1 / 55

Microsoft Security Intelligence Report v7

Microsoft Security Intelligence Report v7. Ken Malcolmson Senior Product Manager Microsoft Session Code: ITS206. Vinny Gullotto General Manager Microsoft Malware Protection Center. Security Intelligence Report volume 7 (January - June 2009). Major sections cover

yasuo
Télécharger la présentation

Microsoft Security Intelligence Report v7

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Microsoft Security Intelligence Report v7 Ken Malcolmson Senior Product Manager Microsoft Session Code: ITS206 Vinny Gullotto General Manager Microsoft Malware Protection Center

  2. Security Intelligence Report volume 7(January - June 2009) • Major sections cover • Malicious software and potentially unwanted software • Email, spam and phishing threats • Focus content on • Malware and signed code • Threat combinations • Malicious Web sites • Software vulnerability exploits • Browser-based and Microsoft Office document exploits • Drive-by download exploits • Security and privacy breaches • Software vulnerability disclosures • Industry-wide vulnerability disclosures • Microsoft Security Bulletins and the Exploitability Index • Usage trends for Windows Update and Microsoft Update

  3. Security Intelligence Report volume 7Continued Evolution • Best Practices Around the World • Malware and Signed Code • Threat Combinations • Geographic Origins of Spam Messages • Reputation Hijacking • “Malvertising”: An Emerging Industry Threat • Conficker update • Automated SQL Injection Attacks • Categories of payloads delivered by Microsoft Office exploits in 1H09 • Top 10 malware families used in Office file exploits in 1H09 • 1H09 Bulletin Severity and Exploitability Index Accuracy • Security Bulletin Mitigations, Workarounds, and Attack Surface Reduction analysis • Usage Trends for Windows Update and Microsoft Update • Update service usage and software piracy rates for seven locations worldwide • Myths and Facts About Microsoft Update Services and Software Piracy

  4. Centers Supporting TwC Security TwC Security Protecting Microsoft customers throughout the entire life cycle (in development, deployment and operations) Microsoft Security Response Center (MSRC) Conception Microsoft Security Engineering Center (MSEC) EcoStrat Product Life Cycle MSRC Ops SDL MSRC Engineering Security Assurance Microsoft Malware Protection Center (MMPC) Security Science Release

  5. Customers submit data directly Security Intelligence Report Volume 7Data Sources Microsoft Malware Protection Center labs located globally

  6. Protection for customers in more than 12 countries around the world Security Intelligence Report Volume 7Data Sources

  7. Available in dozensof languages and performs millions of malware removals per year worldwide Security Intelligence Report Volume 7Data Sources safety scanner

  8. World’s most popular browser Security Intelligence Report Volume 7Data Sources SmartScreen Filter Microsoft Phishing Filter

  9. Millions of users worldwide using Forefront solutions Security Intelligence Report Volume 7Data Sources

  10. Protecting thousandsof enterprise customers and scanning billions of e-mail messages per year Security Intelligence Report Volume 7Data Sources

  11. More than 100 million users worldwide Security Intelligence Report Volume 7Data Sources

  12. More than 280 million active users worldwide Security Intelligence Report Volume 7Data Sources

  13. 450 million computers worldwide reporting monthly • 2.7 billion executions in 1H09 Security Intelligence Report Volume 7Data Sources • More than 16.5 billionexecutions since 2005 Malicious SoftwareRemoval Tool

  14. Billions of web-page scans per month Security Intelligence Report Volume 7Data Sources

  15. These data sources enable Microsoft to get data from all the relevant points of view: client, server, mail, Internet threats – globally Security Intelligence Report Volume 7Data Sources

  16. Security Intelligence Report Volume 7Data Sources • Software Vulnerability Disclosures • Common vulnerabilities and exposures Web sitehttp://www.first.org/cvss • National Vulnerability Database (NVD) Web sitehttp://nvd.nist.gov/ • Security Web sites • Vendor Web sites and support sites • Security Breach Notifications • http://datalossdb.org • Software Exploits • Variety of public sources, including exploit archives, antivirus alerts, mailing lists, security related websites • Microsoft Security Bulletinshttp://www.microsoft.com/technet/security • SecurityFocuswww.securityfocus.com

  17. Malicious and Potentially Unwanted Software www.microsoft.com/sir

  18. Malicious And Potentially Unwanted SoftwareGeographic distribution of malware – MSRT, 1H09

  19. Malicious And Potentially Unwanted SoftwareCategory trends • Miscellaneous trojans remain very prevalent • Worm infections increased significantly Computers cleaned by threat category, in percentages, 2H06-1H09

  20. Malicious And Potentially Unwanted Software Top malware and potentially unwanted families Top malware/potentially unwanted software families detected by Microsoft anti-malware desktop products worldwide in 1H09

  21. Malicious And Potentially Unwanted SoftwareOperating system trends • Infection rates of Windows Vista machines • With SP1: 61.9% less than Windows XP SP3 • With no service pack: 85.3% less than Windows XP with no service pack Number of computers cleaned for every 1,000 MSRT executions in 1H09

  22. Malicious And Potentially Unwanted SoftwareOperating system trends over time • Relative OS infection rates remain consistent over time Computers cleaned by threat category, in percentages, 2H06-1H09

  23. Malicious And Potentially Unwanted Software Threats at home and in the enterprise • Enterprise computers were more likely to encounter worms • Home computers were more likely to encounter trojans

