1 Phishing and Easy Attacks2 Ransomware
Microsoft bases its report on analysis of cloud services and on-premises systems. Released annually, the new Microsoft Security Intelligence Report is specifically focused on threat trends observed since February 2017. The company says all data gathered to compile the report is anonymous and comes from consumer and commercial systems. Data comes from Microsoft services like Office 365, Windows, Azure, and Bing. “At Microsoft, we have massive depth and breadth of intelligence. Across these services, each month we scan 400 billion email messages for phishing and malware, process 450 billion authentications, execute more than 18 billion web page scans, and scan more than 1.2 billion devices for threats.” The 2018 Microsoft Security Intelligence Report focuses on three main areas. Botnets are an increasing concerns and Microsoft details how they have evolved in 2017: “In November 2017, as part of a public/private global partnership, Microsoft disrupted the command-and-control infrastructure of one of the largest malware operations in the world – the Gamarue botnet. Microsoft analyzed over 44,000 malware samples, which uncovered the botnet’s sprawling infrastructure, and discovered that Gamarue distributed over 80 different malware families. The top three malware classes distributed by the Gamarue botnet were ransomware, trojans, and backdoors. The disruption resulted in a 30% drop in infected devices in just a three month-period.”
Phishing and Easy Attacks
Microsoft also details so-called easy mark attacks, such as phishing. The company says it is becoming harder and more expensive for hackers to pursue high-scale attacks due to increased security by software vendors. However, easy mark attacks present a simple and low risk way to target systems. “In 2017 we saw “low-hanging fruit” methods being used such as phishing — to trick users into handing over credentials and other sensitive information. In fact, phishing was the top threat vector for Office 365-based threats during the second half of 2017. Other low-hanging fruit for attackers are poorly secured cloud apps. In our research, we found that 79% of SaaS storage apps and 86% of SaaS collaboration apps do not encrypt data both at rest and in transit.”
Ransomware
Of course, ransomware remains a major critical concern and major attacks continued through 2017. Microsoft says this type of attack is a driver for cybercriminals as it makes them money. “During 2017, three global ransomware outbreaks—WannaCrypt, Petya/NotPetya, and BadRabbit—affected corporate networks and impacted hospitals, transportation, and traffic systems. We found that the region with the greatest number of ransomware encounters was Asia. The ransomware attacks observed last year were very destructive and moved at an incredibly rapid pace. Because of the automated propagation techniques, they infected computers faster than any human could respond and they left most victims without access to their files indefinitely.”