There’s no safe haven for consumers to shield them from cybercriminals, not even social networks. In fact, Microsoft reveals that with online attacks increasingly targeting consumers, it has recorded a significant rise in social networking phishing, adware and rogue security software.The Redmond company just released the tenth volume of the Microsoft Security Intelligence Report (SIR), based on data harvested from in excess of 600 million computers worldwide used by customers in 117 countries.
The report provides a comprehensive insight over the evolution of the threat landscape in the last half of 2010.
It appears that the vast majority of cybercriminals are leveraging marketing tactics in order to transform unsuspecting users into victims.
Vinny Gullotto, General Manager, Microsoft Malware Protection Center notes that such attackers are generally less skilled than elite criminals, and that they often rely on ready-made accessible attack methods and on social engineering.
Fake marketing campaigns and malicious product promotions are tools of the trade for average attackers, and Gullotto revealed some of their results:
“• Rogue Security Software – Rogue security software was detected and blocked on almost 19 million systems in 2010, and the top five families were responsible for approximately 13 million of these detections.
• Phishing – Phishing using social networking as the lure increased 1,200 percent – from a low of 8.3 percent of all phishing in January to a high of 84.5 percent in December 2010. Phishing that targeted online gaming sites reached a high of 16.7 percent of all phishing in June.
• Adware – Global detections of adware when surfing websites increased 70 percent from the second quarter to the fourth quarter of 2010. This increase was almost completely caused by the detection of a pair of new Adware families, JS/Pornpop and Win32/ClickPotato, which are the two most prevalent malware in many countries.”
Microsoft also indicates that there are also highly sophisticated cybercriminals, which are largely responsible for targeted attacks, being motivated by large payoffs.
The elite of attackers also leverages social engineering, however, it does this in custom attacks, which can also include exploits of zero-day vulnerabilities that they came across.