Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

November, 2013

  • Microsoft Cybersecurity Report: Top 10 Most Wanted Enterprise Threats

    In my travels abroad over the years, I have had the great opportunity to meet with many enterprise customers to discuss the evolving threat landscape.  In addition to helping inform customers, these meetings have provided me with an opportunity to learn more about how customers are managing risk within their environments.   Many of these customers are interested in learning about the top threats found in enterprise environments.  Visibility into what threats are most common in enterprise environments helps organizations assess their current security posture and better prioritize their security investments.  Given the high level of interest in this information, I thought it would be helpful to take a close look at the top 10 threats facing enterprise customers based on new intelligence from the latest Microsoft Security Intelligence Report (SIRv15). 

    The latest report found that in the enterprise environment, on average about 11% of systems encountered malware, worldwide between the third quarter of 2012 (3Q12) and the second quarter of 2013 (2Q13).  The “encounter rate” is defined as the percentage of computers running Microsoft real-time security software that report detecting malware - typically resulting in a blocked installation of malware. This is different from the number of systems that actually get infected with malware, a measure called computers cleaned per mille (CCM).  Read more

  • Ransomware is on the Rise, Especially in Europe

    The recently published Microsoft Security Intelligence Report (SIRv15) contains a section on ransomware. Ransomware is a type of malware that is designed to render a computer or its files unusable until the computer user pays the demanded amount of money to the attacker. It often masquerades as an official-looking warning from a well-known law enforcement agency, such as the US Federal Bureau of Investigation (FBI) or the Metropolitan Police Service of London. Some examples are provided in Figure 1.

    Ransomware has emerged as a relatively prevalent threat primarily in Europe. With the exception of New Zealand, all the locations where ransomware families made it onto the top ten list of threats in the second quarter of 2013 were in Europe; these locations include Austria, Belgium, Croatia, Cyprus, Czech Republic, Denmark, Finland, Germany, Ireland, Norway, Portugal, Slovakia, Slovenia, Sweden, Switzerland, and the United Kingdom.  Read more.

  • EMET 4.1 Released

    One of the tools I get asked most about when I’m with customers is the Enhanced Mitigations Experience Toolkit (EMET). EMET is a free mitigation tool designed to help IT Professionals and developers prevent vulnerabilities in software from being successfully exploited. The tool works by protecting applications via the latest security mitigation technologies built into Windows, even in cases where the developer of the application didn’t opt to do this themselves. By doing so, it enables a wide variety of software to be made significantly more resistant to exploitation – even against zero day vulnerabilities and vulnerabilities for which an update has not yet been applied.

    You can download this new version of EMET here.

    For more information on this new version, I encourage you to visit the Security Research and Defense blog.

  • The Threat Landscape in South America: Chile and Colombia

    In this fourth and final part of our series on the threat landscape in South America, we examine threats in Chile and then Colombia.  As illustrated in Figure 1, both of these regions have had periods where their malware infection rates were above the worldwide average, and have more recently trended down. Read more

  • The Threat Landscape in South America: Argentina and Uruguay

    In this third part of our series on the threat landscape in South America, we examine threats in Argentina and Uruguay.  Of the locations represented in Figure 1, Argentina and Uruguay are among the locations with the lowest malware infection rates in South America. Read more

  • The Threat Landscape in South America: Examining Brazil’s Dramatic Improvement

    This article, part 2 of a series on the threat landscape in South America, focuses on Brazil.  Brazil has had one of the most active threat landscapes in the world for many years.  As seen in Figure 1, in the first quarter of 2011 (1Q11), Brazil’s infection rate (19.18) was over double that of the worldwide average (8.65).  But Brazil’s infection rate dramatically improved over the following nine quarters, ending the second quarter of 2013 (2Q13) at 6.7 compared to the worldwide average of 5.8. Read more

  • Maslow and Malware: Developing a Hierarchy of Needs for Cybersecurity

    Posted by: Kevin Sullivan, Principal Security Strategist, Trustworthy Computing

    The pervasive use of computing and the Internet means that cybersecurity is now a major concern for organizations around the world. In response, decision makers are developing plans that seek to ensure key assets, systems and networks remain protected in this new environment, while preserving the benefits that come with broad connectivity. However, these approaches vary considerably, according to the different needs and stages of development of individual countries. Read more

  • The Threat Landscape in South America

    One region of the world I haven’t written extensively about before is South America.  Recently I had the opportunity to visit a couple of countries in South America to visit customers and discuss the threats they see in their environments. This is part 1 in a series of articles that will focus on threats found in several locations including Argentina, Brazil, Chile, Colombia and Uruguay. All of these articles are based on new data published in the Microsoft Security Intelligence Report volume 15 and previous volumes.

    As seen in Figure 1, several locations in South America have malware infection rates (CCM) higher than the worldwide average, while a few locations have infection rates lower than the worldwide average.  In the fourth quarter of 2012 (4Q12) Bolivia had the highest infection rate with 9.4 systems infected for every 1,000 that the Microsoft Malicious Software Removal Tool (MSRT) scanned there.  The worldwide average in 4Q12 was 6.0 and Uruguay had the lowest infection rate of the locations examined with a CCM of 3.1. But infection rates in the region changed dramatically in the first half of 2013. Bolivia, Ecuador, Peru, and Venezuela all saw infection rate increases during the second quarter of 2013 (2Q13). Peru’s malware infection rate increased from 9.4 in 1Q13 to 17.0 in 2Q13, a 45 percent increase in ninety days. Ecuador saw a 27 percent increase in its infection rate in 2Q13 while Bolivia saw a 29 percent increase in the same period. Read more

  • The Threat Landscape in the European Union at RSA Conference Europe 2013

    We had the opportunity to present new findings from the Microsoft Security Intelligence Report volume 15 at RSA Conference Europe last week in Amsterdam. Jeff Jones and I presented some of the new data from the report.

    In our session we discussed some of the global threats from the report, as well as a custom analysis on the threat landscape in the European Union (EU). I recently published a blog on the threat landscape in the EU, over on the Microsoft Europe blog, that also includes a new video: Security Intelligence Report: new threat data for the European Union shows that Windows XP is losing pace with attackers. Read more

  • Observations from the FedRAMP Certification Process

    Posted by Scott Charney, Corporate Vice President, Trustworthy Computing, Microsoft

    On September 30, Microsoft announced that our public cloud platform, Windows Azure, had been granted Provisional Authorities to Operate (P-ATO) from the Federal Risk and Authorization Management Program (FedRAMP) Joint Authorization Board (JAB). The FedRAMP Program Management Office also announced recently that federal agencies can now leverage the P-ATO to support their own agency-specific cloud migration efforts. FedRAMP is a government-wide program administered by the General Services Administration (GSA) that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud services. Agencies are required by the Office of Management and Budget to use FedRAMP to adopt cloud services. Read more