It’s no surprise that mobile phone usage has exploded over the past decade.  According to a study by ITU, there are roughly 6.8 billion mobile cellular subscriptions worldwide today.  As technology becomes more and more woven into the fabric of society, smartphone usage has become an increasingly common extension for desktop computing devices.  Employees are configuring their personal smartphones to access company information and IT Professionals often struggle with how to manage the protection of corporate data. 

This dynamic has created new opportunities for cybercrime.  Cybercriminals are increasingly targeting smartphone devices using a variety of tactics for malicious intent.  These tactics include the repackaging of popular applications with malicious code for download in app stores or marketplaces, malicious URLs designed to deceive users into downloading apps or provide personal information, or leveraging erroneous SMS messages or “smishing” as a means to drive up a smartphone subscriber’s bill. Read more.

Today we released a new version of our Enhanced Mitigation Experience Toolkit (EMET 4.0).  EMET is a free mitigation tool designed to help IT Professionals and developers prevent vulnerabilities in software from being successfully exploited. The tool works by protecting applications via the latest security mitigation technologies built into Windows, even in cases where the developer of the application didn’t opt to do this themselves. By doing so, it enables a wide variety of software to be made significantly more resistant to exploitation – even against zero day vulnerabilities and vulnerabilities for which an update has not yet been applied.

EMET has been a very popular tool among customers trying to manage risk associated with insecure applications they have in their environments.  Over the past year we have seen some attackers evolve their tactics in ways that we believe can be mitigated with a tool like EMET. We have also received feedback from a number of customers on how we could make EMET better fit their needs.  This information has been invaluable in enhancing the latest version of the tool.  EMET 4.0, released today, incorporates a number of new enhancements including protection against Man in the Middle attacks leveraging the Public Key Infrastructure (PKI), and hardening of Return-Oriented Programming (ROP) mitigations.  This version also addresses some known compatibility issues and is designed to work with some of our latest technologies such as Internet Explorer 10 and Windows 8. Read more

Many of the CISOs I talk to tell me that “Advanced Persistent Threats” (APT) style attacks are among their top concerns.  As I have written about before, the problem with the term APT is that it doesn’t describe this category of threats very accurately.  This makes it harder to understand and mitigate this type of threat.  Many of the threats we see in this category are not any more “advanced” or technically sophisticated than many of the broad-based attacks currently in use on the Internet.  At Microsoft we find that a more accurate and useful term for this category of threat is “targeted attacks by determined adversaries”.  The vast majority of these attacks use unpatched vulnerabilities for which updates are available, weak passwords, and social engineering to compromise systems.

Microsoft has released a series of whitepapers that are designed to help organizations understand and manage the risk posed by targeted attacks by determined adversaries.  Read more.

While on the road in Asia, I had an opportunity to meet with security professionals from Malaysia, India and Singapore to discuss regional threat trends based on data from our latest Microsoft Security Intelligence Report.  These discussions and an analysis of the threat landscape for Asia are summarized below. Read more.

Have you considered what cybersecurity policy choices have the most impact on cybersecurity outcomes? If so, this is the last week to enter our Cybersecurity 2020 essay contest for a chance to win the $5,000.00 cash prize!

To enter, send an email to cyber-essay@microsoft.com with your essay in Microsoft Word format and include the following information: first name, last name, email address, and school / university. Entries must be received by 11:59 p.m. Pacific Time (PT) on June 14, 2013.  For more information, including official rules of the contest, please visit: www.microsoft.com/gssdcontest

You might recall back in November, I wrote an article that discussed a new book for IT Professionals releasing in the coming months entitled “Windows Server 2012 Security from End to Edge and beyond.”  The book is now available and you can obtain a copy through online retails such as Amazon or Barnes & Noble.  Read more

According to the recently released Microsoft Security Intelligence Report volume 14, Hong Kong continues to enjoy one of the lowest malware infection rates in the world.  Figure 1 illustrates how Hong Kong’s infection rate has trended from the third quarter of 2011 (3Q11) to the fourth quarter of 2012 (4Q12).  The Microsoft Malicious Software Removal Tool (MSRT) found 2.2 systems infected with malware for every 1,000 systems scanned in the fourth quarter of 2012 while the worldwide average was 6.0 during the same period. Read more

In the first part of this series on the threat landscape in the European Union (EU) I examined threats found in the location with the highest malware infection rate, Romania.  In the second part of the series I discussed malicious websites that are hosted in the EU.  In this final article in the series I will look at the EU member states that have the lowest malware infection rates and share insights that other, more infected locations, might use to improve. The analysis in all three of these articles leverages data from the recently released Microsoft Security Intelligence Report volume 14 (SIRv14) and previous volumes and focuses on the fourth quarter of 2012 (4Q12). 

Before looking at the locations with the lowest malware infection rates in the EU, first let’s look at how threat categories and families have been trending in the EU as a whole during the eighteen month period between the third quarter of 2011 (3Q11) and the fourth quarter of 2012 (4Q12).  Figure 1 illustrates how threat categories have been trending in the EU.  In my opinion, the most serious concern is the upward trend in exploit activity in the EU.  Increased levels of drive-by download attacks and parser exploit attacks are major contributors to this trend.  I discuss these attacks in more detail below.  The other disconcerting trend is the consistently high levels of, and recent uptick in, detections of Miscellaneous Potentially Unwanted Software.  Much of this looks to be related to increased usage of tools that enable software piracy.  Read more

In the first part of this series on the threat landscape in the European Union (EU) I examined threats found in the location with the highest malware infection rate, Romania.  In this article I will discuss malicious websites that are hosted in the EU, specifically malware hosting sites, phishing sites and drive-by download sites.  This analysis leverages data from the recently released Microsoft Security Intelligence Report volume 14 (SIRv14) and previous volumes and focuses on the fourth quarter of 2012 (4Q12).  If you are unfamiliar with any of these types of attacks, please read some of the articles I have written in the past that contain background information:

• What You Should Know About Drive-By Download Attacks – Part 1
• What You Should Know About Drive-By Download Attacks – Part 2
• On The Origins of Malware: Are Malware Hosting Sites in Your State or Region?
• Phishing Financial Institutions & Social Networks

Today more and more attackers are using websites to attempt to distribute malware and steal credentials.  As I wrote about recently, we see that drive-by downloads are now the top threat detected in enterprise environments. Malicious websites typically appear to be legitimate and often provide no outward indicators of their malicious nature. In many cases, these sites are legitimate websites that have been compromised by malware, SQL injection, or other techniques.  Compromising legitimate websites allows attackers to take advantage of the established trust (positive brand) that users have with these sites. When this strategy is successful, it helps attackers get malware past firewalls, IDS/IPS, and other perimeter defenses; users literally bring the malware into their networks by visiting websites with systems that have out of date software installed on them. Read more

Today’s senior executives rely on information technology organizations to help their business execute on strategies and improve their operations.

As the bedrock for the corporate directory and identity, the Active Directory plays a critical role in this IT environment, by providing access control for servers and applications. 

At the same time, the threat of compromise to IT infrastructures from external attacks is rapidly growing and evolving in both scope and sophistication. The motivations behind these attacks range from “hacktivism” (attacks influenced by activist positions) to theft of intellectual property – and the Active Directory environment is not immune from being targeted for compromise.

Against this backdrop and to help enterprises protect their Active Directory environments, Microsoft IT released a detailed technical reference document, "Best Practices for Securing Active Directory."  Read more