Microsoft regularly aggregates the latest worldwide security data into the Security Intelligence Report (SIR), unpacking the most pressing issues in cybersecurity.
Here are some highlights:
Cloud Threat Intelligence
The cloud has become the central data hub for any organization, which means it’s also a growing target for attackers.
Definition - Attackers break into the cloud-based account simply by using the stolen sign-in credentials of a user
Analysis - A large majority of these compromises are the result of weak, guessable passwords and poor password management, followed by targeted phishing attacks and breaches of third-party services.
Cloud-based user account attacks have increased 300% from last year, showing that attackers have found a new favorite target.
Drive-by download sites
Definition - A website that hosts malware in its code and can infect a vulnerable computer simply by a web visit
Analysis - Attackers sneak malicious code into legitimate but poorly secured websites. Machines with vulnerable browsers can become infected by malware simply by visiting the site. Bing search constantly monitors sites for malicious elements or behavior, and displays prominent warnings before redirecting to any suspicious site.
Taiwan and Iran have the highest concentration of drive-by download pages
Endpoint threat intelligence
An endpoint is any device remotely connected to a network that can provide an entry point for attackers––such as a laptop or mobile device. Since users interact with an endpoint, it remains a key opportunity for attackers and a security priority for organizations.
Definition - Malware that disables a computer or its files until an amount of money is paid to the attackers
Analysis - Ransomware attacks have been on the rise, disrupting major organizations and grabbing global headlines. Attacks like WannaCry and Petya disabled thousands of machines worldwide in the first half of 2017. Windows 10 includes mitigations that prevent common exploitation techniques by these and other ransomware threats.
Ransomware disproportionately targeted Europe with Czech Republic, Italy, Hungary, Spain, Romania, and Croatia being the top six countries with the highest encounter rates.
Definition - A bundle of malicious software that discovers and abuses a computer's vulnerabilities
Analysis - Once installed on a compromised web server, exploit kits can easily reach any computer lacking proper security updates that visits the site.
Many of the more dangerous exploits are used in targeted attacks before appearing in the wild in larger volumes.
Takeaways and Checklist:
- The threats and risks of cyberattacks are constantly changing and growing. However, there are some practical steps you can take to minimize your exposure.
- Reduce risk of credential compromise by educating users on why they should avoid simple passwords, enforcing multi-factor authentication and applying alternative authentication methods (e.g., gesture or PIN).
Enforce security policies that control access to sensitive data and limit corporate network access to appropriate users, locations, devices, and operating systems (OS).
- Do not work in public Wi-Fi hotspots where attackers could eavesdrop on your
communications, capture logins and passwords, and access your personal data. Regularly update your OS and other software to ensure the latest patches are installed
India specific report
The statistics presented here are generated by Microsoft security programs and services running on computers in India in March 2017 and previous quarters. This data is provided from administrators or users who choose to opt in to provide data to Microsoft, using IP address geolocation to determine country or region.
Encounter rate trends
15.5 percent of computers in India encountered malware, compared to worldwide encounter rate of 7.8 percent. The most common malicious software category in India was Trojans. The second most common malicious software category was Worms. The third most common malicious software category was Downloaders & Droppers.
The most common unwanted software category was Browser Modifiers. The second most common unwanted software category was Software Bundlers. The third most common unwanted software category was Adware.
The most common malicious software family encountered was Win32/Fuery, Win32/Fuery is a cloud-based detection for files that have been automatically identified as malicious by the cloud-based protection feature of Windows Defender. The second most common malicious software family encountered was Win32/Vigorf. Win32/Vigorf is a generic detection for a variety of threats. The third most common malicious software family encountered was Win32/Skeeyah. Win32/Skeeyah is a generic detection for various threats that display Trojan characteristics. The fourth most common malicious software family encountered was Win32/Dynamer. Win32/Dynamer is a generic detection for a variety of threats.
The most common unwanted software family encountered was Win32/Foxiebro. Win32/Foxiebro is a browser modifier that can inject ads to search results pages, modify web pages to insert ads, and open ads in new tabs. The second most common unwanted software family encountered was Win32/ICLoader. Win32/ICLoader is a software bundler distributed from software crack sites, which installs unwanted software alongside the desired program. It sometimes installs other unwanted software, such as Win32/Neobar. The third most common unwanted software family encountered was MSIL/Wizrem. MSIL/Wizrem is a software bundler that downloads other unwanted software, including Win32/EoRezo and Win32/Sasquor. It might also try to install malicious software such as Win32/Xadupi.
Security software use
Nearly 18% of the computers in India are not running up-to-date real-time security software when compared to the world-wide number of about 12%.
Attackers often use websites to conduct phishing attacks or distribute malware. Malicious websites typically appear completely legitimate and often provide no outward indicators of their malicious nature, even to experienced computer users. In many cases, these sites are legitimate websites that have been compromised by malware, SQL injection, or other techniques, in an effort by attackers to take advantage of the trust users have invested in them. To help protect users from malicious webpages, Microsoft and other browser vendors have developed filters that keep track of sites that host malware and phishing attacks and display prominent warnings when users try to navigate to them.
The information presented here has been generated from telemetry data produced by Windows Defender SmartScreen in Microsoft Edge and Internet Explorer.
- Eight websites per hundred thousand URLs are malicious - drive-by download pages.
- 420 websites per hundred thousand internet hosts are malicious - Phishing sites.
- 890 websites per hundred thousand internet hosts are malicious - Malware hosting sites.
- Microsoft Security intelligence report, Volume 22