Windows 10: Risks Still Loom Despite Big Improvements

By Sanjay Katkar, CTO, Quick Heal Technologies

There are an estimated 1.5 billion Windows devices worldwide and approximately 3 percent of them are attributed to Windows 10 — about 45 million systems. Many more Windows 7 and Windows 8.x users are seriously considering upgrading to Windows 10, taking advantage of Microsoft’s free upgrade offer that will end in July 2016.

This is great news for Microsoft, which has struggled to get end users to upgrade to their latest operating system in the past. And, according to some startling results from our latest Threat Report, it’s also excellent news for hackers and virus makers. The report, released in October 2015, states the detection count for Windows malware for Q3 has doubled. Virus and malware samples, numbering in the millions, clearly confirm the prevalence and propagation of Windows malware throughout the world, and while more users update to Windows 10 we’ll see further cyber-threats unfold.

After a rocky rollout this past summer, Microsoft made significant updates to Windows 10 including more effective security features that make the OS more secure than Windows 7 or 8. For example, it now offers Device Guard to automatically block zero-day attacks and Windows Hello which provides users with biometric support so as to reduce reliance on sometimes shaky passwords by instead using faces, irises or fingerprints. Even with these improvements, there are still billions of systems running older versions of Windows that aren’t quite as secure as Windows 10, and this is where malware authors continue to focus their efforts. For example, Windows 7 remains the most popular version of Windows running today, despite being two generations old.

Taking a deeper look at how malware intrudes a Windows machine, creating security risks across corporate networks, reveals just how creative and adaptive malware and virus authors are becoming. According to our data, Trojans were the most common type of malware affecting the Windows platform — across PCs, laptops, tablets, and other devices — in the third quarter of 2015 with 34 percent of the samples reflecting the Trojan virus.

Hackers are still using email as a preferred method to deliver their infected payload, with sometimes disastrous effects. The data shows 36 percent of email samples received were malicious in nature, mainly harboring the Trojan virus. Once the unsuspecting email recipient clicks on a link in an email, the virus is unleashed.

Cyber criminals are finding other ways to invade Windows systems as well, such as:

• Adware — Although seemingly benign in nature, Adware allows ads, banners, and promotional content to be displayed in the least expected places online. Adware is responsible for displaying unwanted ads as well as redirecting users to specific websites they never wanted to visit in the first place. Users are unaware Adware remains installed without their consent, collecting personal data and sending it to a remote server. Although Adware generally reaches Windows machines through software bundled with freeware and shareware, it also is delivered through malicious websites visited by unsuspecting users. Malvertising is another technique that allows hackers to penetrate legitimate websites by delivering ads of a malicious nature. Once a user visits these sites, codes are downloaded that can negatively impact system performance, network bandwidth, and also open backdoors for other malware to access the system. In Q3 2015, the following prominent malware samples were discovered: CrossRider, Linkury, MultiPlug, Kranet, and Eorezo.
   
• Ransomware — Although not a new problem for Windows users, the Ransomware malware family continues to be a big challenge for organizations. Once infected, Ransomware takes control of a system by locking the screen or system, encrypting system data, then demanding a ransom (usually Bitcoin, which remains untraceable) to unlock and decrypt the data. There are very few new strains of Ransomware. However, Ransomware as a Service (RaaS) and the .DLL version of an older Ransomware sample, Cryptowall 3.0, are playing a big role in the propagation of Ransomware techniques. For example, Operation Kofer was discovered recently. It automatically generates and delivers new variants for every target in order to avoid signature-based detection. The detected samples have also been successful at evading advanced detection techniques by sandboxes. Some other major ransomware samples that were detected in Q3 2015 were Variants of Cryptowall 3.0, Variants of Troldesh malware, Variants of TeslaCrypt 2.0, MW_file Encryptor, Blocker, and Onion.
   
• Advanced Persistent Threats (APTs) — APTs remain a serious and complex challenge for organizations. APTs are very hard to detect since they progress very slowly over a number of years. They are also highly sophisticated in nature and allow authors of the attacks to gain unauthorized access to a particular network or organization. APTs then remain undetected for long periods and slowly steal critical data from victims. The recently discovered Digitally Signed Dridex Campaign is one such APT that has come to the forefront recently. An infamous banking malware, Dridex, was first discovered in 2014 and is still active. Recently, this malware variant was found to be focusing more on employing new propagation techniques and evasion methods to avoid security software. A direct descendant of the Cridex banking malware, Dridex is delivered to victims through spam emails with macro-embedded Microsoft Word documents as attachments. Once Dridex has infiltrated a system, it steals banking credentials and other personal information to gain access to the victim’s financial information. Other recently discovered APTs include Operation Liberpy, Hammertoss, and SeaDask.

The Windows platform remains one of the most popular for business today. And thanks to some of the very novel upgrades in Windows 10, this is not likely to change in the near future, nor should it. As long as companies remain aware they can quickly fall victim to any of these common vulnerabilities and are vigilant in protecting each individual endpoint — from desktops to mobile devices and network gateways — they can defeat the odds of being a target for malware perpetrators.

Educating and training employees about the consequences of opening suspicious emails can successfully eliminate some of the risk of falling prey to malicious attacks. Keeping one step ahead of malware authors who work full time on finding creative ways around security safeguards already in place is admittedly challenging, but regular audits, early detection and prevention is key to protecting corporate data as well as your company’s brand reputation.

Sanjay Katkar is the Co-Founder and Chief Technical Officer of Quick Heal Technologies, a leading global provider of IT security solutions. He holds bachelor’s and master’s degrees in computer science from University of Pune, India. Katkar, who has been associated with Quick Heal since its incorporation, has spearheaded the development of the company’s enterprise software, technology and services. Quick Heal’s Seqrite data security product line is specifically targeted at small to midsize enterprises and is sold in North America exclusively through channel partners.