Being safe online is a year-round activity

Regardless of what day it is, one thing is for certain: There will still be online threats. So it’s imperative that we’re always aware of trends in the online environment so we can all stay safe.

Being safe online is a year-round activity

Antony Cook, Regional Vice President and Chief Legal Counsel of Microsoft Asia said that today is Safer Internet Day (SID), which is a great opportunity to reflect on how we can stay safe against the many dangers we find in our hyper-connected world.

Mr. Cook added that Microsoft has been an active participant in SID each year since it started in 2004, and for the past several years, it’s also served as the launch date for our Digital Civility Index (DCI).

The DCI is based on a survey we conducted in 25 countries worldwide to poll teens and adults about their encounters with 21 different online risks. You can find this year’s report and a number of other related resources here.

Regardless of what day it is, one thing is for certain: There will still be online threats. So it’s imperative that we’re always aware of trends in the online environment so we can all stay safe.

Less Ransomware but Still More Attacks

Since the launch of Windows 10, we have actually seen the rates at which people encounter malware drop-in in regions which have the most up-to-date patches and upgrades. However, there’s still more work to do to improve our safety online, as hackers have become increasingly adept in using new tricks, including artificial intelligence (AI), to achieve their goals.

One of the trends we’ve noted recently is the decline of ransomware, dropping more than 60% from its peak a few years ago. This initially sounds like a great development – and don’t get me wrong, overall it is quite positive – but there may be a darker lining to the news. Which is that attackers have learned that ransomware attracts too much attention from law enforcement, and also organizations have gotten better at backing up their data, so hackers have moved on to other activities.

At the same time we are seeing a drop in ransomware attacks, we are also seeing a rise in cryptocurrency malware and phishing, so it is likely that hackers have simply moved on to areas where they can profit more readily and with less attention than ransomware.

Mining Malware

As attackers are most often acting for financial benefit, it should come as no surprise that they’ve made some big bets on cryptocurrency, and Bitcoin in particular. Mining coins requires immense computing power, so hackers who seek profits have begun to focus more on malware as a way into computers. These attacks allow them to use people’s computers to mine cryptocurrency coins, sometimes for weeks and months without being detected. Because cryptocurrency mining works in the background, oftentimes it’s not noticed or thought of until a computer’s performance is greatly affected.

This issue has been exacerbated by the fact that coin mining software is easily available, so cybercriminals have put malware into many widely used and shared programs. Also, hackers will try to attract users to sites hosting free copyrighted content, often the latest movies, and will install their software while you watch the latest blockbuster online.

Embedding Threats and Phishing Scams

Attackers have also gotten a lot smarter in recent years, corrupting legitimate and trusted software supply points as avenues to deliver malware. The examples are many: a routine update for a tax accounting application, popular freeware tools which have backdoors forcibly installed, a server management software package, an internet browser extension or site plugin, malicious images which activate scripts when clicked and even peer to peer applications.

In all cases, attackers were able to change the code of something that many people would normally download without issue or hesitation, allowing them to hitch a ride on an existing process.

These attacks are among the most dangerous and frustrating, because they take advantage of the trust that consumers and IT departments already have for existing software. So not only does the hack happen, but then the fundamental trust between company and person is affected in the future, creating further instability as customers switch programs or don’t install upgrades and patches.

Despite all that complexity and effort, attackers still find Phishing to be one of the most effective ways to compromise systems. Perhaps because it’s based on human decisions and judgment, it often has a higher chance of success – from January to December 2018, the share of total inbound emails that were Phishing messages increased 250%, and figures for the end of 2019 are expected to show continued growth.

While we all have gotten safety briefings before on Phishing, in fact the threat is getting bigger because attackers are using new tools like multiple URLs, domains and IPs when sending messages. They’re even localizing their approach to specific domains and even users, creating file names and links which are designed to appeal to these audiences. When these link to pixel for pixel copies of company sites, it can be extremely difficult to spot a Phishing attack before it’s too late.