REDMOND, Wash. April 25, 2012
According to the SIRv12, quarterly detections of the Conficker worm have increased by more than 225 percent since the beginning of 2009. In the fourth quarter of 2011 alone, Conficker was detected on 1.7 million systems worldwide. In examining the reasons behind Conficker’s prevalence in organizations, research showed that 92 percent of Conficker infections were a result of weak or stolen passwords, and 8 percent of infections exploited vulnerabilities for which a security update exists.
The SIRv12 also revealed that many of the threats often referred to as Advanced Persistent Threats (APTs) are no more advanced or sophisticated than other types of attacks. In most cases, these attacks leverage known vectors such as exploiting weak or stolen passwords and vulnerabilities for which security updates exist, but their success lies in the persistence and determination in trying different tactics to compromise the target. This is why Microsoft refers to these types of threats as Targeted Attacks performed by Determined Adversaries, rather than APTs.
"Labeling cyberthreats as ‘advanced’ is often times misleading and can divert organizations’ attention away from addressing basic security issues, which can prevent more common threats from infiltrating their systems," Rains said. "Most attacks do not possess new, super-advanced techniques or technology as the APT label implies; in the majority of cases, they simply exploit weak or stolen passwords or vulnerabilities for which a security update exists and employ social engineering."
Microsoft recommends that customers and businesses adhere to the following security fundamentals to help ensure they are protected:
- Use strong passwords and educate employees on their importance
- Keep systems up to date by regularly applying available updates for all products
- Use antivirus software from a trusted source
- Invest in newer products with a higher quality of software protection
- Consider the cloud as a business resource
July 2011 December 2011 http://www.microsoft.com/sir
Founded in 1975, Microsoft (Nasdaq "MSFT") is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.
SOURCE Microsoft Corp.