• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Microsoft Research Reveals New Trends in Cybercrime

malware

New Member
Joined
Nov 7, 2004
Messages
5,422 (1.13/day)
Likes
954
Location
Bulgaria
Processor Intel Core 2 Quad Q6600 G0 VID: 1.2125
Motherboard GIGABYTE GA-P35-DS3P rev.2.0
Cooling Thermalright Ultra-120 eXtreme + Noctua NF-S12 Fan
Memory 4x1 GB PQI DDR2 PC2-6400
Video Card(s) Colorful iGame Radeon HD 4890 1 GB GDDR5
Storage 2x 500 GB Seagate Barracuda 7200.11 32 MB RAID0
Display(s) BenQ G2400W 24-inch WideScreen LCD
Case Cooler Master COSMOS RC-1000 (sold), Cooler Master HAF-932 (delivered)
Audio Device(s) Creative X-Fi XtremeMusic + Logitech Z-5500 Digital THX
Power Supply Chieftec CFT-1000G-DF 1kW
Software Laptop: Lenovo 3000 N200 C2DT2310/3GB/120GB/GF7300/15.4"/Razer
#1
Microsoft Corp. today released research showing an acceleration in the number of security attacks designed to steal personal information or trick people into providing it through social engineering. Microsoft’s most recent Security Intelligence Report, a comprehensive analysis of the threat landscape, shows that attackers are increasingly targeting personal information to make a profit and are threatening to impact people’s privacy. The report found that during the first half of 2007, 31.6 million phishing scams were detected, an increase of more than 150 percent over the previous six months. The study also shows a 500 percent increase in trojan downloaders and droppers, malicious code used to install files such as trojans, password stealers, keyboard loggers and other malware on users’ systems.


Two notable families of trojans detected and removed by the Microsoft Malicious Software Removal Tool are specifically targeted at stealing data and banking information.

Microsoft also released findings from a recent survey of more than 3,600 security, privacy and marketing executives across a variety of industries in the United States, the United Kingdom and Germany, including financial services, healthcare, technology and government. Conducted by the Ponemon Institute LLC, the study found that as security threats increasingly target personal information, more collaboration among security and privacy officers is critical to avoid costly compromises or breaches of personal information.

The study for the Microsoft Trustworthy Computing Group, titled “Microsoft Study on Data Protection and Role Collaboration Within Organizations,” found that organizations with poor collaboration were more than twice as likely as organizations with good collaboration to have suffered a data breach in the past two years.

Ben Fathi, corporate vice president of development for the Windows Core Operating System Division at Microsoft, presented the research in a keynote address to information security professionals at the RSA Conference Europe in London. Scott Charney, corporate vice president of Microsoft’s Trustworthy Computing Group, will also share the results in his keynote address at the International Association for Privacy Professionals Privacy Academy in San Francisco later today.

“As a company committed to providing privacy and security solutions for our customers, we will continue to evolve our products, practices and processes as security and privacy become increasingly interdependent and as threats evolve,” Charney said. “There is no one-size-fits-all solution for organizations looking to effectively collaborate and protect data, but we hope this research will be a good resource for companies thinking about how to approach this.”

Security and Privacy Threats Converge Under New Attacks
As more people communicate, access and share information online and the delivery of services and information becomes more personalized, organizations are collecting larger amounts of personal information to provide services to customers. Increasingly, organizations need to share information and conduct business across borders and devices, and with a wide range of internal and external stakeholders. For cybercriminals, these factors represent greater opportunities to steal personal information.

“As the security of the operating system improves, we are seeing cybercriminals becoming more sophisticated, diverse and targeted in their methods of stealing personal information,” Fathi said. “Personal information is the currency of crime, and malicious attackers are targeting it to make their cyberattacks and other scams more authentic, credible and successful, and to make a profit.”

Microsoft’s Security Intelligence Report provides customers and partners with a comprehensive understanding of the types of threats Microsoft customers face today so they can take appropriate action to help ensure they are better protected both now and in the future. According to the latest report, released today, during the first half of 2007, there was a growing number of security attacks by trojans, which often target personal information, and an upward trend in the use of malware to compromise the privacy and security of user machines. In that same time period, backdoors, a category that includes bots, posed the most significantly increasing threat to instant messaging users as attackers continue to use them to control systems and violate user privacy.

The Relationship Between Security, Privacy and Data Use Functions
With security threats increasingly posing a greater threat to privacy, data protection requires involvement from several groups within an organization that typically have different objectives and responsibilities. The research conducted by the Ponemon Institute showed that where the collaboration between security and privacy functions is good, the risk of a data breach is lower. Seventy-four percent of companies that admitted to poor collaboration said they had experienced one or more significant data breaches in the last two years. However, only 29 percent of companies that claimed to have good collaboration reported one or more breaches in the same period.

The research indicates there are tensions within organizations over how data should be managed. Security and privacy professionals see customer data as an asset to protect, while in functions such as marketing where personal data is collected and used, employees are more likely to see it as a resource to achieve business objectives. Conversely, representatives from all three functions agree that the theft or loss of customer data has a potentially damaging impact on brand value and organizational reputation.

“A lot of companies are struggling with approaching data protection holistically, because security and privacy people often don’t even speak the same language and often report to different parts of the company,” said Rob Enderle, principal analyst at the Enderle Group. “Understanding the issues and getting security, privacy and business leaders together to discuss ways to approach this collaboratively is a good first step for organizations.”

One finding in particular from the survey provides evidence that some organizations struggle to align security, privacy and marketing functions. According to the research, 78 percent of security and privacy executives said they were confident that their marketing colleagues consult them before collecting or using personal information. However, only 30 percent of marketers said they actually do so.

Another key finding from the research found that preserving or enhancing an organization’s reputation and trust is important, especially for marketing professionals. More than 65 percent of marketers who collect and use data reported that preserving or enhancing the organization’s reputation and trust was among the most important business drivers for data protection. Avoiding threats is the top business driver for security professionals, and regulatory compliance is the top driver for privacy and compliance professionals. This finding suggests that when approaching data protection issues with marketers, security and privacy professionals will benefit from communicating the reputation and trust impacts associated with a lack of focus on avoiding threats of managing compliance.

Source: Microsoft
 

Helvetica

New Member
Joined
Sep 13, 2007
Messages
159 (0.04/day)
Likes
2
Processor Intel Core 2 Quad Q6600 Kentsfield 2.4GHz
Motherboard ASUS P5K-E/WIFI-AP
Memory 2GB DDR2 800mhz
Video Card(s) HD2900XT
Storage WD 10,000RPM
Display(s) 1920x1200
Audio Device(s) Creative
Power Supply 700w
#2
Glad to know they're staying on top of things. IE has warned me several times when I was entering a phishing site - esp. paypal and ebay.
 
Joined
Feb 26, 2007
Messages
850 (0.21/day)
Likes
23
Location
USA
#3
Devils advocate for a second here >;]
So what its turned around now? Its the nerds and 12 year old girls getting back at all the bullies, rapists, corporate titans, and so on?!? In a way isn't this kind of ironic.
/end rant

Sorry just had to paint that picture.
 
Joined
Jun 3, 2007
Messages
22,424 (5.78/day)
Likes
8,941
Location
'Merica. The Great SOUTH!
System Name TheMailbox 5.0 / The Mailbox 4.5
Processor RYZEN 1700X / Intel i7 2600k @ 4.2GHz
Motherboard Fatal1ty X370 Gaming K4 / Gigabyte Z77X-UP5 TH Intel LGA 1155
Cooling MasterLiquid PRO 280 / Scythe Katana 4
Memory ADATA RGB 16GB DDR4 2400 16-16-16-39 / G.SKILL Sniper Series 16GB DDR3 1866: 9-9-9-24
Video Card(s) MSI 1080 "Duke" with 8Gb of RAM. Boost Clock 1847 MHz / ASUS 780ti
Storage 256Gb M4 SSD / 128Gb Agelity 4 SSD , 500Gb WD (7200)
Display(s) LG 29" Class 21:9 UltraWide® IPS LED Monitor 2560 x 1080 / Dell 27"
Case Cooler Master MASTERBOX 5t / Cooler Master 922 HAF
Audio Device(s) Realtek ALC1220 Audio Codec / SupremeFX X-Fi with Bose Companion 2 speakers.
Power Supply Seasonic FOCUS Plus Series SSR-750PX 750W Platinum / SeaSonic X Series X650 Gold
Mouse SteelSeries Sensei (RAW) / Logitech G5
Keyboard Razer BlackWidow / Logitech (Unknown)
Software Windows 10 Pro (64-bit)
Benchmark Scores Benching is for bitches.
#4
Ya know what might help stop all of this would be just a touch of common sense. If you didn't want to go somewhere then why are you there? And if you don't know why you are there maybe you shouldn't be entering your credit card number.