Cyber criminals have intensified attacks on the UK, a new report has revealed, with the number of computers being infected by viruses surging at the end of last year.
The Microsoft Security Intelligence Report, released on Thursday, found that criminals are using videos and other digital media to customise their attacks on PCs and entice people into downloading harmful software.
The number of UK computers cleaned per 1,000 scanned (CCM) – a key industry measure that indicates malware infection – jumped to 15.9 in the fourth quarter of 2015, from 4.3 in the previous quarter. That comes despite a small increase in the percentage of UK computers that were found to have encountered malicious software, from 11.9% to 13.9%. Trojan programs – viruses that are disguised as “safe” programs – are the most common types of malicious software in the UK.
Tim Rains, Director of Security at Microsoft and co-author of the report, said the company’s software is now blocking more than 10m attacks a day – a total of more than 4bn last year – and social media is a popular tool that criminals use.
“We know from our data that criminals target social media,” he said. “You can see that they trick people into disclosing their user names and passwords, and then they attack your friends and contacts.”
In response to the cyber threat, Microsoft has developed technology that “disrupts” criminals seeking to take over UK computers, according to Stuart Aston, another co-author of the report.
The company uses real-time and predictive “machine learning” to analyse 10 terabytes of data a day and spot fraudulent log-in attempts on computers – even when those attempts use a valid password. As most cyber attacks are hosted in countries such as Russia, India and locations in the Middle East, Microsoft uses data from billions of sources on its cloud platform to determine whether the location of the log-in attempt matches a familiar location used by the real user. If it doesn’t, the log-in attempt is blocked until a second level of security is passed, such as an extra security code that can be send via an app or alternative email address.
How you can protect yourself online:
- Run up-to-date security software
- Get the latest software updates
- Understand how malware works
- Turn on your firewall
- Limit user privileges
For more information on security, visit Microsoft’s Malware Protection Center by clicking here
The Microsoft Security Intelligence Report, now in its 10th year, has included data from Microsoft’s vast cloud services for the first time.
It revealed that global CCM rose to 16.9 at the end of last year, from 6.1 in the third quarter of 2015. The number of computers worldwide that came into contact with viruses rose from 18.8% to 20.8%.
Criminals are increasingly turning to companies to make money, with websites targeting financial institutions such as banks recording more phishing attacks than anyone else in the second half of 2015. And with the median time between a breach and detection standing at more than 240 days, it is crucial that business remain vigilant.
However, despite knowing where the attacks are coming from, it is still very difficult to uncover who is behind them.
“Trying to figure out who is behind the attack and their motivation is very difficult,” Rains said. “As a result, you don’t know who should respond – should it be the military, the police, the industry?
“Security is a journey, not a destination. It’s about vigilance. Attackers will continue to attack.
“Microsoft is leading the way in protecting people. We get data from so many places on our cloud platform build intelligence into our products to protect them.”
But there are also simple ways that consumers can protect themselves, Rains added.
“Make sure you have up-to-date virus protection from a trusted vendor, while a good firewall will deflect a lot of attacks. Crucially, don’t open attachments in an email unless you know the person who sent it.”