RSA 2014: Malware rates linked to socio-economic factors

Regional cyber vulnerabilities are not linked to any single factor, but to a variety of different socio-economic factors, says Microsoft

Regional cyber vulnerabilities are not linked to any single factor, but to a variety of different socio-economic factors, says Tim Rains, director of Trustworthy Computing at Microsoft.

“While malware infection rates may be high in some regions where there is a large Windows XP install base, that is not true for all regions, for example,” he told RSA Conference 2014 in San Francisco.

Data from the Microsoft Security Intelligence Report, Volume 15 shows that a high infection rate corresponds with a large Windows XP install base in Pakistan.

“But you cannot jump to the conclusion that these two are always linked as the same data shows a high infection rate in Iraq, despite a small number of computers running Windows XP,” said Rains.

The research shows that for each region there is no single factor that determines the malware infection rate, but rather a combination of up to 34 factors that are mainly socio-economic in nature, he said.

Of these, Microsoft has identified 11 as being key elements that determine the cyber security status of a country or region.

Four of these factors relate to institutional stability. These are government corruption, rule of law, stability of regime and literacy rate.

Unsurprisingly, malware infection rates are much higher in regions where there are raised levels of strife and turmoil such as the Gulf States and other regions of the Middle East.

The data for the Gulf States, comprising Bahrain, Kuwait, Oman, Qatar, Saudi Arabia and the United Arab Emirates, shows infection rates of 10 to 12.9 computers per thousand.

Infection rates for Egypt, Palestinian Authority, Syria, Pakistan and Iraq range between 25 and just over 30 computers per thousand.

On average, infection rates in the Gulf States are roughly twice the world-wide average of 5.8, while the other Middle East countries are almost five times as high, said Rains.

The next three key factors relate to digital access: Facebook usage, number of internet users and secure net servers per million people.

The remaining four key factors relate to economic development: regulatory quality, productivity, gross income per capita and gross domestic product per capita.

From analysis of these factors, Microsoft has identified seven best practices of countries and regions associated with low malware infection rates These are:

  • Strong public – private partnerships aimed at driving down infection rates. An example of an effective public – private partnership is the Cyber Clean Center in Japan, which has one of the lowest malware infection rates in the world, said Rains. The Cyber Clean Center promotes BOT cleaning and prevention of re-infection of users' computers which are once infected by BOTs, based on cooperation with ISPs (Internet Service Providers).
  • CERTs, ISPs and others actively monitoring for threats in the region.
  • An IT culture where system administrators respond rapidly to reports of system infections or abuse.
  • Enforcement policies and active remediation of threats via quarantining infected systems on networks.
  • Regional education campaigns and media attention. These are effective, said Rains, because most cyber attacks use old exploits. They rely on users failing to patch things like Java. Raised awareness tends to lead to better patching, he said.
  • Low software piracy rates and widespread usage of Windows Update/Microsoft Update.

Rains said countries aiming to reduce malware infection rates should also consider signing up to the Council of Europe Cybercrime treaty and/or the London Action Plan.

“We have seen improvements in countries where they are preparing to comply with these framework agreements,” he said.

Read more on Hackers and cybercrime prevention