* LASN_picture_logo.jpg

 

Locks and Security News: your weekly locks and security industry newsletter
17th April 2024 Issue no. 701

Your industry news - first

 

We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.

 

Search
English French Spanish Italian German Dutch Russian Mandarin

99% of malware attacks through familiar techniques, reports Microsoft

Less than 1% of security exploits in the first half of 2011 were against zero-day or unpatched vulnerabilities, according to the latest Microsoft Security Intelligence Report (SIRv11).This means 99% of all attacks during the same period distributed malware through familiar techniques, such as social engineering and unpatched vulnerabilities.

In the report, based on data from more than 600 million systems worldwide, Microsoft highlights the fact that some of the more common threats can be mitigated through good security best practices.

Getting the basics right means that organisations can guard against most attacks, said Adrienne Hall, general manager, Trustworthy Computing Group at Microsoft.

This also means, that by switching to cloud-based managed services, organisations have the opportunity of transferring some of the risk of common threats to service providers, she told delegates at the RSA Conference Europe in London.

"Most risk are manageable, but many organisations are not doing all they can to reduce attacks and cloud-based managed services could help with that," she said.

Cloud providers, such as Microsoft, are resourced to focus on security, said Hall, and in moving the management of a portion of security functions, resources are freed up to focus on other areas of security or on different IT projects altogether.

User interaction, typically using social-engineering techniques, is attributed to 45% of all malware propagation in the first half of 2011; more than a third of all malware is spread through cybercriminal abuse of Win32/Autorun; and 90% of infections that were attributed to vulnerability exploitation had a security update available from the software supplier for more than a year.

"We encourage people to consider this information when prioritising their security practices," said Vinny Gullotto, general manager, Microsoft Malware Protection Centre.

SIRv11 provides techniques and guidance to mitigate common infection vectors, and its data helps remind us that we can't forget about the basics, he said.

"Techniques such as exploiting old vulnerabilities, Win32/Autorun abuse, password cracking and social engineering remain lucrative approaches for criminals," said Gullotto.

The report includes guidance on raising awareness about commonly known social-engineering techniques, creating strong passwords and managing security updates.

Microsoft also provides guidance on reducing Win32/Autorun abuse with updates released earlier this year for Windows XP and Windows Vista, which were included in Windows 7.

Within four months of issuing the update, Microsoft claims the number of infections from the most prolific Win32/Autorun-abusing malware families was reduced by almost 60% on Windows XP and by 74% on Windows Vista in comparison to 2010 infection rates.

19th October 2011



© Locks and Security News 2024.
Subscribe | Unsubscribe | Hall of Fame | Cookies | Sitemap