Microsoft’s Q1 2017 Security Intelligence Report is the 22nd edition of the report.
Produced to update customers and those in the tech industry itself on current cyber security threats and the solutions available to protect against breaches, this particular report uses quarterly data rather than bi-annual figures to give even greater visibility into the cyber threat landscape.
Key takeaways from the report are summarised below:
300% year-on-year increase in cloud attacks
As the move to the cloud continues to grow across industry and market, so the cyber criminals are increasingly targeting these cloud storage and processing areas. The greatest number of attacks are said to result from the use of weak passwords, phishing attacks, or breaches of third-party services. The report stresses the importance of creating a unique password for every application used or website visited, reinforcing best practice of never using the same password across multiple accounts.
Drive-by download sites
The paper highlights a figure from Bing, reporting 0.17 drive-by download pages per 1,000 web pages within its index for March 2017. These drive-by download sites can host multiple exploits, targeting vulnerabilities in web browsers and browser add-ons, with the result that these users can experience malware installations purely by visiting a website – without actually downloading a file. Download pages are hosted on legitimate websites, with users covertly redirected to exploited pages, and malware downloaded secretly onto the user’s device.
Ransomware attacks increasing
Microsoft reports a marked rise in incidents of ransomware attacks, as examples the recent WannaCry and Petya attacks, which affected thousands worldwide. In particular, there has been a significant increase in attacks targeting eastern Europe, and notably the Czech Republic, Hungary, Romania and Croatia.
Implementing updates and patches
A major message from the report reinforces the importance of regularly updating and implementing patches for operating systems and applications. Microsoft also highlights the necessity of ensuring that security policies are enforced – whether regulating access to sensitive data or restricting network access to approved users. A further recommendation is to ban use of public Wi-Fi services for corporate purposes.
Phishing site impressions
Microsoft collates information about phishing sites and phishing impressions produced by users who have enabled the Phishing Filter or SmartScreen Filter in Internet Explorer, and who subsequently receive a warning about accessing a known phishing site. The report notes a reduction in number of phishing sites in the online service industry during Q1 2017, but stresses that 40 percent of all phishing sites operational are still within this sector, with 37 percent financially focused (an increase of six percent).
Microsoft reinforces the need for organisations as a whole as well as individual users within the organisation to be continually alert to the potential of cyberattack, and observe practices and procedures to minimise the spread of malware.