Cybercriminals Switch Up Tactics to Embrace Deceptive Practices

Microsoft’s latest Security Intelligence report showed a noticeable increase in cybercriminal activity in the second half of 2013 where attackers used deceptive practices
Microsoft’s latest Security Intelligence report showed a noticeable increase in cybercriminal activity in the second half of 2013 where attackers used deceptive practices

“The continued increase in deceptive tactics is striking; in the last quarter of 2013, the number of computers impacted as a result of deceptive tactics more than tripled,” noted Tim Rains, director of Microsoft Trustworthy Computing, in a blog.

Foremost among these is the deceptive download approach, where cybercriminals secretly bundle malicious items with legitimate content such as software, games or music. These showed up as a top threat in more than 95% of the 110 countries and regions covered by the report.

“Taking advantage of people’s desire to get a good deal, cybercriminals are bundling malware with free programs and free software packages that can be downloaded online,” Raines explained. “For example, a typical scenario is someone that has a file they downloaded from a website that they can’t open, because they don’t appear to have the right software installed to open it. As a result, they search online and come across a free software download that might help them open the file. The free download also comes with other add-ons. In addition to what the person thought they were getting, the download also installs malware.”

That malware may be installed immediately, or at a later date, as it assesses the victim computer’s profile. It could be months or even years before the victim notices the infection, as often these malicious items operate behind the scenes with the only visible effect being slower performance on the system that was infected.

In addition, Microsoft also found that ransomware is on the rise. Between the first and second half of 2013, ransomware encountered globally increased by 45%. The data suggests that these threats are typically geographically concentrated for periods of time until awareness is raised about the scam.

“For cybercriminals looking to make a quick buck, this is an increasingly alluring tactic,” Raines said. “The concept is simple: cybercriminals digitally hijack a person’s machine and hold it for ransom; refusing to return control of it or their files until the victim pays a fee. In many cases, control of the computer or files is never returned to the victim, causing them to lose valuable data, pictures, movies, music, etc.”

Raines postulated that the security mitigations included in newer Microsoft products have raised the technical bar for would-be attackers. In turn, that could be a factor in the tactical shift because of the increase in the cost of doing cyber-criminal business the old-fashioned way, using exploits.

New research conducted by Trustworthy Computing’s Security Science team shows a 70% decline in the number of severe vulnerabilities (i.e., those that can enable remote code execution) that were exploited in Microsoft products between 2010 and 2013.

“This is a clear indication that newer products are providing better protection, even in cases where vulnerabilities exist,” Raines said. “[But] while this trend is promising, cybercriminals aren’t giving up.”

Users, as always, should deploy newer software whenever possible and keep it up to date, only downloading software from trusted sources. They should also avoid opening email and instant messages from untrusted or unknown senders, and should run anti-virus and back up valuable data and files.

What’s hot on Infosecurity Magazine?