With decades of experience in protecting its software platforms from cybercriminals, and over six years of proactive disruption of malicious code (botnets), Microsoft has focused on developing advanced cybersecurity features in its products and services, shares Keshav Dhakad, Regional Director, Intellectual Property and Digital Crimes Unit (DCU), Microsoft Asia. He shares Microsoft’s commitment to protect customers on the Internet and to ensure companies worldwide can use their computing devices and Cloud services with confidence.
Having one of the largest IT footprints in the world, Microsoft’s journey of defending and securing its own products and services from cyber threats and cyberattacks has been the longest in the IT industry. Microsoft’s devices and services are among the most widely used by consumers, businesses and governmental organizations worldwide, which has made them the target of malicious code and cybercriminals, whose operations are becoming more sophisticated and dangerous with time. Decades of experience in successfully fighting those attacks have uniquely enabled Microsoft to strengthen and secure its software products and Cloud service platforms with end-to-end security, breakthrough malware resistance capabilities, and reliable data protection technologies, with a total commitment to uphold customers’ privacy, safety and security.
“Our cybersecurity and cybercrime experience allows us to study the evolution of malware threats very closely, and in real-time. We’re securing more than one billion customers every day. We’ve started to see the emergence of organised cybercriminal activities that are heavily invested in cheating our customers of their money and stealing confidential data for misuse and exploitation. As a company, we are at the forefront of fighting these bad guys to protect our customers and our platforms,” explained Dhakad.
Disrupting malicious code and building cyber threat intelligence
A major area of cybercrime that DCU is particularly focused on is disrupting malicious robot networks, or “botnet” operations, which infect millions of PCs around the world with dangerous malware. Microsoft has taken down and disrupted some of the most significant and nasty botnet operations, including the largest spambots Rustock and Kelihos, financial and wire fraud botnets including Zeus and Citadel, and click-fraud and ad-fraud bots such as Bamital. Most recently, in 2013 Microsoft partnered with industry partners and international law enforcement, including Europol, the Federal Bureau of Investigation, to disrupt the ZeroAccess botnet, which had spread the Sirefef virus to many European countries to commit click fraud on a massive scale.
Microsoft fights malicious code and bots with a “proactive disruption” strategy, fulfilling its cybersecurity commitment to its customers. Microsoft has taken successful legal actions before the US courts against the botnet operations, and by seizing and dismantling the botnet infrastructure, they are able to effectively halt their activities. Following this disruption, the millions of infected devices from around the world are disconnected from the command and control of the botnet’s herders and Microsoft prevents those devices from receiving any malicious commands.
“These botnets we’ve taken down allows us to analyse and study the malware infections on a global scale, and investigate and reverse engineer the behaviour of the infections and its impact. We can see how the threats have emerged and what patterns they follow across the geographies. Through the use of Cloud computing, big data and business intelligence, and our state-of-the-art crime-fighting facility, the Microsoft Cybercrime Center, demonstrates a new era in effectively fighting crime on the internet, which is helping our customers around the world have a safer computing experience,” he noted.
Microsoft shares this cyber threat intelligence with governments and international law enforcement agencies around the world. More than 50 national Computer Emergency Response Teams (CERTs) receive intelligence and infection data through Microsoft’s Cyber Threat Intelligence Programme (C-TIP). Under C-TIP, these agencies, as well as Internet Service Providers (ISPs), receive free information and intelligence on the infected IP addresses within their jurisdiction, enabling them to take mitigation steps and issue timely warnings and advisories to their citizens to clean up and secure the infected computers.
Fighting IP crimes & technology-facilitated child abuse
Two other key DCU focus areas are Intellectual Property (IP) crimes, such as piracy and counterfeiting, and fighting technology-facilitated child sexual exploitation.
Talking about Microsoft’s fight against IP Crimes, Dhakad revealed, “What we’re seeing today is that piracy and counterfeiting have become an easy medium for organised criminal syndicates to generate money to fund other illegitimate activities. This has also created an unsecure supply chain environment for cybercriminals to easily infect PCs with dangerous malware. We have strong evidence today that unsecure pirated software are being distributed with pre-infected malware, unknown to the users”.
A 2014 Malware & Cybersecurity Study undertaken by the National University of Singapore (NUS) and IDC found that new PCs with non-genuine software installed at the point of sale had an average malware infection rate of 61 percent. As part of the study, these new PCs were test-purchased from 11 countries – China, India, Russia, Brazil, Indonesia, Mexico, Thailand, Turkey, Korea, Ukraine and United States. Furthermore, the study revealed that security issues arising out of pirated software and mitigation steps will cost enterprises US$127 billion and consumers US$25 billion.
“Without the security, stability and robustness of genuine software, devices are practically defenceless – no amount of anti-virus software can protect devices against malware and hacking attacks if they use non-genuine software. With piracy one is always vulnerable, and it is important to realize that only criminals benefit from piracy and users are always the victims.” Dhakad said.
On the front of preventing technology-facilitated child sexual exploitation, Microsoft’s Digital Crimes Unit & partnered with the National Center for Missing & Exploited Children (NCMEC), and Dartmouth College to create PhotoDNA, a signature-based image matching technology designed to help find, report and eliminate some of the worst known images of child sexual abuse on the Internet. PhotoDNA enables the creation of a unique digital signature of an image which can then be used to compare against signatures of other photos to find copies of the same image. This tool is being used by law enforcement agencies, as well as social media sites such as Facebook and Twitter and other tech companies, including Google. Today NCMEC has a database of 90 million images of sexually-abused children, all with a PhotoDNA tagged to them, which helps the law enforcement track these images and investigate the perpetrators.
Better cybersecurity to protect customers
Microsoft’s responsiveness in combating cybercrime and disrupting malware has given it a unique ability to strengthen security features of its products over time, making it one of the most secure software platforms today. Microsoft’s System Center Endpoint Protection as a full-featured antimalware & security solution for the enterprises and always-on Windows Defender, etc., are few of the many good examples of providing world-class cybersecurity to its customers.
“We have leveraged our hands-on knowledge around malware to harden the security of our Windows operating system (OS) to a whole new level. Any device that runs Windows 8 or 8.1 is protected by the most advanced cybersecurity features, including ground breaking malware resistance features, far ahead of any other OS that exists today. Windows 8.1 allows options beyond traditional passwords and corporate customers can use virtual smart cards to access networks and servers remotely through multi-factor authentication. Additionally, an advanced biometrics framework and Bitlocker-To-Go add to some of the latest security innovations of Microsoft to protect its customers,” continued Dhakad.
Underlying all these practices, Dhakad emphasised that it is not just the IT manager or CIO of a company who is accountable for cybersecurity – but everyone in the company, from top management to junior staff, is responsible for minimising IT risks in an organisation, and using genuine and clean IT technologies responsibly is the first step towards building a strong cybersecurity environment.
Report: Medha Basu