Microsoft Security Blog

Cloud Computing Trends Report : Maturity of IT Departments

Jeff Jones - MSFT — Thu, 23 May 2013 15:03:23 GMT

As cloud computing matures, a growing number of organizations are interested in moving to cloud environments to help lower IT costs, increase efficiencies, and realize greater flexibility. However, organizations that consider cloud computing have also...(read more)

Attention Students: Only 3 Weeks Left to Enter the Cybersecurity 2020 Essay Contest

Microsoft Security Staff — Thu, 23 May 2013 12:00:00 GMT

Are you working on cutting edge research on the future of cybersecurity policy? If so, you have less than 3 weeks left to enter our Cybersecurity 2020 essay contest for a chance to win the $5,000 cash prize! Read more.

...(read more)

Microsoft's Perspective on Incentives to Adopt Improved Cybersecurity Practices

Paul Nicholas - TwC — Tue, 21 May 2013 09:00:00 GMT

Last month my blog post discussed Microsoft’s perspective on building a Cybersecurity Framework for critical infrastructure, which is part of President Obama’s Executive Order on cybersecurity. As a next step in the process of implementing the Executive Order, the Commerce Department recently requested comments regarding incentives to encourage critical infrastructure entities and others to adopt improved cybersecurity practices. These incentives would be aimed at encouraging participation in a new voluntary program (referred to as the Voluntary Program below) to support the adoption by owners and operators of critical infrastructure and other interested entities of the Cybersecurity Framework being developed by the National Institute of Standards and Technology (NIST).

Last week, Microsoft submitted comments to the Commerce Department about these incentives. Before discussing Microsoft’s comments, it is important to acknowledge that the Commerce Department has led an ongoing public discussion about how to incent broader adoption of cybersecurity practices, reaching back to Commerce’s Green Paper on Cybersecurity, Innovation, and the Internet Economy and our comments both prior and subsequent to the Green Paper. We appreciate the Commerce Department’s consistent focus on the important challenge of creating incentives to increase cybersecurity. Read more

...(read more)

Are Viruses Making a Comeback?

Tim Rains - Microsoft — Thu, 16 May 2013 12:00:00 GMT

In the six or seven years that we have been publishing the Microsoft Security Intelligence Report (SIR) I have seen many trends emerge over time. The threat landscape is constantly changing as attackers try to find methods that will help them compromise the systems they target. For several years viruses (file infectors) seemed to be out of favor with attackers as they used other categories of threats to attack systems.

Viruses simply didn’t support the profit motive many attackers had in the same way that Trojan Downloaders and Droppers, Miscellaneous Trojans, and Password Stealers and Monitoring Tools all did. Viruses are threats designed in an era before ubiquitous Internet connectivity made it easier for Worms to successfully self-propagate. Worms like SQL Slammer and Blaster spread around the world in minutes. This would likely take an old fashioned file-infector much, much longer to accomplish, limiting their ability to infect large numbers of systems quickly. Additionally, Viruses tend to be relatively “noisy” threats as they typically try to infect large numbers of files (.exe, .dll, .scr) on the systems they compromise. This characteristic can make them easier to detect than other more blended threats.

Subsequently, I have rarely seen the Virus threat category found on more than 5 percent of systems with detections globally. There have been regional exceptions like Korea, Russia, and Brazil, where I have seen relative Virus levels reach between 10 and 15 percent. But more recently I have noticed that Viruses seem to be making a comeback. As seen in Figure 1, the relative prevalence of Viruses has been trending up. The prevalence worldwide for the Virus threat category was 7.8 percent in the fourth quarter of 2012 (4Q12). Read more.

...(read more)

Security Development Conference 2013 - Kick Off

Tim Rains - Microsoft — Tue, 14 May 2013 08:00:00 GMT

This morning at the Security Development Conference in San Francisco, I am joined by hundreds of organizations that have traveled from all over the world to learn more about proven practices in security development that can help reduce an organization’s risk to threats on the Internet. As we anxiously await the two keynotes by Scott Charney and Howard Schmidt to kick off the day, I am reminded of the early days of computing when security development was an afterthought for many organizations.

The threat landscape has evolved quite a bit over the past decade and the importance of software security is more evident than ever. To see so many security professionals in attendance at this year’s conference makes me cautiously optimistic that more and more organizations are starting to take application security seriously.

Despite the growing awareness on the need for application security, adoption numbers remain low. A recent Microsoft survey found that only 37% of IT Professionals worldwide cited their organizations as building their products and services with security in mind. In that same study, 61% of developers were not taking advantage of mitigation technologies that already exist such as ASLR, SEHOP and DEP. The three biggest roadblocks cited by IT professions and developers were management approval, lack of support and training and cost. Read more

...(read more)

Microsoft Security Intelligence Report volume 14 on the Road: Japan

Tim Rains - Microsoft — Mon, 06 May 2013 08:00:00 GMT

I was in Tokyo a couple of weeks back, talking to people about the latest Microsoft Security Intelligence Report. According to the report, Japan continues to have one of the lowest malware infection rates in the world, as seen in Figure 1. The Microsoft Malicious Software Removal Tool (MSRT) found just 0.7 systems infected with malware for every 1,000 systems scanned in the fourth quarter of 2012. The worldwide average was 6.0 during the same period.

