The 24th edition of the Microsoft Security Intelligence Report (SIR) is now available.
The report is a reflection on last year’s security events and includes an overview of the security landscape, lessons learned from the field, and recommended best practices.
To create this report, the SIR team culled core insights and key trends out of a year’s worth of data from multiple, diverse sources. We analyzed the 6.5 trillion security signals that go through the Microsoft cloud every day. We gathered insights from thousands of security researchers based around the world, and we learned lessons from real-world experiences, like the Ursnif campaign and the Dofoil coin-miner outbreak. There is a lot going on, but the SIR team distilled the data down into four key trends:
- Ransomware attacks are on the decline.
- Cryptocurrency mining is prevalent.
- Software supply chains are at risk.
- Phishing remains a preferred attack method.
Here is link :
Ransomware attacks are on the decline
The decline of ransomware attacks that we saw in the 2018 data is a great example of how the security community is pushing bad actors to adjust. Just last year, we highlighted the large threat that ransomware played in the 2017 data, so this decline is notable. We believe that attackers have shifted from this highly visible method to more stealth attacks because users have gotten smarter about how they respond.
Cryptocurrency mining is prevalent
The decline in ransomware is good news; however, on the flip side we are seeing cryptocurrency mining to be prevalent. This is one of the methods that attackers have deployed in lieu of ransomware. Mining coins profitably requires an immense amount of computing power to perform complex calculations, so attackers install malware on users’ computers to “steal” the necessary computing power. The SIR report provides a great overview of how cryptocurrency works and other factors driving this trend.
Software supply chains are at risk
Software supply chain attacks are another trend that Microsoft has been tracking for several years. One supply chain tactic used by attackers is to incorporate a compromised component into a legitimate application or update package, which then is distributed to the users via the software. These attacks can be very difficult to detect because they take advantage of the trust that users have in their software vendors. The report includes several examples, including the Dofoil campaign, which illustrates how wide-reaching these types of attacks are and what we are doing to prevent and respond to them.
Phishing remains the preferred method of attack
It’s probably not surprising that phishing continues to be a popular method of attack, and we expect that to continue for the foreseeable future. The good news: much like ransomware, bad actors have shifted tactics in response to the more sophisticated tools and techniques that have been deployed to protect users. We uncovered a lot of details about these new phishing methods that we hope you find useful in your fight to defend against them.