Awareness Key to Ensuring Businesses and Consumers are Free from Malware Threats Associated with Counterfeit Software
IPOH, 12 November 2014 – CyberSecurity Malaysia (CSM), the National cybersecurity agency under the purview of the Ministry of Science, Technology and Innovation (MOSTI), today announced the Cyber Threat Intelligence Program (CTIP) activation in partnership with Microsoft Malaysia. Microsoft’s CTIP is focused on the collection and distribution of existing actionable cyber threat information to help Governments, network owners and Internet Service Providers (ISPs) identify and help machines that have been compromised by malware. It comprises threat intelligence gathered pursuant to the successful worldwide botnet and malicious software takedown and disruption operations led by Microsoft’s Digital Crimes Unit (DCU) and its Cybercrime Center, headquartered in Redmond, Washington, USA.
The activation was under the auspices of YB Datuk Dr. Ewon Ebin, Minister of MOSTI and YAB. Dato’ Seri Diraja Dr. Zambry bin Abd. Kadir, Chief Minister of Perak, at the Cyber Security Malaysia Awards, Conference & Exhibition (CSM-ACE) 2014. The CSM-ACE is an annual industry gathering organized by CSM, which is attended by cybersecurity industry experts and communities to exchange ideas on security management, policy and technology.
YB Datuk Dr. Ewon emphasized the importance of cybersecurity in an ever-increasing digital age, “The Malaysian government has always put a high priority on digital development. In fact, the budget allocation for 2015 just on increasing broadband penetration in the country is RM2.7 billion. We can expect to see more Malaysians connected to the digital world in the coming years. With more people connected to the internet, the importance of cybersecurity cannot be overemphasized. It is our collective responsibility to ensure that Malaysians are safe from unscrupulous individuals or criminal organizations who thrive on unsuspecting cyber victims for personal gain.”
The CTIP was a major announcement at CSM-ACE 2014, following a Memorandum of Understanding (MOU) Exchange with Microsoft during CSM-ACE 2013 last year. The MOU exchange, which outlines the mutual collaboration between CSM and Microsoft in identifying and remediating cybersecurity threats in Malaysia, was the foundation of today’s CTIP launch. CSM’s Chief Executive Officer, Dr. Amirudin Abdul Wahab explained the importance of the CTIP to CSM’s mandate, “The role of CSM is to provide specialized cybersecurity services that contribute towards a key national objective of preventing or minimizing disruptions to critical information infrastructure, in order to protect the public, the economy, and government services. The data provided by Microsoft’s DCU through its CTIP would not only give us valuable insights as to where and how cybercriminals operate and target Malaysians, but would also allow us to act on these findings to protect victims, in our continuing efforts against cybercrime.”
Dr. Amirudin further elaborated on how the CTIP works in unison with its ongoing initiatives, “The CTIP is not a standalone program. In fact, it cuts across the multitude of initiatives we are currently undertaking. What this means is that Microsoft’s CTIP provides data that will allow CSM to extract valuable intelligence for CSM’s current initiatives, with insights like malware infestations and new malware threats, which in turn enables CSM to combat the ever-evolving landscape of malware, keeping Malaysians safer from cybercriminals.”
Keshav Dhakad, Regional Director, IPR & DCU, Microsoft Asia, Legal & Corporate Affairs explained the importance of this collaboration, “Protecting people is at the forefront of Microsoft’s DCU’s fight against cybercrime. To date, the DCU has rescued over 85 million IP addresses globally pursuant to our botnet takedown initiatives. With insights from these initiatives, we are able to partner with governments around the world to help protect people, businesses and critical infrastructure. In Malaysia, We are thrilled to work with CSM and the Malaysian Government on vital cybersecurity partnerships through CTIP, a global program. The CTIP is a powerful big-data resource that allows CSM to have a better situational awareness of existing cyber threats and potential malware-related security issues in Malaysia. CSM can then leverage the real-time cyber threat intelligence gathered through CTIP to keep up with the fast-paced and ever-changing cybercrime landscape, and work with consumers and businesses to help them eliminate these threats from their machines and IT environments.”
