Cybercriminals are ditching the old strategy of exploiting software vulnerabilities, choosing instead to rely on deceit and deception, according to a new security report released this week.
This shift in criminal strategy, revealed by Microsoft’s latest Security Intelligence Report, has been attributed to improved cybersecurity and protection offered by newer products.
Analysing data submitted by users’ security reports, Microsoft observed that in the last quarter of 2013, the number of computers that had to be disinfected as a result of deceptive tactics more than tripled.
This increase corresponded with a 70 per cent decline in the number of severe vulnerabilities exploited in Microsoft products between 2010 and 2030, a clear indication that better security made developing software exploits more difficult for cybercriminals.
According to Microsoft, one of the most common deceptive tactics involve luring victims with downloads by bundling malware with legitimate downloadable content such as software and videos.
In Singapore, the top three malware associated with deceptive threats during the last quarter of 2013 were Rotbrow, Brantall and Obfuscator.
Once downloaded, infected machines continue to function normally, with the only observable signs being a slower computer or unexpected search results appearing in a browser. Over time, the individual’s online reputation becomes tarnished through fraudulent activities like click fraud.
While deceptive downloads are one of the most prevalent tactics used worldwide, ransomware has also become another popular deceptive practice, where the malware pretends to be an official warning from a well-known law enforcement agency. It then proceeds to accuse victims of committing a cybercrime, demanding a fine in exchange for regaining control of their computer.
In light of the new threats, Microsoft advises customers to adequately protect themselves by using newer software, keeping it up to date, only downloading from trusted sources, running an antivirus and constantly backing up essential files.