Asians beware! Ransomware is travelling East

In late May this year, Microsoft came out with a security report that made a bold declaration: deception is now the favourite tactic of cybercriminals.

The report identified deceptive downloads as threat in 95 % of the countries/regions where data had been gathered. It described deceptive downloads as the bundling of malware with legitimate downloadable content to lure victims. Examples of such legitimate content would be software, music or videos found online.

With regard to Singapore, the report cited Rotbrew, Brantall, and Obfuscator as the top three deceptive threats during Q4 2013.

Microsoft's cyber security report was based on data gathered from more than a billion systems across 110 countries and regions. Data gathering took place during the second half of 2013.

At Microsoft's headquarters in Redmond in early June, Tim Rains, Director, Trustworthy Computing, Microsoft, said that reliance on deception tripled in the last quarter of 2013. However, there has been a 70% decrease between 2010 and 2013 in severe vulnerabilities exploited in Microsoft products.

But the bad news is, according to Rains, ransomware is here (like someone sending you an email pretending to be your local police or immigration officer), and it is traveling East-from Russia and Kazakhstan. So, beware Asian users!

Rains and his team see a lot of worm activity in Asia. The good news, at least for Singapore, is that Singapore has a low malware encounter rate compared to other countries: 10 percent against the average of 22 percent worldwide.

While discussing the cybersecurity report, I had the opportunity to ask Rains some detailed questions about malware activity in general and ransomware in particular. Here are his answers:

There was a 70% reduction in exploits that target the most severe vulnerabilities in Microsoft products between 2010 - 2013. What led to these reductions?

Rains: Newer versions of software include the latest in security innovations and advancements which make it more difficult and costly for cybercriminals to exploit vulnerabilities. Increased adoption of newer software has likely been a major factor in the declining trend of new exploits against severe vulnerabilities in Microsoft products over the past three years.

Last year, Microsoft discovered that cyber criminals were relying more on deception. How long could this trend last?

As long as this tactic is effective, cybercriminals will likely continue to use it. That's why greater awareness of these tactics is important and can help make it harder for cybercriminals to be successful. In the last six months of 2013, we saw cybercriminals increasingly relying on deception. One of the most dominant deceptive techniques used worldwide during that time frame was deceptive downloads. Deceptive downloads is a tactic whereby cybercriminals will bundle malware with legitimate programs such as software, videos or music downloaded online. Typically these downloads are on untrusted sites and come with enticing offers. One of the most common bundles of deceptive software in the 4th quarter of 2013 - Rotbrow - contained malicious software. This software started out legitimate and then turned malicious months later and distributed known malware. This tactic will likely be used in the future by cybercriminals. There are some best practices which can help protect against deceptive downloads:

  • When downloading or obtaining software, audio or video files, do so from a trusted source.
  • Get the latest computer updates for all your installed software.
  • As a best practice, we recommend using Internet Explorer with SmartScreen enabled which can help protect users from malicious downloads.

Additionally Microsoft also recommends people:

  • Enable a firewall on their computer and employ up to date antivirus software.
  • Get the latest computer updates for all installed software. For example, enable auto-update.
  • Run antivirus and keep it up to date
  • Limit user privileges on the computer so that if the system becomes infected with malware, it will not have admin privileges.
  • Use caution when opening attachments and accepting file transfers, as well as when clicking on links to unknown websites.
  • Use strong passwords to help strengthen the layer of defense.

In the event someone believes their system may be compromised, we recommend running detection and removal software from a trusted source. To do this, users should run a full-system scan with an up-to-date antivirus product.

Your report shows that Ransomware is traveling east now. Does it mean more threat for Asia?

Based on the Ransomware data in our latest report, it seems reasonable this tactic may be used more and more over time in other parts of the world. Over time we've seen Ransomware move from the United States, to Western Europe and now being most prevalent in countries like Russia and Kazakhstan, so it appears Ransomware is moving geographically east. People should be aware of the threat of Ransomware and best practices on how to help protect against it:

  • Don't pay the fee! Paying the ransom does not guarantee the files will be returned or that the attacker will restore the affected computer to a usable state.
  • Back-up your files.
  • Think before you click - don't click on links or open attachments from untrusted sources.

What can Asian users do to thwart Ransomware?

There a number of things people can do today to help protect against Ransomware:

  • Don't pay the fee! Paying the ransom does not guarantee the files will be returned or that the attacker will restore the affected computer to a usable state.
  • Back-up your files.
  • Think before you click - don't click on links or open attachments from untrusted sources.

Join the CSO newsletter!

Error: Please check your email address.

Tags Microsoftsecurity

More about Microsoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Zafar Anjum

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place