In late May this year, Microsoft came out with a security report that made a bold declaration: deception is now the favourite tactic of cybercriminals.

The report identified deceptive downloads as threat in 95 % of the countries/regions where data had been gathered. It described deceptive downloads as the bundling of malware with legitimate downloadable content to lure victims. Examples of such legitimate content would be software, music or videos found online.

With regard to Singapore, the report cited Rotbrew, Brantall, and Obfuscator as the top three deceptive threats during Q4 2013.

Microsoft's cyber security report was based on data gathered from more than a billion systems across 110 countries and regions. Data gathering took place during the second half of 2013.

At Microsoft's headquarters in Redmond in early June, Tim Rains, Director, Trustworthy Computing, Microsoft, said that reliance on deception tripled in the last quarter of 2013. However, there has been a 70% decrease between 2010 and 2013 in severe vulnerabilities exploited in Microsoft products.

But the bad news is, according to Rains, ransomware is here (like someone sending you an email pretending to be your local police or immigration officer), and it is traveling East-from Russia and Kazakhstan. So, beware Asian users!

Rains and his team see a lot of worm activity in Asia. The good news, at least for Singapore, is that Singapore has a low malware encounter rate compared to other countries: 10 percent against the average of 22 percent worldwide.

While discussing the cybersecurity report, I had the opportunity to ask Rains some detailed questions about malware activity in general and ransomware in particular. Here are his answers:

There was a 70% reduction in exploits that target the most severe vulnerabilities in Microsoft products between 2010 - 2013. What led to these reductions?

Rains: Newer versions of software include the latest in security innovations and advancements which make it more difficult and costly for cybercriminals to exploit vulnerabilities. Increased adoption of newer software has likely been a major factor in the declining trend of new exploits against severe vulnerabilities in Microsoft products over the past three years.

Last year, Microsoft discovered that cyber criminals were relying more on deception. How long could this trend last?

As long as this tactic is effective, cybercriminals will likely continue to use it. That's why greater awareness of these tactics is important and can help make it harder for cybercriminals to be successful. In the last six months of 2013, we saw cybercriminals increasingly relying on deception. One of the most dominant deceptive techniques used worldwide during that time frame was deceptive downloads. Deceptive downloads is a tactic whereby cybercriminals will bundle malware with legitimate programs such as software, videos or music downloaded online. Typically these downloads are on untrusted sites and come with enticing offers. One of the most common bundles of deceptive software in the 4th quarter of 2013 - Rotbrow - contained malicious software. This software started out legitimate and then turned malicious months later and distributed known malware. This tactic will likely be used in the future by cybercriminals. There are some best practices which can help protect against deceptive downloads:

  • When downloading or obtaining software, audio or video files, do so from a trusted source.
  • Get the latest computer updates for all your installed software.
  • As a best practice, we recommend using Internet Explorer with SmartScreen enabled which can help protect users from malicious downloads.

Additionally Microsoft also recommends people:

  • Enable a firewall on their computer and employ up to date antivirus software.
  • Get the latest computer updates for all installed software. For example, enable auto-update.
  • Run antivirus and keep it up to date
  • Limit user privileges on the computer so that if the system becomes infected with malware, it will not have admin privileges.
  • Use caution when opening attachments and accepting file transfers, as well as when clicking on links to unknown websites.
  • Use strong passwords to help strengthen the layer of defense.

In the event someone believes their system may be compromised, we recommend running detection and removal software from a trusted source. To do this, users should run a full-system scan with an up-to-date antivirus product.

Your report shows that Ransomware is traveling east now. Does it mean more threat for Asia?

Based on the Ransomware data in our latest report, it seems reasonable this tactic may be used more and more over time in other parts of the world. Over time we've seen Ransomware move from the United States, to Western Europe and now being most prevalent in countries like Russia and Kazakhstan, so it appears Ransomware is moving geographically east. People should be aware of the threat of Ransomware and best practices on how to help protect against it:

  • Don't pay the fee! Paying the ransom does not guarantee the files will be returned or that the attacker will restore the affected computer to a usable state.
  • Back-up your files.
  • Think before you click - don't click on links or open attachments from untrusted sources.

What can Asian users do to thwart Ransomware?

There a number of things people can do today to help protect against Ransomware:

  • Don't pay the fee! Paying the ransom does not guarantee the files will be returned or that the attacker will restore the affected computer to a usable state.
  • Back-up your files.
  • Think before you click - don't click on links or open attachments from untrusted sources.