Article by Antony Cook, Regional Vice President and Chief Legal Counsel, Asia, Microsoft:
Microsoft has been an active participant in Safer Internet Day each year since it started in 2004, and for the past several years, it’s also served as the launch date for our Digital Civility Index (DCI). The DCI is based on a survey we conduct in 25 countries worldwide, and it polls teens and adults about their encounters with 21 different online risks. You can find this year’s report and a number of other related resources here.
However, regardless of what day it is, one thing is for certain: there will still be online threats. So it’s imperative that we’re always aware of trends in the online environment so we can all stay safe.
Less Ransomware but Still More Attacks
Since the launch of Windows 10, we have actually seen the rates at which people encounter malware drop in in regions which have the most up-to-date patches and upgrades. However, there’s still more work to do to improve our safety online, as hackers have become increasingly adept in using new tricks, including AI – to achieve their goals.
One of the trends we’ve noted recently is the decline of ransomware, dropping more than 60% from its peak a few years ago. This initially sounds like a great development – and don’t get me wrong, overall it is quite positive – but there may be a darker lining to the news. Which is that attackers have learned that ransomware attracts too much attention from law enforcement, and also organizations have gotten better at backing up their data, so hackers have moved on to other activities.
At the same time we are seeing a drop in ransomware attacks, we are also seeing a rise in cryptocurrency malware and phishing, so it is likely that hackers have simply moved on to areas where they can profit more readily and with less attention than ransomware.
As attackers are most often acting for financial benefit, it should come as no surprise that they’ve made some big bets on cryptocurrency, and Bitcoin in particular. Mining coins requires immense computing power, so hackers who seek profits have begun to focus more on malware as a way into computers. These attacks allow them to use people’s computers to mine cryptocurrency coins, sometimes for weeks and months without being detected. Because cryptocurrency mining works in the background, oftentimes it’s not noticed or thought of until a computer’s performance is greatly affected.
This issue has been exacerbated by the fact that coin mining software is easily available, so cybercriminals have put malware into many widely used and shared programs. Also, hackers will try to attract users to sites hosting free copyrighted content, often the latest movies, and will install their software while you watch the latest blockbuster online.
Embedding Threats and Phishing Scams
Attackers have also gotten a lot smarter in recent years, corrupting legitimate and trusted software supply points as avenues to deliver malware. The examples are many: a routine update for a tax accounting application, popular freeware tools which have backdoors forcibly installed, a server management software package, an internet browser extension or site plugin, malicious images which activate scripts when clicked and even peer to peer applications.
In all cases, attackers were able to change the code of something that many people would normally download without issue or hesitation, allowing them to hitch a ride on an existing process.
These attacks are among the most dangerous and frustrating, because they take advantage of the trust that consumers and IT departments already have for existing software. So not only does the hack happen, but then the fundamental trust between company and person is affected in the future, creating further instability as customers switch programs or don’t install upgrades and patches.
Despite all that complexity and effort, attackers still find Phishing to be one of the most effective ways to compromise systems. Perhaps because it’s based on human decisions and judgment, it often has a higher chance of success – from January to December 2018, the share of total inbound emails that were Phishing messages increased 250%, and figures for the end of 2019 are expected to show continued growth.
While we all have gotten safety briefings before on Phishing, in fact the threat is getting bigger because attackers are using new tools like multiple URLs, domains and IPs when sending messages. They’re even localizing their approach to specific domains and even users, creating file names and links which are designed to appeal to these audiences. When these link to pixel for pixel copies of company sites, it can be extremely difficult to spot a Phishing attack before it’s too late.
Tips for Keeping Safe Online
While it does feel like it’s getting harder and harder to stay safe, there are actually a few simple steps you can take to ensure you are minimizing risk for your organization.
First, practice good security hygiene. That means to keep machines updated, enable email and browser protections, apply the security configurations your vendors recommend and stay away from any unfamiliar software or websites. And make sure you have legitimate copies of everything on your machines, not just your most frequently used programs.
Second, implement more access controls in your systems, using Zero Trust or least privilege models, so that even if someone were to hack into the network, they’d only be able to reach a subset of it, not the whole thing.
Third, keep backups. The cloud is a great tool for this. We recommend the 3-2-1 rule: Keep three backups of your data on two different storage types, with at least one backup offsite.
Finally, remain vigilant. Keep an eye out for suspicious situations, and if applicable, report them to your IT department immediately. This can be anything like a sudden slowdown in processing speed to noticing (and not clicking on) strange web links and images.
While Safer Internet Day is only once a year, we at Microsoft encourage everyone to make every day online safer. By becoming more aware of what kind of threats are out there, and how to respond, we can all protect ourselves, our organizations and our communities against emerging cyberthreats. When we strengthen our tools and knowledge, we create a safer, more trustworthy and more fulfilling online experience for everyone.