Microsoft's 23rd bi-annual Security Intelligence Report (SIR) focuses on three topics: the disruption of the Gamarue (aka Andromeda) botnet, evolving hacker methodologies, and ransomware.
It draws on the data analysis of Microsoft's global estate since February 2017, including 400 billion email messages scanned, 450 billion authentications, and 18+ billion Bing webpage scans every month; together with the telemetry collected from the 1.2 billion Windows devices that opt in to sharing threat data with Microsoft.
In partnership with ESET, Microsoft had been researching the Gamarue infrastructure and 44,000 associated malware samples, since December 2015. Details on 1,214 C&C domains and IPs, 464 distinct botnets and more than 80 malware families were collected and handed to law enforcement agencies around the world.
A significant volume of phishing-based email messages at the very end of the year 2017. Phishing was the #1 threat vector (> 50%) for Office 365-based email threats in the second half of calendar year 2017.
Ransomware is the third major topic discussed in SIR. Last year was rocked by WannaCry, NotPetya and Bad Rabbit. The first two of these rapidly became global in extent using an exploit known as EternalBlue; code publicly released by the Shadow Brokers.
Three most commonly encountered ransomwares in 2017 were Android LockScreen, WannaCry and Cerber. LockScreen is interesting since it is Android malware that crosses to Windows devices when users sync their phones or download Android apps, usually side loading from outside of the Google Play store, via Windows.
It draws on the data analysis of Microsoft's global estate since February 2017, including 400 billion email messages scanned, 450 billion authentications, and 18+ billion Bing webpage scans every month; together with the telemetry collected from the 1.2 billion Windows devices that opt in to sharing threat data with Microsoft.
In partnership with ESET, Microsoft had been researching the Gamarue infrastructure and 44,000 associated malware samples, since December 2015. Details on 1,214 C&C domains and IPs, 464 distinct botnets and more than 80 malware families were collected and handed to law enforcement agencies around the world.
A significant volume of phishing-based email messages at the very end of the year 2017. Phishing was the #1 threat vector (> 50%) for Office 365-based email threats in the second half of calendar year 2017.
Ransomware is the third major topic discussed in SIR. Last year was rocked by WannaCry, NotPetya and Bad Rabbit. The first two of these rapidly became global in extent using an exploit known as EternalBlue; code publicly released by the Shadow Brokers.
Three most commonly encountered ransomwares in 2017 were Android LockScreen, WannaCry and Cerber. LockScreen is interesting since it is Android malware that crosses to Windows devices when users sync their phones or download Android apps, usually side loading from outside of the Google Play store, via Windows.
Post A Comment:
0 comments: