IDC survey highlights new dangers and attack vectors used on workers and consumers
KUALA LUMPUR, 8 March 2013 — A new global study commissioned by Microsoft Corp. and conducted by IDC on the effects of malware found in pirated software discovered that the chances of infection by unexpected malware are one in three for consumers and three in 10 for businesses.
The cost of dealing with the impact of malware-induced cyber-attacks for enterprises is predicted to be RM354 billion (US$114 billion) globally in 2013, while in Asia Pacific, the study forecasts spending will reach RM121 billion (US$39 billion). The regional number increases to a staggering RM400.55 billion (US$129 billion) if the cost of data loss is taken into consideration.
Consumers also share the burden and cost, with the IDC study showing that as a result of these infections consumers worldwide will spend 1.5 billion hours and RM68.3 billion (US$22 billion) identifying, repairing and recovering from the impact of malware.
The study analyzed 270 websites and peer-to-peer (P2P) networks, 108 software downloads, and 155 CDs or DVDs. IDC also interviewed 2,077 consumers and 258 IT managers or chief information officers from Brazil, China, Germany, India, Mexico, Poland, Russia, Thailand, the United Kingdom and the United States.
Researchers found that of the counterfeit software that does not come with the computer, 45 percent is downloaded from the Internet. Of this, 78 percent is downloaded from websites or P2P networks and includes some type of spyware, while 36 percent contained Trojans and adware.
“The cybercrime reality is that counterfeiters are tampering with the software code and lacing it with malware,” said Dr. Dzahar Mansor, National Technology Officer at Microsoft Malaysia. “Some of this malware records a person’s every keystroke -- allowing cybercriminals to steal a victim’s personal and financial information -- or remotely switches on an infected computer’s microphone and video camera, giving cybercriminals eyes and ears in boardrooms and living rooms. The best way to secure yourself and your property from these malware threats when you buy a computer is to demand genuine software.”
The IDC study, titled “The Dangerous World of Counterfeit and Pirated Software,” was released today as part of Play It Safe Day, http://www.playfairday.com/Microsoft’s global initiative to bring awareness to issues related to software piracy.
“Our research is unequivocal: Inherent dangers lurk for consumers and businesses that take a chance on counterfeit software,” said John Gantz, chief researcher at IDC. “Some people choose counterfeit to save money, but this ‘ride-along’ malware ends up putting a financial and emotional strain on both the enterprise and casual computer users alike.”
The following are among the highlights from the consumer survey:
• 62 percent of respondents knew someone who had used counterfeit software and experienced security issues
• 55 percent of the time, counterfeit software slowed their PCs, and the software had to be uninstalled
• 50 percent of respondents noted that their greatest concern with using counterfeit software was data loss
• 30 percent were most concerned with identity theft
Embedding counterfeit software with dangerous malware is a new method for criminals to prey on computer users who are unaware of the potential danger.
A separate study conducted by Microsoft in Southeast Asia in February 2013 examined name-brand PCs with pirated software installed and counterfeit software DVDs, discovering an alarming 1 in 2 PCs running counterfeit software in Malaysia was infected with malware – including highly dangerous “Zeus” Trojan. In that study, Microsoft’s testing of 282 computers and DVDs from Malaysia, as well as Indonesia, Thailand, Philippines and Vietnam revealed 5,601 instances and 1,131 unique strains of malware and virus infections. It further revealed pirated copies of Windows embedded with malware spread across numerous well-known PC brands, including: Acer, Asus, Dell, HP, Lenovo and Samsung. Microsoft believes that neither the counterfeit images nor the malware originated from—or were installed by—the individual PC manufacturers. Rather, the computers were likely shipped with non-Windows operating systems, which were later replaced by individuals in the downstream supply chain or retail channel who deal in the illegal duplication and distribution of pirated software.
The IDC white paper also explored the surprising level of end-user software installations made on corporate computers, exposing another method for the introduction of unsecure software into the workplace ecosystem. In Asia Pacific, although 56 percent of IT managers acknowledge that it happens, 74 percent of workers admit they install personal software onto employer-owned computers. What is alarming is that respondents told IDC that only 12 percent of the software they installed on their work computers was problem-free. 66 percent of IT managers agree that user-installed software increases an organization’s security risks. For many in the enterprise, user-installed software may be a blind spot in ensuring a secure network.
Customers are encouraged to visit www.microsoft.com/security to learn about malware and ensure their machine is not infected; if malware is present, the site offers tools to remove the infection. Customers shopping for a new computer are encouraged to buy from a reputable source to ensure they are receiving genuine Microsoft software.
More information about the IDC study is available at the Microsoft Play It Safe Day website, http://www.play-it-safe.net.
Avoid the hidden cost of software piracy
Microsoft advises consumers to take the following steps to avoid the inadvertent purchase of pirated software:
• When purchasing a new PC, always insist on installing a genuine copy of the operating system.
• Buy from a trusted reseller and avoid deals that seem “too good to be true.”
• Ensure all software purchases come in their original packaging.
• When buying a PC with Windows, look for the genuine label and Certificate of Authenticity that Microsoft requires be affixed to all PCs on which Windows is pre-installed. As a further check after purchase, log on to www.howtotell.com to confirm the label is authentic.
Customers who suspect they’ve received pirated or counterfeit software are encouraged to report it at www.microsoft.com/piracy. Customers who report suspected violations can provide valuable insights and have a positive impact in the fight against piracy. Microsoft takes every lead seriously in its effort to ensure a safe digital community for all. Since 2007, the company has received more than 10,000 piracy reports from within Southeast Asia—many from people who bought a name-brand PC, paying more money to get “the real thing,” but ending up with far greater risk and liability at the hands of counterfeiters.
No comments:
Post a Comment