Microsoft Security Intelligence Report Vol. 24 January - December 2018

Brink

Staff member
mvp
The 24th edition of the Microsoft Security Intelligence Report (SIR) is now available. And this year, I’m thrilled to share that not only can you download the PDF, but you can also visit an online, interactive version that provides tools to filter and deep dive into the data. This edition of the report is a reflection on last year’s security events and includes an overview of the security landscape, lessons learned from the field, and recommended best practices. I know you may find some of the trends, such as the increase in cryptocurrency mining and supply chain activity, worrisome. But I also hope you’re encouraged to learn that the defensive techniques we’ve taken as a security community are paying off: there is good evidence that bad actors have been forced to change their tactics.

30576

To create this report, the SIR team culled core insights and key trends out of a year’s worth of data from multiple, diverse sources. We analyzed the 6.5 trillion security signals that go through the Microsoft cloud every day. We gathered insights from thousands of security researchers based around the world, and we learned lessons from real-world experiences, like the Ursnif campaign and the Dofoil coin-miner outbreak. There is a lot going on, but the SIR team distilled the data down into four key trends:

  • Ransomware attacks are on the decline.
  • Cryptocurrency mining is prevalent.
  • Software supply chains are at risk.
  • Phishing remains a preferred attack method.
Ransomware attacks are on the decline

The decline of ransomware attacks that we saw in the 2018 data is a great example of how the security community is pushing bad actors to adjust. Just last year, we highlighted the large threat that ransomware played in the 2017 data, so this decline is notable. We believe that attackers have shifted from this highly visible method to more stealth attacks because users have gotten smarter about how they respond.

Cryptocurrency mining is prevalent

The decline in ransomware is good news; however, on the flip side we are seeing cryptocurrency mining to be prevalent. This is one of the methods that attackers have deployed in lieu of ransomware. Mining coins profitably requires an immense amount of computing power to perform complex calculations, so attackers install malware on users’ computers to “steal” the necessary computing power. The SIR report provides a great overview of how cryptocurrency works and other factors driving this trend.

Software supply chains are at risk

Software supply chain attacks are another trend that Microsoft has been tracking for several years. One supply chain tactic used by attackers is to incorporate a compromised component into a legitimate application or update package, which then is distributed to the users via the software. These attacks can be very difficult to detect because they take advantage of the trust that users have in their software vendors. The report includes several examples, including the Dofoil campaign, which illustrates how wide-reaching these types of attacks are and what we are doing to prevent and respond to them.

Phishing remains the preferred method of attack

It’s probably not surprising that phishing continues to be a popular method of attack, and we expect that to continue for the foreseeable future. The good news: much like ransomware, bad actors have shifted tactics in response to the more sophisticated tools and techniques that have been deployed to protect users. We uncovered a lot of details about these new phishing methods that we hope you find useful in your fight to defend against them.

Learn more

When I was a practitioner, I sought out reports like these to help me better understand attacker techniques and plan my defenses accordingly. I hope you find the insights, tips, and best practices that we’ve pulled together just as helpful. Download volume 24 of the Microsoft Security Intelligence Report and then dig into the data specific to your region in the interactive website. The site will be updated monthly, so you can keep up with emerging data and insights throughout the year.

Also, later in March, join me and my colleague, Jonathan Trull, for a webinar where we’ll dissect these trends in more detail and share best practices to help you protect your organization.

The SIR serves to share some of the intelligence and insights that Microsoft generates as part of our broader security operations work, but it is not the whole story. Please also make sure to check out today’s announcements on new Microsoft security innovations aimed at helping defenders capitalize on the latest security intelligence and protections to help them stay ahead in the evolving cybersecurity landscape.

Source: Microsoft Security Intelligence Report Volume 24 is now available - Microsoft Security

Read report: Microsoft Security Intelligence Report Vol. 24 January - December 2018 (PDF)
 

My Computers

System One System Two

  • Operating System
    Windows 10 Pro 64-bit
    Manufacturer/Model
    Custom
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    250GB Samsung 960 EVO M.2,
    256GB OCZ Vector,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Mouse
    Logitech MX Master
    Keyboard
    Logitech wireless K800
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone
  • Operating System
    Windows 10 Pro
    Manufacturer/Model
    HP Envy Y0F94AV
    CPU
    i7-7500U @ 2.70 GHz
    Memory
    16 GB DDR4-2133
    Graphics card(s)
    NVIDIA GeForce 940MX
    Sound Card
    Conexant ISST Audio
    Monitor(s) Displays
    17.3" UHD IPS touch
    Screen Resolution
    3480 x 2160
    Hard Drives
    512 GB M.2 SSD
Top