The Security Intelligence Report (SIR) is an investigation of the current threat landscape.
It analyzes exploits, vulnerabilities, and malware based on data from over 600 million systems worldwide, as well as internet services, and three Microsoft Security Centers. Data is collected by a number of different Microsoft teams partly compromised of those who work on MS Security Essentials products, Internet Explorer's Smartscreen filter and the Malicious Software Removal Tool. This year the 10th edition of this semi-annual SIR report expands on information gathered on an international level including data specific to 117 countries. This type of reports is published by Microsoft twice a year, and data collection time for the latest report is from July 2010 to December 2010.
It analyzes exploits, vulnerabilities, and malware based on data from over 600 million systems worldwide, as well as internet services, and three Microsoft Security Centers. Data is collected by a number of different Microsoft teams partly compromised of those who work on MS Security Essentials products, Internet Explorer's Smartscreen filter and the Malicious Software Removal Tool. This year the 10th edition of this semi-annual SIR report expands on information gathered on an international level including data specific to 117 countries. This type of reports is published by Microsoft twice a year, and data collection time for the latest report is from July 2010 to December 2010.
A fresh security report pointed out that with the way online fraud is becoming more diverse, social networks have become a breeding ground breeding ground for cyber criminals. Safety reported that in 2010 social network "phishing" attacks grew by 1200%. Phishing attacks typically posing as legitimate messages to attract Internet users to click on malicious links, buy rogue software, or disclose personal information.
According to Microsoft statistics, the use of social networking phishing attacks accounted for in December 2010 84.5% of the total number of phishing attacks compared in terms of early 2010 this figure was only 8.3%.
The Report outlines the emergence of two distinct types of cybercriminal. The first is a highly sophisticated, well-informed individual who pursues high-value opportunities with large payoffs. The second is an individual skilled at exploiting social relationships to con a small amount of money from a large amount of people.
At present the most prevalent methods include the use of rogue security software, phishing using social networking as the lure and adware (software that automatically plays, displays or downloads advertisements). The majority (six out of ten) of these methods use malware � corrupt software disguised as a marketing campaign or product promotion that appears legitimate. Criminals use this malware to make money through tricking users with pay-per-click schemes, false advertisements or fake security software for sale.
Additionally, rogue security software, or scareware, has quickly become one of the most common ways for cybercriminals across the globe to acquire money and private information from unassuming computer users. This software, such as Win32/FakeSpypro, appears similar to legitimate security software giving a false sense of protection, and, if trusted and clicked by the user, downloads itself and compromises systems. In 2010, Microsoft protected nearly 19 million systems from rogue security software. The top five types of rogue security software were responsible for 70 percent, or approximately 13 million, of those detections.
"While criminals work to evolve their attack methods, Microsoft and the industry will continue to collaborate with partners and customers to improve security and privacy and increase awareness. A combined effort helps to protect the broader online community from these threats and develop more secure software solutions to prevent criminals from reaping the benefits," says Graham Titterington, Principal Analyst for Ovum.
Security have suggested that computer users should update the software, the use of reliable security software, do not click or open the link not sure whether or document security.
Volume 10 (SIR v10) is the most current edition covering 2010 and contains five sections:
- Key Findings provides data and analysis produced by Microsoft security teams.
- Reference Guide gives additional information for topics covered in the Key Findings.
- Featured Intelligence spotlights the latest threat topic.
- Global Threat Assessment provides deep dive telemetry by specific country or region.
- Managing Risk offers methods for protecting your organization, software, and people.
The complete SIR v10 can be downloaded from the following link: http://download.microsoft.com/download/6/0/5/605BE103-9429-4493-898B-E3D50AB68236/Microsoft_Security_Intelligence_Report_volume_10_July-Dec2010_English.pdf
Sources and Additional Information:
No comments:
Post a Comment