Microsoft, HP report rise in cyber-attacks, offer advice on shoring up security

People’s desire to acquire movies, music and software for free could expose their employers to cybersecurity breaches, an increasingly costly proposition.
The latest Microsoft Security Intelligence Report reveals a rise in the number of cyber-attacks targeting the computers of people looking to download movies including The Avengers and The Hunger Games, songs by artists such as Lady Gaga, Pitbull and Christina Aguilera, or popular software ranging from Adobe Photoshop to the video games “Call of Duty” and “Guitar Pro”. Some of the downloads are of pirated material. Others come from legitimate websites where shareware and popular music are available.

Hackers disguise malicious code, or malware, as a pirated software or media file, or as software available for no cost, such as the free Adobe Flash Player. People who download the files infect their computer or mobile device with the malware. If the infected computer is part of, or connects to, an organisation’s network, the employee’s actions could result in the malware spreading to servers and other computers within the organisation. If not immediately stopped by an anti-virus programme or network firewall, the malicious software could damage or disable systems, or, even worse, steal intellectual property and confidential customer information such as credit card numbers.
The damage inflicted on businesses and other organisations in such situations continues to escalate, according to the recently released results from the 2012 Cost of Cyber Crime Study, conducted by the Ponemon Institute for HP. The survey of 56 US organisations, many of them multinational corporations, found that they collectively have been hit in 2012 with an average of 102 successful cyber-attacks each week, up 42% from 72 per week last year. The average recovery time for each incident has jumped 33%, from 18 days in 2011 to 24 days this year, while the average annualised financial impact of cybercrime is up 6%, to $8.9 million.

More than 78% of annual cybercrime costs per organisation result from one or more of the following: malicious code, denial of service, stolen or hijacked devices, and malevolent insiders.

A key to trouble

Employees do not have to harbour ill feelings towards their employer to cause damage. The Microsoft report found that people who install pirated software or media or even search for them on the internet are asking for trouble. For example, when people download pirated software, they often also download a key-generator tool, which generates a product key granting the user access to the software without having to pay for it. Key generators are among the many file types, or families, that Microsoft can detect while mining information provided by more than 600 million computers in 105 countries. Of the computers detected with a keygen utility, 76% also were exposed to other, more dangerous types of malware.

Even searching for software and media on unsecured sites can expose people’s computers to a drive-by download attack, in which a user can download malware simply by visiting an infected website. A class of malware called exploits seeks to infect computers by taking advantage of security vulnerabilities in operating systems, web browsers or software applications. The exploit’s malicious code then can infect, disrupt or take control of a computer without the user’s consent and usually without the user’s knowledge. 

Blacole, a family of exploits that deliver malicious software via infected web pages, easily was the most prevalent exploit family detected by Microsoft during the first two quarters of 2012. The exploits on Blacole’s web pages take advantage of vulnerabilities in versions of the Adobe Flash Player, Adobe Reader, the Microsoft Data Access Components (MDAC), and the Oracle Java Runtime Environment (JRE).

The number of vulnerability disclosures by software publishers in the first six months of 2012 jumped 11.3% from the second half of 2011 and 4.8% from the first half of 2011. The increase follows small declines in every six-month period from the second half of 2009 to the second half of last year. The main culprit in the increase was a jump in application vulnerabilities, which offset a decline in operating system vulnerabilities.

The most common Blacole exploit during both the first and second quarters targeted a vulnerability affecting the Windows Help and Support Center in Windows XP and Windows Server 2003. Microsoft issued a patch for that vulnerability in July 2010, but 11% of the Windows XP computers analysed either were running an old version of XP that Microsoft no longer supports or have never downloaded any of the security updates for the most recent version of Windows XP.

Steps to stronger cybersecurity

Microsoft recommends that companies do the following to shore up cybersecurity:   

  • Use the AppLocker feature in Windows to create blacklists for potentially unsafe applications, programmes and scripts on client computers.

  • On proxy servers, implement rules to block known malicious websites as well as other websites that violate the organisation’s acceptable media usage policy for content such as music, movies, games, shopping, pornography and so on.

  • Use up-to-date and publisher-supported versions of software and install security updates and patches as soon as possible after they are released.

  • Avoid running old software no longer supported by the publisher. Examples include the version of Windows XP mentioned above. In addition, the study found that 7% of Adobe Reader users and 9% of Microsoft Word users were running versions for which Adobe and Microsoft, respectively, no longer are issuing security updates.

  • Ensure that automatic updaters, including Windows Automatic Updates, are enabled and functioning. Windows Vista and Windows XP users with Automatic Updates enabled or who regularly visit Windows Update were more than twice as likely to have the latest Microsoft updates installed compared to those who do not.

  • Use intrusion detection and prevention systems (IDS/IPS) to monitor for and block exploitation of the Windows, Java and other vulnerabilities targeted by Blacole and other malware.

  • Configure firewalls to block any sites infected with Blacole exploits or other types of malware.

  • Create policies that define what constitutes acceptable and unacceptable downloading and use of third-party tools and media. Establish policies that govern the download and execution of music, movies and video games. Create and enforce disciplinary actions for repeat policy offenders.

  • Block peer-to-peer (P2P) applications from communicating into or out of the organisation’s internal network.

  • Ensure that all new hardware is purchased by an internal procurement team. Procurement processes might include formatting computers and devices upon receipt and reinstalling the operating systems from known good copies. Such copies should include antimalware software, intrusion detection tools, software firewalls, monitoring and reporting tools, and other security software, all of which should be enabled by default.

Jeff Drew ( is a CGMA Magazine senior editor.