What's in the Microsoft Security Intelligence Report?
Twice a year, Microsoft releases an updated Security Intelligence Report detailing the latest threats, countermeasures, and trends in computer and Internet security. The SIR for the second half of 2013 is out, and it highlights trends that are important to consumers as well as business users. Here are the highlights, and what you should know...
Microsoft Sheds Light on Security Threat Trends
The “Exploitation Trends” section of the latest Microsoft Security Intelligence Report explores the tricks and tactics that are increasingly popular among bad actors. (And I don't mean Lindsay Lohan or Charlie Sheen.) Knowing these trends can help you evaluate security software and avoid behavior that can put you at greater risk of infection or invasion.
Here is a summary of the latest exploitation trends:
The SIR report says that “In the modern era, the profit motive underlies most malicious exploitation activity.” The days of hacking for laughs or street cred are pretty much gone because as security has tightened up it takes a lot more money and effort to hack. The good news is that you are less likely to fall victim to a random, senseless act of online vandalism. The bad news is that you may be targeted by professional cybercrooks with formidable, sophisticated burglary tools.
The profit motive means that not every vulnerability gets exploited. In fact, the percentage of newly discovered vulnerabilities in Microsoft software that actually are exploited by malware authors has been plummeting since its peak of about 42% in 2010; it’s down to 10% now. So when you read a breathless alarm about a new zero-day threat, there is only a 10% chance that it will actually materialize.
The odds that it will strike you personally are, of course, even smaller. That does not mean you can afford to be careless about security, but you don’t have to panic at every overblown news report. Just make sure your operating system, application software and security tools are up to date. (See my related articles Free Anti-Virus Programs and Computer Security: The Missing Link)
The report says, “the number of zero-day exploits detected each year has decreased since 2011 in absolute terms; subsequently, zero-day exploits have accounted for a larger share of the total in each of the last three years.” A “zero-day” exploit is one that exploits a vulnerability that security pros don’t know about until it’s exploited; they have “zero days” to prepare a defense. (See Avoiding Zero-Day Exploits)
The implication of this twofold factoid is that the total number of exploits detected has decreased even faster than the number of zero-day exploits. In other words, good guys are getting better at closing newly discovered security holes before they are exploited. That’s good news.
You Too Can Be an Evil Hacker!
Often, a vulnerability discovered by a “black hat” researcher is sold one time to another bad guy who develops software to exploit the vulnerability. Usually, the exploit is launched against a single, high-value target such as… well, Target Stores, for instance. But Microsoft’s report notes a rise in a form of mass distribution of vulnerabilities: the so-called “exploit kit.” These kits can be used by less technical "script kiddies" who lack the skills to develop their own exploits. Consumers are the target of these proliferating dangers.
Exploit kits are suites of malicious apps, each of which targets a specific vulnerability on a specific computing platform. The malware can be extremely specialized, e. g., one version for Web browsers that have Flash enabled and another for identical browsers that do not. The exploit kit, along with software that manages it, is hosted on a central server that is usually not the one victims visit.
Instead, the owner of the exploit kit seeds many Web sites with small bits of code that does a simple task. Using data that your browser sends to every site it visits, the code determines what browser you’re using, your operating system, what browser plug-ins you have installed, and other data that has perfectly legitimate uses to perfectly legitimate sites. But unlike legit sites, this code also probes for unpatched vulnerabilities that can be exploited.
The code sends this information to the exploit kit, which selects malware payloads tailored to the victim at hand and delivers it to the victim’s browser. To minimize the possibility of detection, it doesn’t send every exploit possible; just the few that are most likely to succeed based on past results.
Exploit kits are intended for marketing to wannabe cybercriminals, so their price must be kept relatively low. Highly valuable zero-day vulnerabilities won’t be targeted by cheap exploit kits. Instead, the kits contain exploits that attack vulnerabilities that were patched more than 30 days ago; these are cheap because they seldom work.
But if you’re the kind of person who doesn’t keep software up to date with security patches, these obsolete exploits WILL work on you! Pay attention here, if you're still running XP. (See Windows XP: Game Over.)
Freeware and Foistware
Malware buried in long-established legitimate free software is now one of the top 10 threats, according to the Microsoft report. Such “deceptive downloads” include “Rotbrow” and “Brontall,” which have been found in browser toolbars, security software, and codec packages. The report lists supposedly legitimate programs that are sometimes infected with these nasty bits, including 77Zip, Best Codecs Pack, PC Doer, Video Doer, Speed Analysis, eType and RocketPDF.
Not every copy of these programs is infected with malware; if you obtain a well-known free download from its developer’s site, you’ll be safe. But honestly, I'd advise staying away from ALL of those titles. eType seems marginally useful, and RocketPDF is a ripoff of SumatraPDF. All the others are either sketchy or so obscure I couldn't even find them with a Google search.
In my opinion, Microsoft would do better to shed light on the foistware problem, and specifically, the shameful tactics being employed by CNET's Download.com and Tucows. (See Downloading? Watch Out For These Danger Signs.)
The most important takeaway from this “threat trends” report is that the vulnerability you really need to fear is not just the one that’s making headlines right now. It’s also the one you’ve never heard of or thought had been eradicated long ago. And the only way to guard against those is to keep your guard up routinely, not just when the mass media alarms sound.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 13 May 2014
|For Fun: Buy Bob a Snickers.|
Smartpens Wise Up
The Top Twenty
Geekly Update - 14 May 2014
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- What's in the Microsoft Security Intelligence Report? (Posted: 13 May 2014)
Copyright © 2005 - Bob Rankin - All Rights Reserved