Microsoft analyzes malware in the Middle East to reveal valuable lessons

We tend to look at the threat of malware either locally—how it affects us personally—or globally—how it affects the world as a whole. When you look at malware through a regional lens, though, you can uncover evidence about how and why malware rates are higher in some areas than they are in others. At the RSA Security Conference in San Francisco earlier this year, Tim Rains, Microsoft director of Trustworthy Computing, presented a session that did just that.

Rains presentation was titled “A deep dive into the security threat landscape of the Middle East / Southwest Asia.” The name of the session is a bit dry and official sounding–like a Department of Defense briefing one might give at the Pentagon, but don’t let that fool you. [inlinetweet prefix=”” tweeter=”” suffix=””]Rains shared some very interesting information that might be helpful in addressing the malware problem.[/inlinetweet]

The focus of the presentation was the Middle East because the Middle East has a higher than normal rate of malware infection. Rains analyzed data from Bahrain, Egypt, Israel, Iraq, Jordan, Kuwait, Lebanon, Oman, Pakistan, Palestinian Authority, Qatar, Saudi Arabia, Syria, Turkey, and the United Arab Emirates, and compared it against the United States and worldwide averages. What he found is that there are direct correlations between socio-political stability and computer security.

ms1

[inlinetweet prefix=”” tweeter=”” suffix=””]The malware infection rates in most of these countries is significantly higher than the worldwide average[/inlinetweet]. Looking at data from Q1 of 2011 through Q2 of 2013, many of these Middle Eastern nations experienced malware infection rates at least double the average in the world as a whole. Nations with increased political strife like Iraq, Syria, and Egypt, had malware infection rates five or six times higher than the worldwide average. According to Rains, there are three primary factors that contribute to this situation: use of antimalware protection, use of Windows XP, and private-public cooperation.

Use of Antimalware

Worldwide, the percentage of PCs that are always protected with some form of antimalware tool is just below 75 percent. The United States is actually a bit above that curve—somewhere around 76 percent. Most of the nations Rains analyzed from the Middle East are below the worldwide average. As one might expect, the nations with the highest rate of malware infection—like Iraq, Syria, and Egypt—also have some of the lowest rates of antimalware protection.

Rains broke down the data a bit further to see which systems are intermittently protected vs. having no antimalware protection at all. Again, Iraq, Syria, and Egypt are among the highest when it comes to intermittent protection. Rains attributes the sporadic nature of antimalware protection in these nations to the instability of the Internet itself. Basically, people in these regions have antimalware protection installed, but if there is an Internet outage those systems can’t receive updates from the vendor which leaves them unprotected against emerging threats.

Use of Windows XP

I’ll take some credit for this part of the presentation. I had an opportunity to see Rains present an earlier version of the presentation—which didn’t include Windows XP as a factor—and when Rains was done I asked him what the rate of Windows XP usage is in these nations, and whether or not the use of Windows XP is a contributing factor to the apparent lack of security.

ms2

Windows XP encounters potential malware threats at about the same rate as other versions of Windows. In fact, for Q2 of 2013 Windows XP has a lower encounter rate than either Windows Vista or Windows 7. The difference is that Windows XP gets infected nearly twice as much as Vista or Windows 7, and almost six times the rate of Windows 8. Clearly, using Windows XP puts you at greater risk of malware compromise.

The worldwide market share for Windows XP is sadly still fairly high given that Microsoft support for the OS officially expires in about a month. Many of the nations in the Middle East are actually below the worldwide average, but Eqypt and Pakistan have Windows XP market share more than double the worldwide average, and Turkey and Syria are also higher than the rest of the world.

Private-Public Cooperation

The nefarious activities of the NSA notwithstanding, the United States benefits tremendously from partnerships between government agencies, security vendors, and major corporations. Sharing relevant intelligence data enables all parties to respond proactively, or at least more quickly, to emerging threats.

In nations undergoing political upheaval, or armed conflict, those partnerships break down. Ironically, the social strife also tends to increase the rate of malware attacks—especially targeted attacks aimed at specific groups of users. The combination of increased malware and decreased collaboration results in more systems being exposed to threats, and ultimately compromised by malware.

Lessons Learned

What does all of this teach us? Primarily, Rains presentation illustrates that a solid Internet infrastructure, combined with IT culture that actively monitors for threats, and cooperation between public and private entities all contribute to being safer online. In countries faced with political strife and armed combat, it may not be possible to achieve those goals.

Rains shared with me that social stability, economic development, and digital access are all elements that contribute to a more secure Internet. Regions that have solid broadband access, and higher Internet users per capita, a stable government and system of laws, and a strong economy are more likely to have the proper security and incident response tools in place, and much less likely to experience massive malware outbreaks.

Scroll to Top