Cybercriminals are increasingly turning to deceptive tactics for malicious purposes such as stealing people's personal and financial information.
This is according to Microsoft's latest research findings, which show that in the last quarter of 2013, the number of computers that had to be disinfected as a result of deceptive tactics more than tripled compared to past years.
This increase in deceptive tactics correlates with a 70-percent decline in the number of severe vulnerabilities exploited in Microsoft products between 2010 and 2013. This shows that newer products are providing better protection. Additionally, the increased adoption of several key security mitigations across the industry are making it more difficult and expensive for cybercriminals to develop software exploits.
Types of deception-based attacks
According to Microsoft’s new data, one of the most dominant deceptive techniques used worldwide in the second half of 2013 was deceptive downloads.These downloads were identified as a top threat in 95 percent of the 110 countries and regions that Microsoft polled.
Cybercriminals enticed users to download malware hidden behind legitimate content such as software, music or videos found online. Infected machines often continue to function, and the only observable signs of infection might be slower system performancesor unexpected search results popping up in a browser. Over time, fraudulent activities happening surreptitiously could tarnish the victim’s online reputation, in addition to being banned from secured websites.
Another form of deception is ransomware, which often pretends to be an official-looking warning from a renowned law enforcement agency. It then accuses its victim of committing a computer-related crime, and demands them to pay a fine to regain control of the computer.
Ransomware is geographically concentrated, but its deployment is gaining popularity. In fact, the reported cases of top ransomware, Reveton, increased by 45 percent between the first and second half of 2013.
Sign up for CIO Asia eNewsletters.