Botnets are a network of malware-infected computers that are controlled by cybercriminals. The term bot is short for robot. Criminals distribute malware that can turn a computer into a bot, also called a zombie. When this occurs, the victim’s computer can perform automated malicious tasks over the Internet without his or her knowledge. Botnets can be used to steal personal and confidential information, send out spam email messages, spread viruses, attack computers and servers, and commit other kinds of crime and financial fraud.
Link between Malware and Counterfeit Software Pose Huge Risks to Consumers and Businesses
Keshav then went on to explain that removing malware is just one aspect of the entire solution in the war against cybercrime, “Organizations like CSM and the DCU have the tools and resources to fight cybercrime, but the biggest impact comes from awareness and prevention. Consumers and businesses need to be aware of how malware infects through poor Internet practices and unsecure supply chains, such as usage of non-genuine software, and the proactive steps that can be taken to ensure that they are safe online. A genuine and trusted software ecosystem is far more agile and protected against cyber-threats.”
To answer these two fundamental questions, Keshav elaborated on behavioural patterns of cybercriminals. “Cybercriminals use two basic strategies to penetrate your computer’s defences and enlist computers in their botnets for malicious purposes. Firstly, they install malware on a computer by taking advantage of pirated or counterfeit software, or secondly, by breaking into accounts guarded by weak passwords or by taking advantage of poor Internet and IT practices. In fact, earlier this year, a National University & Singapore (NUS) and IDC Cybersecurity Research showed that of 203 new PCs purchased in 11 countries with counterfeit software installed on them, 61% of those PCs were pre-infected with malware.”
Malware infected PCs pose huge risks to both consumers and businesses. The same NUS and IDC study reference by Keshav above estimates that consumers will spend nearly USD25 billion and waste 1.2 billion hours dealing with security issues created by malware on counterfeit software, whereas enterprises will spend USD491 billion dealing with security issues and data breaches in 2014. Keshav highlighted the detrimental effects and inherent risks of counterfeit software, “Malware loaded onto counterfeit software infects and steals information from a victim’s computer. Cybercriminals are then able to use that information to illegally enter and abuse the victim’s online services, including online bank accounts, email systems, and social networking sites. This can have damaging effects on users’ financial security and personal safety, as well as pose a risk of corporate espionage and surveillance.”
Dr. Amirudin added that consumers and businesses have to be proactive in the fight to eradicate malware infections and to remain safe online, “We would like to urge Malaysians to regard cybersecurity as their first priority and they must know how to protect themselves from malware and other computer viruses by insisting on genuine software when purchasing computers. Using a computer with counterfeit software is just like opening doors to cybercriminals. People and businesses who use counterfeit software have no guarantee that their personal, confidential, sensitive data, activities and communications online using these devices, will be safe from cybercriminals that intend to harm.”
Avoid the hidden cost of counterfeit software
Microsoft advises consumers and businesses to take the following steps to avoid the inadvertent purchase of counterfeit software:
- When purchasing a new PC, always insist on installing a genuine copy of the operating system.
- Buy from a trusted reseller and avoid deals that seem “too good to be true.”
- Ensure all software purchases come in their original packaging.
- When buying a PC with Windows, look for the genuine label and Certificate of Authenticity that Microsoft requires to be affixed to all PCs on which Windows is pre-installed. As a further check after purchase, log on to howtotell.com to confirm the label is authentic.
- Consider Trusted Cloud solutions as an economical, efficient and productive way to secure, access, protect and preserve your data from cybercrime, as your data is not stored on your device when using cloud solutions.
Customers who suspect they’ve received pirated or counterfeit software are encouraged to report it at www.microsoft.com/piracy. Customers who report suspected violations can provide valuable insights and have a positive impact on the fight against piracy. Microsoft takes every lead seriously in its effort to ensure a safe digital community for all. Since 2007, the company has received more than 10,000 piracy reports from within Southeast Asia—many from people who bought a name-brand PC, paying more money to get “the real thing,” but ending up with far greater risk and liability at the hands of counterfeiters.