  24. Malicious And Potentially Unwanted Software Threats at home and in the enterprise Top 5 families detected by Windows Live OneCare/Forefront Client Security in 1H09

  25. E-Mail ThreatsSpam trends and statistics • More than 97% of unwanted e-mail messages were blocked at the edge Percentage of incoming messages blocked by FOPE using edge-blocking and content filtering, 1H06-1H09

  26. E-Mail ThreatsSpam trends and statistics • Spam was dominated by product advertisements in 1H09 Inbound messages blocked by FOPE content filters, by category, in 1H09

  27. E-Mail ThreatsGeographic origins of spam messages • Most spam is sent through botnets or other automated tools • The geographic origin of spam does not necessarily indicate the physical location of the spammer Geographic origins of spam, by percentage of total spam sent, in 1H09

  28. Top Threats in GermanyDisinfected Threats by Category in 1H09

  29. Data from All Microsoft Security ProductsTop 25 Families in Germany in 1H09

  30. Lots more local data in the report • “Deep dive” information on 14 countries and regions around the world • Heatmaps – malware infection rates, phishing sites, malicious software sites, drive-by download attacks • Download the SIR for the full facts

  31. Software Vulnerability Exploit Details www.microsoft.com/sir

  32. Software Vulnerability Exploit DetailsBrowser-based exploits • Data taken from user-reported incidents, submissions of malicious code, and Windows error reports • Data from multiple operating systems and browsers Browser-based exploits, by percentage, encountered in 1H09

  33. Software Vulnerability Exploit DetailsBrowser-based exploits by system locale • The most common system locale was China (China), at 53.6% of all incidents • The second most common was United States (English), at 27.5% Browser-based exploits, by system locale, encountered in 1H08

  34. Software Vulnerability Exploit DetailsBrowser-based exploits by operating system and software vendor • On Windows XP-based machines, Microsoft vulnerabilities account for 56.4% of the exploits • On Windows Vista-based machines, Microsoft vulnerabilities account for only 15.5% of the exploits Browser-based exploits targeting Microsoft and third-party software on computers running Windows XP and Windows Vista in1H09 Windows XP machines Windows Vista machines

  35. Document File Format ExploitsMicrosoft Office Format Exploits • Data from submissions of malicious code to Microsoft • One vulnerability was the target of 71.0% of all attacks Microsoft Office file format exploits, by percentage, encountered in 1H09

  36. Document File Format ExploitsMalware dropped by Microsoft Office document exploit attacks • Nearly 90% of exploits involved a trojan or backdoor • These threats allow access to install more malware Types of malware dropped during Microsoft Office exploit attacks

  37. Security Breach Trends www.microsoft.com/sir

  38. Security Breach TrendsStudy details • Hacking and viruses less than 25 percent of all notifications in 1H09 • Most breaches resulted from stolen, lost or improperly disposed of equipment Security breach incidents, by incident type, 2H07 – 1H09

  39. Software Vulnerability Disclosure Trends www.microsoft.com/sir

  40. Security Vulnerability DisclosuresOperating system, Browser and Application Disclosures – Industry Wide • Application vulnerabilities down sharply in 1H09 • OS and browser vulnerabilities relatively stable Operating system, browser & application vulnerabilities as a percentage of all disclosures, 1H04-1H09

  41. Security Vulnerability DisclosuresMicrosoft vulnerability disclosures • Microsoft vulnerability disclosures mirror the industry totals, though on a much smaller scale Vulnerability disclosures for Microsoft and non-Microsoft products, 1H04-1H09 Non-Microsoft Microsoft

  42. Microsoft Vulnerability Exploit DetailsResponsible Disclosure Rates • Responsible disclosure rates rose to a high of 79.5% Responsible disclosures as a percentage of all disclosures involving Microsoft software, 1H05-1H09

  43. Microsoft Vulnerability Exploit DetailsSecurity Bulletins • In 1H09 Microsoft released 27 bulletins addressing 87 individual CVE-identified vulnerabilities Security bulletins released and CVEs addressed by half-year, 1H05-1H09

  44. Microsoft Vulnerability Exploit DetailsExploitability Index • The Exploitability Index has helped IT professionals prioritized deployment of security updates CVEs with exploits discovered within 30 days, by Exploitability Index rating, in 1H09

  45. Microsoft Vulnerability Exploit DetailsMitigations and workarounds in security bulletins • Microsoft gives workaround, mitigation or attack surface reduction advice where possible Workaround and mitigation status for 1H09 security bulletins

  46. Update Service Usage Over TimeMicrosoft Update and Windows Update • Adoption of Microsoft Update has risen significantly • Microsoft Update provides a more comprehensive solution than Windows Update alone Usage of Windows Update & Microsoft Update indexed to 2H05 total usage

  47. Update Service Usage ImpactThe role of automatic updating • A Windows Defender signature issued via Microsoft Update had a significant and dramatic impact on Win32/Renostrojan infections Daily Windows error reports caused by Win32/Renos on Windows Vista computers

  48. Update Service UsageRegional variations in update service usage • Usage of Microsoft updates varies worldwide • Variations are due to a variety of factors including broadband Internet connectivity, software piracy and the percentage of computers in enterprise environments Update service usage and software piracy rates for seven locations worldwide, relative to the United States

  49. Microsoft Update ServicesMyths and facts – read this when you download the SIR!

More Related