By James Kavanagh
When we go online, most of us simply expect to have a safe experience. We manage our bank accounts, read and send emails, use apps on our mobile devices with only a vague idea of the potential threats. Unfortunately, not everyone on the internet has good intentions, and there are those who seek to exploit Australian internet users. Increasingly motivated by profit, they use techniques of deception and malicious software to steal identities and banking details, perpetrate fraud and even perform exotic forms of theft most of us have never heard of – like bitcoin mining and click fraud.
The good news is that there are also people and organisations who are working with a quiet determination to make Australia the safest place to work, learn and interact online. I’d like to share some insight into the work they do, the changing nature of their battle against cybercrime and the partnerships being formed to tackle a problem that is global in nature, but local in impact.
Let me start with some context around the current threat landscape. For more than a decade, Microsoft, through its Trustworthy Computing initiative, has been working hard to make our products more resilient against increasingly motivated and resourceful cybercriminals. Our latest security research, which we released in Australia earlier this week, gives us a real insight into the effectiveness of that work and the changing behaviour of cybercriminals.
During the past four years, security innovations in modern technology and better awareness of secure development practices across our industry has contributed to a 70% decline in the number of severe vulnerabilities in Microsoft software exploited by cybercriminals. It’s much harder now for cybercriminals to achieve their aims by attacking computer systems directly, so they’re changing their approach. They are increasingly turning to deceptive practices to achieve their aims, seeking to deceive their victims rather than exploit vulnerabilities in the software they use.
The number of computers worldwide infected as a result of deception-based attacks, such as ransomware and deceptive downloads, more than tripled in the last three months of 2013 compared to the prior quarter. In the second half of 2013, programs known to be involved in deceptive downloads were encountered by more than 6 in every 100 computer systems worldwide.
Bringing local expertise to the global front-line
Australia plays a significant role in the global fight against these forms of cybercrime through the Melbourne-based Microsoft Malware Protection Centre. This global centre was established in 2007 and is home to more than 40 researchers, technical writers and developers who are specialists in malware analysis and response. Together with two similar Microsoft labs located in the US and Germany, they process some 10 billion telemetry reports every month and operate 24 x 7, 365 days a year to protect more than a billion devices running Windows.
This centre often deals with threats and incidents occurring in our region – cases from Australia, Japan, China and other Asia-Pacific countries are often first handled by the Melbourne centre. It’s a high-intensity environment that is often abuzz with a shared enthusiasm to combat a new threat or decipher a cybercriminal technique that has just been observed.
One particular aspect of this lab I’d like to tell you about is how we leverage massive data analytics and machine learning to complement the human expertise of our researchers. The team in Melbourne have been increasingly innovating with big data approaches and machine learning bringing on stream new capabilities in the past 6 months. This technology sifts through a portion of the 750,000 daily reports we receive of malicious files and using machine learning, it tries to rapidly figure out the probability that any particular file is malicious.
Machine learning is a branch of artificial intelligence that deals with how systems can learn and reason over large amounts of data. But it’s not just about smart mathematics. Our researchers need to fine-tune the decisions made by the machine. Their insight and experience will be used to set rules or modify computed decisions, subtly improving its ability to reason and identify files correctly. Researchers can also use outputs produced to streamline their own more in-depth manual analysis.
This really is a combined effort of smart people using smart computers. And it’s having a big impact. In April alone, this machine learning approach processed 1.8 million unique files, directly leading to rapid responses that prevented malware infections on 250,000 computers worldwide.
Making Australia a difficult place for cybercriminals to operate
Sometimes it’s necessary for organisations like Microsoft – in partnership with law enforcement and others – to take much more direct action to specifically target and eliminate the infrastructure used by cybercriminals and then work to clean up the computers of innocent victims. During the past four years, the Microsoft Digital Crimes Unit has used innovative legal and technical approaches to dismantle botnets that controlled the computers of some 10 million victims. But cleaning malware-infected computers is just as important as disrupting the threats. So we have been actively sharing information from our botnet operations with Internet Service Providers (ISPs) and Computer Emergency Response Teams (CERTs) worldwide since the beginning of this effort. Known as the Cyber Threat Intelligence Program (C-TIP), this program allows these organisations to have better situational awareness of cyber threats, and more quickly and efficiently notify people of potential security issues with their computers.
Today we’re announcing a new agreement with the Australian Communication and Media Authority’s (ACMA) Australian Internet Security Initiative (AISI) to provide real-time access to data on Australian computers identified as being infected.
Partnership and real-time exchange of information is essential to keep Australians safe online. The AISI, which has operated since 2005, is recognised globally for its work in sharing threat information with local Internet Service Providers (ISPs). This information enables ISPs to reach out and help their customers to rid their computing devices of threats. The C-TIP program will complement the AISI’s existing work by providing more real-time visibility of infected computer systems in Australia. We are thrilled to work with the ACMA on this important initiative.
At Microsoft we are committed to help make Australia the safest place to work, learn and interact online. Security and online safety can sometimes be a very technical and somewhat esoteric domain. But really it’s about people too, not just technology – people who create innovations, who respond to threats, who raise awareness and who partner to disrupt the tactics of cybercriminals. I hope that the research we’ve just released and perspective on the work of our local teams and partners will help you take confident steps to protect yourself, your family and your workplace online.
