Microsoft Corp. today released research showing an acceleration in the number of security attacks designed to steal personal information or trick people into providing it through social engineering.
Microsoft’s most recent Security Intelligence Report, a comprehensive analysis of the threat landscape, shows that attackers are increasingly targeting personal information to make a profit and are threatening to impact people’s privacy. The report found that during the first half of 2007, 31.6 million phishing scams were detected, an increase of more than 150 percent over the previous six months. The study also shows a 500 percent increase in trojan downloaders and droppers, malicious code used to install files such as trojans, password stealers, keyboard loggers and other malware on users’ systems. Two notable families of trojans detected and removed by the Microsoft Malicious Software Removal Tool are specifically targeted at stealing data and banking information.
Microsoft also released findings from a recent survey of more than 3,600 security, privacy and marketing executives across a variety of industries in the United States, the United Kingdom and Germany, including financial services, healthcare, technology and government. Conducted by the Ponemon Institute LLC, the study found that as security threats increasingly target personal information, more collaboration among security and privacy officers is critical to avoid costly compromises or breaches of personal information.
The study for the Microsoft Trustworthy Computing Group, titled “Microsoft Study on Data Protection and Role Collaboration Within Organizations,” found that organizations with poor collaboration were more than twice as likely as organizations with good collaboration to have suffered a data breach in the past two years.
Ben Fathi, corporate vice president of development for the Windows Core Operating System Division at Microsoft, presented the research in a keynote address to information security professionals at the RSA Conference Europe in London. Scott Charney, corporate vice president of Microsoft’s Trustworthy Computing Group, will also share the results in his keynote address at the International Association for Privacy Professionals Privacy Academy in San Francisco later today.
“As a company committed to providing privacy and security solutions for our customers, we will continue to evolve our products, practices and processes as security and privacy become increasingly interdependent and as threats evolve,” Charney said. “There is no one-size-fits-all solution for organizations looking to effectively collaborate and protect data, but we hope this research will be a good resource for companies thinking about how to approach this.”
Security and Privacy Threats Converge Under New Attacks
As more people communicate, access and share information online and the delivery of services and information becomes more personalized, organizations are collecting larger amounts of personal information to provide services to customers. Increasingly, organizations need to share information and conduct business across borders and devices, and with a wide range of internal and external stakeholders. For cybercriminals, these factors represent greater opportunities to steal personal information.