Professional Documents
Culture Documents
Cybersecurity:
A Quick Guide to
the Most Important
Insights in Security
For 10 years, Microsoft has been studying and analyzing the
threat landscape of exploits, vulnerabilities, and malware.
Weve used data gathered from more than 600 million com-
puters worldwide to develop one of the most complete se-
curity data sets in the world. Our year-round research is then
collected and published in The Microsoft Security Intelligence
Report, a globally accredited, 160-page report that compre-
hensively addresses the security landscape.
Why it matters
Vulnerability disclosures are revelations second halves of 2015, to just above 3,300.
of software vulnerabilities to the public at These are the high-severity vulnerabilities that
large. Disclosures can come from a variety of security teams dread as they might enable
sources, including publishers of the affected remote attackers. With more than 6,000 vul-
software, security software vendors, indepen- nerabilities publicly disclosed per year across
dent security researchers, and even malware the industry, its extremely important that all
creators. Attackers and malware routinely software in your IT environment gets assessed
attempt to use unpatched vulnerabilities to and updated on a regular basis. Install soft-
compromise and victimize organizations. ware patches promptly, monitor networks for
Vulnerability disclosures across the industry suspicious activity, and quarantine devices
increased 9.4 percent between the first and that exhibit unusual behavior.
Encounters with Java
exploits are on the decline.
Why it matters
Attackers used to favor Java exploita- their efforts now on higher priority risks.
tion, but that is no longer the case. This Java users should continue to install se-
decrease is likely the result of several curity patches as they become available
important changes in the way web to continue guarding against potential
browsers evaluate and execute Java future attacks.
applets. Security teams can prioritize
Consumer computers
encounter 2X the number of
threats as compared to
enterprise computers.
16%
14%
12%
10%
8%
6%
4%
2%
Browser Trojans WormsS oftware Downloaders Obfuscators Adware Exploits Viruses Other Backdoors Randomware Password
Modifers Bundlers & & Stealers &
Droppers Injectors Monitoring
Tools
Domain Non-domain
Why it matters
Enterprise environments typically implement an issue for organizations and staying up-to-date
defense-in-depth measures, such as enterprise with security updates and the latest software is their
firewalls, that prevent a certain amount of malware best defense. Despite these trends, you can secure
from reaching users computers. Consequently, your companys assets by understanding the threat
enterprise computers tend to encounter malware at landscape and devising a security strategy across
a lower rate than consumer computers. The en- all fronts, including: identity and access credentials,
counter rate for consumer computers was about 2.2 apps and data, network devices and infrastructure.
times as high as the rate for enterprise computers. By adopting a proactive security stance and taking
Meanwhile, enterprise (domain-based) computers advantage of the latest in multi-factor authentica-
encountered exploits nearly as often as consumers tion, machine learning and analytics technologies,
computers (non-domain), despite encountering you can harden your companys defenses against
less than half as much malware as non-domain cyberattacks, and be equipped to respond in the
computers overall. This tells CISOs that exploits are event of a breach.
Locations with the highest
malware infection rates were
Mongolia, Libya, the Palestinian
territories, Iraq, and Pakistan.
Why it matters
Malware is unevenly distributed around gional malware infection rates. This infor-
the world and each location has its own mation might help to inform future public
mix of threats. By studying the areas of policy that, in turn, could lead to reduced
the world that are highly impacted with malware infection rates in highly impact-
malware and comparing them to the ed parts of the world.
least infected parts of the world, we can
try to discover what technical, economic, A previous study is also available
social, and political factors influence re-
Exploit kits account for
40 percent of the most
commonly encountered
exploits.
Why it matters
Exploit kits are collections of exploits bundled the appropriate security updates installed are
together and sold as commercial software or at risk of having their computers compromised
as a service. Prospective attackers buy or rent through drive-by download attacks. Exploit kits
exploit kits on malicious hacker forums and enable lower skilled attackers to perform more
through other illegitimate outlets. A typical kit sophisticated attacks.
comprises a collection of webpages that con-
Understanding which exploits and exploit kits
tain exploits for several vulnerabilities in popular
are being used by attackers helps security
web browsers and browser add-ons. When the
teams protect their organizations.
attacker installs the kit on a malicious or com-
promised web server, visitors who dont have
Adobe Flash Player objects were
the most commonly detected type
of object, appearing on more than
90 percent of malicious pages over
a one-year period.
Why it matters
This data tells security teams that at- webpages. It also illustrates the impor-
tackers have shifted their attacks host- tance of keeping Adobe Flash Player
ed on malicious web pages from Java updated. Users should prioritize
to Flash Player. Knowing this makes it installing Flash security updates to help
easier to plan mitigations for malicious protect against this rising threat.
44.2 percent of all disclosed
vulnerabilities are found in
applications other than web
browsers and operating
system applications.
Why it matters
Many security teams focus their efforts nerabilities. Otherwise, they could be
on patching operating systems and web missing the bulk of vulnerabilities in their
browsers. But vulnerabilities in those environments.
two types of software usually account To increase protection on the network,
for a minority of the publicly disclosed identify unsanctioned apps and enforce
vulnerabilities. The majority of vulner- your corporate policies regarding cloud
abilities are in applications. Security resources, and monitor activity for any-
teams need to spend appropriate time thing unusual.
on assessing and patching these vul-
Encounters with Trojans, a prevalent
category of malware that uses
social engineering to trick users,
increased by 57 percent, and
remained at elevated levels.
Why it matters
Knowledge is power! Understanding which tools. Knowing this, and looking at how the top
types of threats people in your organization are Trojans in your area of the world behave, will
most likely to encounter helps organizations help you protect your organization better.
prioritize mitigations, including training people Educate your workforce about common Tro-
to identify such threats. jan tricks, including fake web headlines with
Trojans claim to be one thing, like a document provocative titles and spoofed emails. Encour-
or video, but are really a tool that attackers use age workers to use personal devices for social
to trick people into taking some action that isnt media and web surfing instead of devices
in their best interest, like installing malware on connected to your corporate network.
their system or lowering their security settings.
This makes Trojans one of attackers favorite
The prevalence of any particular threat can vary
dramatically, depending on the country and the
nature of the threat, which is one of the reasons
why theres no silver bullet for achieving perfect
security. For example, Russia and Brazil had nearly
triple the worldwide average encounter rates for
some types of threats.
Why it matters
Understanding what strategies and similarly, with Trojans, and exploits,
tactics attackers are using in parts of and other malware. Use the data in the
the world where you have operations Security Intelligence Report to under-
will allow you to better protect those stand the threats your organization is
operations. There are parts of the most likely going to encounter and to
world where ransomware is encoun- inform your security plan.
tered far more than other locations;
In any six month period, less
than 10 percent of vulnerability
disclosures are found in
Microsoft software.
Why it matters
If your organization only focuses on Device encryption and consistent
patching vulnerabilities in your most compliance with IT rules can help
commonly used software, you are reduce the odds of a breach. If you
likely not managing all the vulner- detect suspicious behavior, block
abilities present in your IT environ- and quarantine the device off the
ment. Its important to know if you network until the threat is identified
need to take action on any of the and removed.
other nearly 3,000 vulnerabilities
that could be in your organizations
environment.
To learn more about these and other findings, download the Security Intelligence Report, or visit:
www.microsoft.com/security
2016 Microsoft Corporation. All rights reserved. This document is for informational purposes only. Microsoft makes no
warranties, express or implied, with respect to the information presented here.