Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Today, Microsoft’s Digital Crimes Unit (DCU), in partnership with law enforcement and industry partners, announced the successful disruption of the Sirefef botnet, also known as ZeroAccess. This dangerous botnet is responsible for hijacking people’s search results and taking them to potentially dangerous websites that could install malware onto their computer, steal their personal information, or fraudulently charge businesses for online advertisement clicks. ZeroAccess also commits click fraud. According to the latest Microsoft Security Intelligence Report, by the end of 2012, malicious or compromised websites had emerged to become the top threats facing enterprises as well as consumers. This botnet specifically targets search results on the major online search and advertising platforms including Google, Bing and Yahoo!, and is estimated to cost online advertisers $2.7 million each month. Read more
In my travels abroad over the years, I have had the great opportunity to meet with many enterprise customers to discuss the evolving threat landscape. In addition to helping inform customers, these meetings have provided me with an opportunity to learn more about how customers are managing risk within their environments. Many of these customers are interested in learning about the top threats found in enterprise environments. Visibility into what threats are most common in enterprise environments helps organizations assess their current security posture and better prioritize their security investments. Given the high level of interest in this information, I thought it would be helpful to take a close look at the top 10 threats facing enterprise customers based on new intelligence from the latest Microsoft Security Intelligence Report (SIRv15).
The latest report found that in the enterprise environment, on average about 11% of systems encountered malware, worldwide between the third quarter of 2012 (3Q12) and the second quarter of 2013 (2Q13). The “encounter rate” is defined as the percentage of computers running Microsoft real-time security software that report detecting malware - typically resulting in a blocked installation of malware. This is different from the number of systems that actually get infected with malware, a measure called computers cleaned per mille (CCM). Read more
The recently published Microsoft Security Intelligence Report (SIRv15) contains a section on ransomware. Ransomware is a type of malware that is designed to render a computer or its files unusable until the computer user pays the demanded amount of money to the attacker. It often masquerades as an official-looking warning from a well-known law enforcement agency, such as the US Federal Bureau of Investigation (FBI) or the Metropolitan Police Service of London. Some examples are provided in Figure 1.
Ransomware has emerged as a relatively prevalent threat primarily in Europe. With the exception of New Zealand, all the locations where ransomware families made it onto the top ten list of threats in the second quarter of 2013 were in Europe; these locations include Austria, Belgium, Croatia, Cyprus, Czech Republic, Denmark, Finland, Germany, Ireland, Norway, Portugal, Slovakia, Slovenia, Sweden, Switzerland, and the United Kingdom. Read more.
One of the tools I get asked most about when I’m with customers is the Enhanced Mitigations Experience Toolkit (EMET). EMET is a free mitigation tool designed to help IT Professionals and developers prevent vulnerabilities in software from being successfully exploited. The tool works by protecting applications via the latest security mitigation technologies built into Windows, even in cases where the developer of the application didn’t opt to do this themselves. By doing so, it enables a wide variety of software to be made significantly more resistant to exploitation – even against zero day vulnerabilities and vulnerabilities for which an update has not yet been applied.
You can download this new version of EMET here.
For more information on this new version, I encourage you to visit the Security Research and Defense blog.
In this fourth and final part of our series on the threat landscape in South America, we examine threats in Chile and then Colombia. As illustrated in Figure 1, both of these regions have had periods where their malware infection rates were above the worldwide average, and have more recently trended down. Read more
In this third part of our series on the threat landscape in South America, we examine threats in Argentina and Uruguay. Of the locations represented in Figure 1, Argentina and Uruguay are among the locations with the lowest malware infection rates in South America. Read more
This article, part 2 of a series on the threat landscape in South America, focuses on Brazil. Brazil has had one of the most active threat landscapes in the world for many years. As seen in Figure 1, in the first quarter of 2011 (1Q11), Brazil’s infection rate (19.18) was over double that of the worldwide average (8.65). But Brazil’s infection rate dramatically improved over the following nine quarters, ending the second quarter of 2013 (2Q13) at 6.7 compared to the worldwide average of 5.8. Read more
Posted by: Kevin Sullivan, Principal Security Strategist, Trustworthy Computing
The pervasive use of computing and the Internet means that cybersecurity is now a major concern for organizations around the world. In response, decision makers are developing plans that seek to ensure key assets, systems and networks remain protected in this new environment, while preserving the benefits that come with broad connectivity. However, these approaches vary considerably, according to the different needs and stages of development of individual countries. Read more
One region of the world I haven’t written extensively about before is South America. Recently I had the opportunity to visit a couple of countries in South America to visit customers and discuss the threats they see in their environments. This is part 1 in a series of articles that will focus on threats found in several locations including Argentina, Brazil, Chile, Colombia and Uruguay. All of these articles are based on new data published in the Microsoft Security Intelligence Report volume 15 and previous volumes.
As seen in Figure 1, several locations in South America have malware infection rates (CCM) higher than the worldwide average, while a few locations have infection rates lower than the worldwide average. In the fourth quarter of 2012 (4Q12) Bolivia had the highest infection rate with 9.4 systems infected for every 1,000 that the Microsoft Malicious Software Removal Tool (MSRT) scanned there. The worldwide average in 4Q12 was 6.0 and Uruguay had the lowest infection rate of the locations examined with a CCM of 3.1. But infection rates in the region changed dramatically in the first half of 2013. Bolivia, Ecuador, Peru, and Venezuela all saw infection rate increases during the second quarter of 2013 (2Q13). Peru’s malware infection rate increased from 9.4 in 1Q13 to 17.0 in 2Q13, a 45 percent increase in ninety days. Ecuador saw a 27 percent increase in its infection rate in 2Q13 while Bolivia saw a 29 percent increase in the same period. Read more
We had the opportunity to present new findings from the Microsoft Security Intelligence Report volume 15 at RSA Conference Europe last week in Amsterdam. Jeff Jones and I presented some of the new data from the report.
In our session we discussed some of the global threats from the report, as well as a custom analysis on the threat landscape in the European Union (EU). I recently published a blog on the threat landscape in the EU, over on the Microsoft Europe blog, that also includes a new video: Security Intelligence Report: new threat data for the European Union shows that Windows XP is losing pace with attackers. Read more