Scribd
Upload
117 views1 page

Security Intelligence Report Infographic 2018 EN US PDF

Uploaded by

Andrei Sandulescu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
117 views1 page

Security Intelligence Report Infographic 2018 EN US PDF

Uploaded by

Andrei Sandulescu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Cybersecurity Threats You

Should Know About in 2018


Read the Microsoft Security Intelligence Report,
Volume 23 for a full account
Every year, Microsoft collects security and threat intelligence from their global network
and compiles the trends into the Microsoft Security Intelligence Report. To keep up with
the always evolving landscape, the Security Intelligence Report provides a thorough
analysis of security threats and how to best mitigate the top attack types.

The report investigates three main topics:

Easy Mark
Botnets Ransomware
Attack Methods

Botnets
Bots are programs that allow attackers to infect and take control of computers, and
botnets are a network of those bots controlled by command-and-control (C&C) servers.
On November 29, 2017, Microsoft’s Digital Crimes Unit tackled a leading botnet that
infected more than 23 million IP addresses: Gamarue. Find out more in the full report.

Microsoft analyzed over 44,000 malware samples that revealed


Gamarue’s sprawling infrastructure.

1,214 464 80+


domains and IP distinct botnets associated malware
addresses of the families
botnet C&C servers

Infected devices per month (after Gamarue disruption)

20,000,000

SECURIT Y
15,000,000 RECOMMENDATIONS

Use solutions that apply


10,000,000
advanced machine
learning to detect
5,000,000 Gamarue and other
types of malware.

0
December January February
2017 2018 2018

Easy Mark Attack Methods


With advancing security solutions, hackers are more apt to go after easy targets
through social engineering and are constantly evolving their tactics for maximum
efficiency. Here are two examples of low-hanging fruit; read the report for more.

Phishing
Broad-based phishing and spear phishing both rely on what’s most often cited as
security’s weakest link: people. Phishing can take many shapes, including:

Email links and Domain spoofs User impersonation


attachments

180,000,000–200,000,000
Approximate number of phishing emails Microsoft
detected each month, over three months
Domain Links to fake (November 2017 - January 2018).
impersonation SaaS apps

Cloud apps
Cloud app adoption is rising to support business productivity, but a lack
of security infrastructure could be inadvertently compromising data.

Encrypt data at rest and in transit

79% of SaaS storage apps and 86% of SaaS collaboration apps


do not encrypt data both at rest and in transit.

SaaS Storage Apps SECURIT Y


RECOMMENDATIONS
SaaS Collaboration Apps
For phishing, train
0 20 40 60 80 100
employees on identifying
Yes No and reporting suspicious
links to cut off attacks
Support for all HTTP headers session protection methods before they can do
damage. For visibility into
and control over all cloud
Only 4% of SaaS storage apps and 3% of SaaS collaboration apps
apps usage across the
support all HTTP headers session protection.
enterprise, use a cloud
access security broker
SaaS Storage Apps (CASB) security solution.

SaaS Collaboration Apps

0 20 40 60 80 100

Yes No

Ransomware
Ransomware infects and encrypts files (and sometimes entire disks) to prevent access
until a ransom is paid—and there’s no guarantee victims will regain access.

Ransomware made a real-world impact in 2017, bringing down critical services like
hospitals, transportation, and traffic systems. Here are few of the unprecedented and
devastating ransomware families responsible for the 2017 attacks:

WannaCrypt Petya/NotPetya BadRabbit SECURIT Y


RECOMMENDATIONS

Backup your data so it


can be recovered in case
of a ransomware attack.
Outbreaks of Various Ransomware Families

May 2017 June 2017 October 2017


WannaCrypt infects over Petya/NotPetya attack uses the BadRabbit poses as an Adobe Flash
230,000 computers –– the same exploit as WannaCrypt but update on compromised websites,
largest ransomware attack ever. harnesses additional methods of and spreads through compromised
spreading, making for perhaps the usernames and passwords.
most complex ransomware in 2017.

DOWNLOAD THE FULL MICROSOF T SECURIT Y INTELLIGENCE REPORT,


VOLUME 23 FOR MORE SECURIT Y INSIGHTS.

www.microsoft.com/sir

© 2018 Microsoft Corporation. All rights reserved. This document is for informational purposes only.

You might also like