Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
For the past three and a half years, Win32/Conficker has been the top threat found in enterprise environments. We have reported on Conficker in the Microsoft Security Intelligence Report since the second half of 2008. No new variants of Conficker have been released in years and the methods it uses to propagate are well known, but once it finds its way into an environment it can be difficult to eliminate it.
Figure 1 (left) and Figure 2 (right): Quarterly trends for the top 10 families detected on domain-joined computers in 2H12, by percentage of domain-joined computers reporting detections
Figure 3: Quarterly trends for top 10 families detected on domain-joined computers 1Q11 to 4Q12
Perhaps more importantly, in the second half of 2012, 7 out of the top 10 threats affecting enterprises were known to be delivered through malicious websites; these threats are denoted with an asterisk in Figure 1 and include JS/IframeRef, Blacole, JS/BlacoleRef, Win32/Zbot (also known as Zeus), Win32/Sirefef, Win32/Dorkbot, and Win32/Pdfjsc.
Exploit activity has been at high levels, as I recently wrote in an article called “Exploit Activity at Highest Levels in Recent Times: The Importance of Keeping All Software Up To Date.” Data in the Microsoft Security Intelligence Report shows that attackers have been using exploits more and more over the past eighteen to twenty-four months. So it’s no surprise to see threats related to exploit activity in the top ten list of threats for the enterprise.
The Call to ActionThe good news is that enterprises can protect themselves using a number of mitigations, including:
Tim RainsDirectorTrustworthy Computing