity report, vulnerabilities in applications other than web browsers and operating system applications increased 34.4 percent in the second half of 2013 and accounted for 58.1 percent of the total disclosures for the period.
Once attackers get into that trusted network they have a better chance of taking advantage of someone. If they are just sending spam (correspondence outside that trusted network), people are less likely to trust it.
Q: When a PC is compromised with malware what are the sorts of things that can typically happen?
When a system has been compromised with malware, the machine can be used for any number of purposes for malicious intent. Typically, cybercriminals are seeking to steal personal or financial information but it will also be used for click fraud to drive advertising revenue for a particular site.
Q: What is driving the growth in Malware? Someone must be making money but how?
The threat landscape in the APAC region, in our report, NZ is about the worldwide average (about 18 systems for 1000 that we scan). That's a big increase from the third quarter of 2013. back then NZ's infection rate was below the worldwide average at 4 systems to every 1000.
When we look at the reasons for that big increase its Rotbrow and Sefnit; also a malware family called Brantall; both Rotbrow and Brantall distribute Sefnit. We saw that almost 6% of the systems in NZ encountered Rotbrow and that's a very large number concentrated on one family. 3.3% of the systems encountered Brantall. So that 9% of system's encountered and that 9% is being used for Sefnit (which is driving clicks to a site for advertising revenue - we call that click fraud).
One of the reasons why the detections went up for Rotbrow so sharply (and suddenly) is that no one was really detecting it as Malware for a long period of time and that's because it was being used to distribute software that wasn't deemed to be malicious by any of the anti-virus companies. Then the Trojan started to distribute more malicious add-ons (instead of being benign) and when the Microsoft Malware Protection Centre saw that they added a detection for it which started to remove it from lots of systems and we also shared that research with other anti-virus vendors out there who did the same. We expect once all those systems to be disinfected of this to see the malware rates go down to typical levels.
(In NZ) we saw 14.5 systems infected with Rotbrow for every 1000 systems we scan with the Malicious Software Removal Tool. The deceptive tactics we talked about is certainly what we see when we take a look at the list of threats here in NZ.
Q: A growing number of security experts are saying that anti-virus apps are becoming less effective - why is this?
Our latest cybersecurity report indicates that computers not running real-time security software during the 3rd quarter of 2013 were 6.7 times as likely to be infected with malware as computers that were. This is a clear indication that running real-time security software is helping to protect systems.
Q: What tips do you have for the average person to do in order to avoid their computers being infected by malware?
• Keeping software up to date
• Download from a trusted vendor
• Run up to date anti-virus
• Back-up your files
• Enable a firewall on your computer
• Get the latest computer updates for all installed software.
• Limit user privileges on the computer so that if the system becomes infected with malware, it will not have administrator privileges.
• Use strong passwords
• And finally think before you click. One of the most effective ways attackers have been targeting people is through email; most of it is spam but it has URL's and malicious attachments so when they open up the attachments they get infected with malware - or taken to a site and exposed to malware.
Q: What does the future of this thorny issue look like? Will the situation improve or worsen - why?
As the security industry continues to innovate, cybercriminals continue to evolve.
A really good example of this is the shift that we are seeing in how attackers are targeting people from vulnerability to deception with vulnerability disclosures trending at 2500 every 6 months. Microsoft is making it harder to exploit these vulnerabilities, since we have seen a 70% reduction in the number of exploits in vulnerabilities (2010 - 2013).
While the attackers tactics might change, keep in mind all of the tips we talked about for keeping your system safe, this is your best method of protection.