Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Earlier this year we published a special edition Security Intelligence Report that looked at some of the ways the threat landscape has evolved over the past ten years. The report included a view into how attackers have shifted their tactics over the past decade. I discussed the data in this report in depth, in a series of articles that Jeff Jones and I wrote, looking back at how things have changed (part 1, 2, 3, 4, 5, 6).
Figure 1: Threat categories since 2006
As I look at the current state of the global threat landscape, I’m struck by a new evolution, the amount of exploit activity that has occurred over the past year. According to data we recently published in the Microsoft Security Intelligence Report volume 13 (SIRv13), there has been a measurable increase in exploit activity since the first quarter of 2011 (1Q11) as seen in Figures 2 and 3. Figure 2 indicates that the number of exploit detections blocked by Microsoft antimalware software increased comparatively from below 10% in 1Q11 to over 15% in the first quarter of 2012 (1Q12).
Figure 2: Detections by threat category, 1Q11–2Q12, by percentage of all computers reporting detections
Figure 3: Unique computers reporting different types of exploits, 1Q11–2Q12
Figure 4: Top exploit families detected by Microsoft antimalware products in the second half of 2011 and first half of 2012, by number of unique computers with detections, shaded according to relative prevalence
Recent reports on at least one security vendor’s data seem to confirm that exploit activity focusing on Oracle Java has risen:
In years past it was rare to see an exploit in the top ten list of threats for a country/region. In the second quarter of 2012, at least one exploit was in the top ten list of threats for 51 locations of the 105 countries/regions (49%) reported on in SIRv13. Many locations had multiple exploits on their top ten list of threats including regions whose lists typically contain less severe threats such as Austria, Canada, Finland, and Germany. If this trend continues, I would expect exploits to appear in the top ten lists of threats for more locations around the world. This makes it more important than ever to keep all software installed on a system up-to-date, regardless of what operating system is running.
The call to action includes:
Tim Rains Director Trustworthy Computing