REGISTER NOW FOR SDC 2013 AND SAVE!

Microsoft Security Staff — Wed, 01 May 2013 18:26:00 GMT

In less than two weeks, the world’s best and brightest security professionals will converge on the InterContinental Hotel San Francisco, CA for the Security Development Conference! Don’t miss this opportunity to hear from industry experts who will discuss current security topics and issues.

REGISTER NOW using this discount code: IND@SDC#12 and save $300 off current registration prices. For more information, visit the website at www.securitydevelopmentconference.com or contact sdc@eventpoint.com

...(read more)

Anti-virus Software is Dead…Really?

Tim Rains - Microsoft — Thu, 18 Apr 2013 07:00:00 GMT

Yesterday we released the latest volume of the Microsoft Security Intelligence Report. Among the ~800 pages of new threat intelligence is a new study that attempts to quantify the benefit of running up-to-date anti-virus (AV) software. The study leveraged data from over a billion systems worldwide and it turns out that systems that do not have up-to-date AV are 5.5 times more likely to be infected with malware than systems that are protected. It’s also noteworthy that almost 270 million systems worldwide did not have up-to-date AV installed in the second half of 2012; many people that could be benefiting from the protection that AV offers, are not.

Didn’t we already know this?
While it might seem like common sense that AV software is a good thing to have, I think much of the evidence I have seen to support this notion has mostly been anecdotal. I have attended and spoken at numerous security industry conferences over the past couple of years where I have heard more and more industry security experts question the efficacy of AV. The typical argument against AV is the erroneous assumption that since it can’t block or detect 100% of threats, including some of the high-profile targeted attacks that have been reported over the last few years, then it’s entirely worthless and not worth running.

To me, this point of view seems less than pragmatic as part of the challenge the industry has is to protect the billions of devices that are now continuously connected to the Internet from the flood of new threats that continually emerge. Since both the number of connected devices and the number of threats will only increase in the future, how to scale protections will always be important. More and more attackers are using automation and sophisticated techniques like server-side polymorphism to generate massive numbers of threats; Figure 1 below illustrates the estimated growth of malware since 1991 and Figure 2 shows 29,451,883 computers had detections/removals of malware in the ten most active countries in the 90 days of the fourth quarter of 2012 alone. In this type of environment AV is becoming more important, not less important. Read more.

...(read more)

Volume 14 of the Microsoft Security Intelligence Report Released: Hundreds of Pages of New Security Intelligence Now Available

Tim Rains - Microsoft — Wed, 17 Apr 2013 07:00:00 GMT

We released the latest volume of the Microsoft Security Intelligence Report today that provides a large body of new data and analysis on the threat landscape. Volume 14 focuses on what the threat landscape looked like in the second half of 2012, including trend data from previous periods. This volume of the report contains:

Industry-wide vulnerability disclosure trends and analysis
An examination of global vulnerability exploit activity
Trends and analysis on global malware and potentially unwanted software
The latest analysis of threats in more than 100 countries/regions around the world
Data and insights on how attackers are using spam and other email threats
The latest global and regional data on malicious websites including phishing sites, malware hosting sites and drive-by download sites

In addition, we have included a section in the report focused on quantifying the value of using up-to-date antimalware software. This is a must read for those Information Technology/security professionals who are grappling with the challenge of articulating why investing in antimalware software is so important to the security of their organization, possibly among those questioning its efficacy.

I encourage you to download the new SIR and take full advantage of the new research it contains as well as the hundreds of pages of new threat intelligence. We also have a shorter Key Findings Summary available, new video content, and past volumes of the report, all at www.microsoft.com/sir.

Tim Rains
Director
Trustworthy Computing

...(read more)

Malicious Websites Now the Top Threat to the Enterprise

Tim Rains - Microsoft — Wed, 17 Apr 2013 07:00:00 GMT

For the past three and a half years, Win32/Conficker has been the top threat found in enterprise environments. We have reported on Conficker in the Microsoft Security Intelligence Report since the second half of 2008. No new variants of Conficker have been released in years and the methods it uses to propagate are well known, but once it finds its way into an environment it can be difficult to eliminate it.

New data just published in volume 14 of the report, focused on the second half of 2012 (2H12), shows that Conficker has competition as the number one threat in enterprise environments. Figure 1 shows that JS/IframeRef was encountered by more computers than Conficker in the second (2Q12) and fourth (4Q12) quarters of 2012. IframeRef was detected almost 3.3 million times in 4Q12. JS/IframeRef is a malicious piece of JavaScript code that is presented on infected or malicious websites. The purpose of the script is to redirect your browser to other sites that attempt to download malware onto your computer, often by exploiting unpatched software vulnerabilities. Read more..

...(read more)