The study also revealed the worm continues to spread because of weak or stolen passwords and vulnerabilities for which a security update exists.
According to the SIRv12, quarterly detections of the Conficker worm have increased by more than 225 per cent since the beginning of 2009. In the fourth quarter of 2011 alone, Conficker was detected on 1.7 million systems worldwide. In examining the reasons behind Conficker’s prevalence in organisations, research showed that 92 per cent of Conficker infections were a result of weak or stolen passwords, and 8 per cent of infections exploited vulnerabilities for which a security update exists.
“Conficker is one of the biggest security problems we face, yet it is well within our power to defend against,” said Tim Rains, director of Microsoft Trustworthy Computing. “It is critically important that organisations focus on the security fundamentals to help protect against the most common threats.”
The SIRv12 also revealed that many of the threats often referred to as Advanced Persistent Threats (APTs) are no more advanced or sophisticated than other types of attacks. In most cases, these attacks leverage known vectors such as exploiting weak or stolen passwords and vulnerabilities for which security updates exist, but their success lies in the persistence and determination in trying different tactics to compromise the target. This is why Microsoft refers to these types of threats as Targeted Attacks performed by Determined Adversaries, rather than APTs.
“Labeling cyberthreats as ‘advanced’ is often times misleading and can divert organisations’ attention away from addressing basic security issues, which can prevent more common threats from infiltrating their systems,” Rains said. “Most attacks do not possess new, super-advanced techniques or technology as the APT label implies, in the majority of cases, they simply exploit weak or stolen passwords or vulnerabilities for which a security update exists and employ social engineering.”
Microsoft recommends that customers and businesses adhere to the following security fundamentals to help ensure they are protected:
“With organisations being presented with significant amounts of data and media reports on cyberthreats, the SIRv12 gives us good perspective on recent trends in the global threat landscape,” said Bob Rodger, global head of IT Infrastructure Security at HSBC. “The report, in combination with other sources of intelligence, assists us to more accurately and effectively invest, prioritise and make informed decisions about our security infrastructure to ensure that our business continues to be optimally protected from threats.”
For businesses, as Scott Charney, corporate vice president of Microsoft Trustworthy Computing, outlined in his keynote presentation at RSA 2012, Microsoft recommends a more holistic approach to risk management to help protect against both broad-based and targeted attacks, including the following:
Microsoft produces the SIR twice per year to keep the industry informed on the changing threat landscape and provide actionable guidance for customers in an effort to create safer more trusted computing experiences for everyone. The latest report, volume 12, provides insight into online threat data with new information for July 2011 through December 2011 and analysis of data from more than 100 countries and regions around the world.
What the stars mean:
★ Poor ★ ★ Promising ★★★ Good ★★★★ Very good ★★★★★ Exceptional