Microsoft has released the new biannual Microsoft Security Intelligence Report and has found a 70% decline in the number of severe vulnerabilities that were exploited in Microsoft products between 2010 and 2013.
The report explains that the probability of a vulnerability being successfully exploited depends on many factors, including the type of vulnerability being exploited, the product versions being targeted, the attacker’s ability to make use of the necessary exploitation techniques, and the amount of time required to build a reliable exploit. However, the report also confirms organisations should deploy newer versions of Microsoft products, such as Windows 8.1, Internet Explorer 11, and Office 2013, to mitigate risk from several of the most commonly detected exploits.
The report also found a noticeable increase in cybercriminal activity using deceptive practices in the second half of 2013. In more than 95% of the 110 countries/regions Microsoft studied, deceptive downloads were a top threat. A second notable deceptive tactic in use was Ransomware, where cybercriminals digitally hijack a person’s machine and hold it and the files until the victim pays a fee. Between the first and second halves of 2013, the top ransomware threat encountered globally, increased by 45%. The data suggests that ransomware threats are typically geographically concentrated for periods of time.
“The security mitigations included in newer Microsoft products have raised the technical bar for would-be attackers, which may be one of the factors driving an increase in the use of deceptive tactics,” said Tim Rains, Microsoft Trustworthy Computing, in a recent blog post. “It is important to note that while deceptive tactics have increased in prevalence, there are actions people can take to help protect themselves and their organisations. Using newer software whenever possible and keeping it up to date; only downloading software from trusted sources; avoiding opening e-mail and instant messages from untrusted or unknown senders; running antivirus software and keeping it up to date; and backing up valuable data and files, make it much harder for attackers who use deceptive practices to be successful.”
Share this story