Business should be concerned about an increase of more than 1,000% in phishing activity using social networking as a lure in 2010, says Microsoft
Cybercriminals are using more social networking and gaming sites to target ordinary users, according to the latest Microsoft Security Intelligence Report based on data from 600m systems worldwide. This activity runs parallel to highly sophisticated, targeted attacks aimed at high-value targets with large payoffs, said Microsoft.
"The target gets richer when the targeted machines or devices are taken into the office where access is then gained to an organisation's entire network," said Stuart Aston, chief security advisor at Microsoft UK.
Businesses can no longer dismiss these type of attacks targeted at consumers because they put both enterprise and consumer networks at risk, Stuart Aston told Computer Weekly.
The popularity of social networking sites has created opportunities for cybercriminals to not only target users, but also friends and business colleagues through impersonation, says the Microsoft report.
Rogue security software
The report also shows worldwide detections of adware increased 70% from the second to the fourth quarter of 2010. Rogue security software has become one of the most common ways for cybercriminals to acquire money and private information from computer users.
In 2010, Microsoft blocked nearly 19m instances of rogue security software, 70% of which were made up of the top five rogue security software families.
Microsoft says it is working with the security industry because a combined effort helps protect the broader online community.
Risk reduction strategies
Aston says businesses can reduce the risk of attack by ensuring they have installed the latest security updates for all the software they are using.
Businesses will also reduce risk by upgrading to the latest versions of the software they are using, as these typically are the most secure.
The same is true for operating systems. "Windows 7, for instance, has had the most benefit from Microsoft's Security Development Lifecycle and is least likely to be impacted by threats," says Aston.
The increase in the use of social networking as a means of gathering personal information means businesses ensure their security policies are up to date and fit for purpose, he says.
"Security policies and user awareness education are key to helping reduce the risks by teaching users about good security practices," said Aston.
Technological controls and measures can also help reduce the risk, he says, by securing network infrastructure, improving authentication processes, carrying out security health checks on machines and ensuring they are able to defend themselves against threats.