Microsoft Sees Decline in Security Vulnerabilities
Microsoft's latest cybersecurity report, released Wednesday, shows a 70 percent decline in the number of severe vulnerabilities that were exploited in Microsoft products between 2010 and 2013.
The report suggests that the security measures Microsoft has included in newer software has helped make life more difficult for would-be attackers, writes Tim Rains, Microsoft's Trustworthy Computing director.
But the data also indicates that cybercriminals are increasingly using deceptive tactics in their attempts to compromise computer systems. In the second half of 2013, there was a noticeable increase in cybercriminal activity where attackers used deceptive practices; in the last quarter of 2013, "the number of computers impacted as a result of deceptive tactics more than tripled," Rains says.
Foremost among the tactics many attackers are using is "deceptive downloads," according to Microsoft. In more than 95% of the 110 countries/regions Microsoft studied, deceptive downloads were a top threat. Cybercriminals are secretly bundling malicious items with legitimate content such as software, games or music. Taking advantage of people's desire to get a good deal, cybercriminals are bundling malware with free programs and free software packages that can be downloaded online. The free download also comes with other add-ons. In addition to what the person thought they were getting, the download also installs malware. The malware may be installed immediately or at a later date as it assesses the victim's computer's profile. It could be months or even years before the victim notices the infection, as often these malicious items operate behind the scenes with the only visible effect being slower performance on the system that was infected.
A second notable deceptive tactic in use was Ransomware. The concept is simple: cybercriminals digitally hijack a person's machine and hold it for ransom; refusing to return control of it or their files until the victim pays a fee. In many cases, control of the computer or files is never returned to the victim, causing them to lose valuable data, pictures, movies, music, etc. Between the first and second halves of 2013, the top ransomware threat encountered globally, increased by 45 percent. The data suggests that ransomware threats are typically geographically concentrated for periods of time. For cybercriminals looking to make a quick buck, this is an increasingly alluring tactic.
While deceptive tactics have increased in prevalence, there are actions people can take to help protect themselves and their organizations. Using newer software whenever possible and keeping it up to date, only downloading software from trusted sources, avoid opening email and instant messages from untrusted or unknown senders, running antivirus software and keeping it up to date, and backing up valuable data and files, make it much harder for attackers who use deceptive practices to be successful.
But the data also indicates that cybercriminals are increasingly using deceptive tactics in their attempts to compromise computer systems. In the second half of 2013, there was a noticeable increase in cybercriminal activity where attackers used deceptive practices; in the last quarter of 2013, "the number of computers impacted as a result of deceptive tactics more than tripled," Rains says.
Foremost among the tactics many attackers are using is "deceptive downloads," according to Microsoft. In more than 95% of the 110 countries/regions Microsoft studied, deceptive downloads were a top threat. Cybercriminals are secretly bundling malicious items with legitimate content such as software, games or music. Taking advantage of people's desire to get a good deal, cybercriminals are bundling malware with free programs and free software packages that can be downloaded online. The free download also comes with other add-ons. In addition to what the person thought they were getting, the download also installs malware. The malware may be installed immediately or at a later date as it assesses the victim's computer's profile. It could be months or even years before the victim notices the infection, as often these malicious items operate behind the scenes with the only visible effect being slower performance on the system that was infected.
A second notable deceptive tactic in use was Ransomware. The concept is simple: cybercriminals digitally hijack a person's machine and hold it for ransom; refusing to return control of it or their files until the victim pays a fee. In many cases, control of the computer or files is never returned to the victim, causing them to lose valuable data, pictures, movies, music, etc. Between the first and second halves of 2013, the top ransomware threat encountered globally, increased by 45 percent. The data suggests that ransomware threats are typically geographically concentrated for periods of time. For cybercriminals looking to make a quick buck, this is an increasingly alluring tactic.
While deceptive tactics have increased in prevalence, there are actions people can take to help protect themselves and their organizations. Using newer software whenever possible and keeping it up to date, only downloading software from trusted sources, avoid opening email and instant messages from untrusted or unknown senders, running antivirus software and keeping it up to date, and backing up valuable data and files, make it much harder for attackers who use deceptive practices to be successful.
