Microsoft Security Intelligence Report Puts "Zero-Day" Threat Into Context
Max IT (14 Oct 2011)

KUALA LUMPUR, Oct. 13 (Bernama-AsiaNet)-Today at RSA Conference Europe 2011, Microsoft Corp. released its Security Intelligence Report volume 11 (SIRv11), which found that less than one percent of exploits in the first half of 2011 were against zero-day vulnerabilities, a software vulnerability successfully exploited before the vendor has published a security update, or "patch." In contrast, 99 percent of all attacks during the same period distributed malware through familiar techniques, like social engineering and unpatched vulnerabilities. Microsoft highlights that some of the more common threats can be mitigated through good security best practices.

The Microsoft Security Intelligence Report further revealed user interaction, typically employing social engineering techniques, attributed to nearly half (45 percent) of all malware propagation in the first half of 2011. Additionally, more than one third of all malware spread through cybercriminal abuse of Autorun, a feature that automatically starts programs when external media, such as a CD or USB, is inserted into a computer. Additionally, 90 percent of infections that were attributed to vulnerability exploitation had a security update available from the software vendor for more than a year.

The most common category of malware found in Malaysia in 2Q11 was Adware, which affected 35.3 percent of all infected computers, up from 34.0 percent in 1Q11. Worms were nearly as common, having affected 32.5 percent of all infected computers, down from 33.0 percent in 1Q11. While Miscellaneous Potentially Unwanted Software affected 26.6 percent of all infected computers, up from 25.7 percent in 1Q11.

CyberSecurity Malaysia, an agency under the Ministry of Science, Technology and Innovation Malaysia reports that the Cyber999 Security Incident Help Centre is handling an increasing number of security incidents this year. From January to September 2011, Cyber999 handled 11,930 incidents, 38.0 percent of which took place in Q3.

"Malaysian Internet users continue to be vulnerable to online fraud. From January to September 2011, Cyber999 has already recorded 4,175 incidents compared to only 2,212 incidents in all of 2010," said Lt Col Prof Dato' Husin Jazri (Retired), Chief Executive Officer, CyberSecurity Malaysia. "The reason of the increasing number of incidents is because Internet users are not coping well with the variation of cyber security matters and safety risks that occur each day via their emails, social media applications and online business transaction."

"CyberSecurity Malaysia is responding to these threats by pushing for more awareness programs to educate different kinds of users, driving adherence to best practices and standards in IT security, and engaging in international collaboration to improve IT security as a whole," said Husin

"The insights about global online threats, including zero-days, from Microsoft's Security Intelligence Report helps all IT users better prioritize defenses to more effectively manage risk. It also provides a good reminder on the importance of keeping systems up to date with the latest security protections," said Husin.

Microsoft's Security Intelligence Report includes prescriptive guidance to help educate people about commonly-known social engineering techniques, how to create strong passwords, and manage security updates. Additionally, Microsoft provides insight into reducing Autorun abuse with updates released earlier this year for Windows XP and Windows Vista (Windows 7 already included these updates) that prevent the Autorun feature from being enabled automatically for most media. Within four months of issuing the update, the number of infections from the most prolific Autorun-abusing malware families was reduced by almost 60 percent on Windows XP and by 74 percent on Windows Vista in comparison to 2010 infection rates.

"We encouragepeople to consider this information when prioritizing their security practices," said VinnyGullotto, general manager, Microsoft Malware Protection Center. "SIRv11 provides techniques and guidance to mitigate common infection vectors and its data helps remind us that we can't forget about the basics. Techniques like exploiting old vulnerabilities, Autorun abuse, password cracking and social engineering remain lucrative approaches for criminals."

To protect networks and systems,Microsoft advocates a multi-faceted approach to managing risk:

• Build products and services with security in mind -Microsoft and other vendors have invested in increased security measures, such as security-by-design, which are having an impact.Industry disclosed vulnerabilities have droppedapproximately 24 percentsince July 2010 and have been trending down over the past five years.

• Educate Customers and Employees- Companies should concentrate on educating employeeson their responsibility to security and back that up by developing and enforcing company-wide security policies in areas such as passwords.

• Upgrade to Latest Products and Services -Making the move to the most current products and services increases protections against the most prevalent online threats. For example, Windows 7 and Windows Server 2008 R2 have the lowest infection rates of any prior Windows operating systems-In the first half of 2011, Windows 7 SP1 32 bit systems were three times less likely to be infected than Windows Vista SP2 and six times less than Windows XP SP3. Windows Server 2008 R2 was 32 percent less likely to be infected than Windows Server 2003 SP2.

• Consider Cloud Services-In a cloud computing environment, the cloud vendor manages many of the security processes and procedures required to keep a system up-to-date, including the installation of security updates. Businesses and consumers constrained inmanaging the security of their computing environment can leverage cloud servicesto help offload portions of their security management.

"Organizations can choose to leverage the cloudto ensure the services they usehave the most up-to-date security protections.Cloud providers, like Microsoft, are resourced to focus on security," said Adrienne Hall, general manager, Microsoft Trustworthy Computing. "In transitioning the management of a portion of security functions, resources are freed up to focus on other areas of security or on different IT projects altogether."

Microsoft produces the Security Intelligence Report twice a year to keep the industry informed on the changing threat landscape and provide beneficial customer guidance for protecting their networks. This volume of the Security Intelligence Report provides insight into online threat data between January and June 2011and analysis of data from more than 100 geographies around the world. For more information about the Microsoft Security Intelligence Report volume 11, please visithttp://www.microsoft.com/sir.

For more information, visit www.microsoft.com