Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
You might recall back in November, I wrote an article that discussed a new book for IT Professionals releasing in the coming months entitled “Windows Server 2012 Security from End to Edge and beyond.” The book is now available and you can obtain a copy through online retails such as Amazon or Barnes & Noble. Read more
According to the recently released Microsoft Security Intelligence Report volume 14, Hong Kong continues to enjoy one of the lowest malware infection rates in the world. Figure 1 illustrates how Hong Kong’s infection rate has trended from the third quarter of 2011 (3Q11) to the fourth quarter of 2012 (4Q12). The Microsoft Malicious Software Removal Tool (MSRT) found 2.2 systems infected with malware for every 1,000 systems scanned in the fourth quarter of 2012 while the worldwide average was 6.0 during the same period. Read more
In the first part of this series on the threat landscape in the European Union (EU) I examined threats found in the location with the highest malware infection rate, Romania. In the second part of the series I discussed malicious websites that are hosted in the EU. In this final article in the series I will look at the EU member states that have the lowest malware infection rates and share insights that other, more infected locations, might use to improve. The analysis in all three of these articles leverages data from the recently released Microsoft Security Intelligence Report volume 14 (SIRv14) and previous volumes and focuses on the fourth quarter of 2012 (4Q12).
Before looking at the locations with the lowest malware infection rates in the EU, first let’s look at how threat categories and families have been trending in the EU as a whole during the eighteen month period between the third quarter of 2011 (3Q11) and the fourth quarter of 2012 (4Q12). Figure 1 illustrates how threat categories have been trending in the EU. In my opinion, the most serious concern is the upward trend in exploit activity in the EU. Increased levels of drive-by download attacks and parser exploit attacks are major contributors to this trend. I discuss these attacks in more detail below. The other disconcerting trend is the consistently high levels of, and recent uptick in, detections of Miscellaneous Potentially Unwanted Software. Much of this looks to be related to increased usage of tools that enable software piracy. Read more
In the first part of this series on the threat landscape in the European Union (EU) I examined threats found in the location with the highest malware infection rate, Romania. In this article I will discuss malicious websites that are hosted in the EU, specifically malware hosting sites, phishing sites and drive-by download sites. This analysis leverages data from the recently released Microsoft Security Intelligence Report volume 14 (SIRv14) and previous volumes and focuses on the fourth quarter of 2012 (4Q12). If you are unfamiliar with any of these types of attacks, please read some of the articles I have written in the past that contain background information:
Today more and more attackers are using websites to attempt to distribute malware and steal credentials. As I wrote about recently, we see that drive-by downloads are now the top threat detected in enterprise environments. Malicious websites typically appear to be legitimate and often provide no outward indicators of their malicious nature. In many cases, these sites are legitimate websites that have been compromised by malware, SQL injection, or other techniques. Compromising legitimate websites allows attackers to take advantage of the established trust (positive brand) that users have with these sites. When this strategy is successful, it helps attackers get malware past firewalls, IDS/IPS, and other perimeter defenses; users literally bring the malware into their networks by visiting websites with systems that have out of date software installed on them. Read more
Today’s senior executives rely on information technology organizations to help their business execute on strategies and improve their operations.
As the bedrock for the corporate directory and identity, the Active Directory plays a critical role in this IT environment, by providing access control for servers and applications.
At the same time, the threat of compromise to IT infrastructures from external attacks is rapidly growing and evolving in both scope and sophistication. The motivations behind these attacks range from “hacktivism” (attacks influenced by activist positions) to theft of intellectual property – and the Active Directory environment is not immune from being targeted for compromise.
Against this backdrop and to help enterprises protect their Active Directory environments, Microsoft IT released a detailed technical reference document, "Best Practices for Securing Active Directory." Read more
It’s time for our semi-annual inspection of the threat landscape in the European Union (EU). This analysis leverages data from the recently released Microsoft Security Intelligence Report volume 14 (SIRv14) and previous volumes. The focus of this analysis is the second half of 2012. If you are interested in prior analysis we have done on the EU please see the following articles:
Although the malware infection rate in Romania trended down in the second half of 2012, Romania continues to have the highest malware infection rate of any country in the EU. In the fourth quarter of 2012 (4Q12) Romania’s malware infection rate was 12.4 systems infected with malware for every 1,000 that the MSRT scanned there, as seen in Figure 1. This is over double the worldwide average of 6.0 for the same time period. The most common category in Romania in 4Q12 was Miscellaneous Potentially Unwanted Software that affected 43.3 percent of all computers with detections there, up from 37.4 percent in 3Q12. Read more
Today the Microsoft Digital Crimes Unit announced a new cloud-based version of its Cyber Threat Intelligence Program (C-TIP) that gives Internet Service Providers (ISPs) and Computer Emergency Response Teams (CERTs) around the world access to near real-time threat intelligence. This new cloud service provides these organizations access to timely information about known malware infections in their systems and regions, enabling them to more quickly and efficiently notify victims of potential security issues with their computer.
Every day our systems receive hundreds of millions of attempted check ins from computers infected with malware such as Conficker, Waledac, Rustock, Kelihos, Zeus, Nitol and Bamital. In the past, we provided this intelligence to 44 ISP and CERT organizations in 38 countries using email and other forms of information sharing, but it made sense to evolve this into a near real-time cloud-based service. On Friday, the Spanish CERT joined other CERTs such as Luxembourg’s CIRCL and govCERT as early adopters of the new C-TIP cloud service. Read more.
Are you working on cutting edge research on the future of cybersecurity policy? If so, you have less than 3 weeks left to enter our Cybersecurity 2020 essay contest for a chance to win the $5,000 cash prize! Read more.
Last month my blog post discussed Microsoft’s perspective on building a Cybersecurity Framework for critical infrastructure, which is part of President Obama’s Executive Order on cybersecurity. As a next step in the process of implementing the Executive Order, the Commerce Department recently requested comments regarding incentives to encourage critical infrastructure entities and others to adopt improved cybersecurity practices. These incentives would be aimed at encouraging participation in a new voluntary program (referred to as the Voluntary Program below) to support the adoption by owners and operators of critical infrastructure and other interested entities of the Cybersecurity Framework being developed by the National Institute of Standards and Technology (NIST).
Last week, Microsoft submitted comments to the Commerce Department about these incentives. Before discussing Microsoft’s comments, it is important to acknowledge that the Commerce Department has led an ongoing public discussion about how to incent broader adoption of cybersecurity practices, reaching back to Commerce’s Green Paper on Cybersecurity, Innovation, and the Internet Economy and our comments both prior and subsequent to the Green Paper. We appreciate the Commerce Department’s consistent focus on the important challenge of creating incentives to increase cybersecurity. Read more