the threat landscape in canada - sector rains... · 2019-02-11 · family most significant category...
TRANSCRIPT
0.0
1.0
2.0
3.0
4.0
5.0
6.0
7.0
8.0
9.0
10.0
1 2 3 4 5 6 7 8 9 10
Com
pute
rs c
leaned p
er
1,0
00 s
canned (
CC
M)
Worldwide
Canada
United States
United Kingdom
France
10.0%
11.0%
12.0%
13.0%
14.0%
15.0%
16.0%
17.0%
18.0%
19.0%
1 2 3 4
Perc
enta
ge o
f com
pute
rs e
ncounte
ring m
alw
are
Worldwide
Canada
10.0%
11.0%
12.0%
13.0%
14.0%
15.0%
16.0%
17.0%
18.0%
19.0%
1 2 3 4
Perc
enta
ge o
f com
pute
rs e
ncounte
ring m
alw
are Worldwide
Canada
France
United Kingdom
United States
0.0%
1.0%
2.0%
3.0%
4.0%
5.0%
6.0%
7.0%
8.0%
9.0%
10.0%
3Q12 4Q12 1Q13 2Q13
Perc
ent
of
com
pute
rs e
ncounte
ring m
alw
are
Exploits
Misc. Trojans
Trojans Downloaders and
Droppers
PWS and Monitoring Tools
WormsBackdoors
Viruses
7.9%
0.7%
4.6%
2.2%
0.4%
1.2%
0.7%
10.3%
4.7%
3.9%
2.7%
2.1%
1.3%1.2%
0.0%
2.0%
4.0%
6.0%
8.0%
10.0%
12.0%
1 2 3 4 5 6 7
Perc
enta
ge o
f com
pute
rs e
ncounte
ring m
alw
are
Series1
Series2
0.00%
0.50%
1.00%
1.50%
2.00%
2.50%
1 2 3 4
Perc
enta
ge o
f com
pute
rs e
ncounte
ring m
alw
are
CVE-2012-0507
Blacole
CVE-2010-0840
CVE-2013-0431
CVE-2012-1723
CVE-2013-0431
CVE-2013-1493
CVE-2012-1723 exploits a
vulnerability in Oracle’s
Java Runtime Environment
Blacole is an exploit kit
that attempts to exploit
vulnerabilities in Adobe,
Microsoft and Oracle
products
CVE-2013-0431 exploits a
vulnerability in Oracle’s
Java Runtime Environment
Family Most Significant Category Encounter Rate
1 JS/IframeRef Misc. Trojans 2.27%
2 Win32/Sirefef Misc. Trojans 1.68%
3 Win32/Obfuscator Misc. Trojans 1.25%
4 JS/Seedabutor Misc. Trojans 1.06%
5 CVE-2012-1723 Exploits 0.99%
6 JS/BlacoleRef Misc. Trojans 0.96%
7 Blacole Exploits 0.88%
8 ASX/Wimad Trojan Downloaders & Droppers 0.77%
9 CVE-2013-0431 Exploits 0.54%
10 CVE-2012-0507 Exploits 0.54%
0.00%
0.50%
1.00%
1.50%
2.00%
2.50%
3.00%
1 2 3 4
Perc
enta
ge o
f com
pute
rs e
ncounte
ring m
alw
are
Sirefef
Blacole
Obfuscator
Seedabutor
CVE-2012-1723
BlacoleRef
Iframeref
0.0
0.2
0.4
0.6
0.8
1.0
1.2
1.4
1.6
1 2 3 4
Com
pute
rs c
leaned p
er
1,0
00 s
canned (
CC
M) Sirefef
Redyms
Alureon
Zbot
Medfos
Tracur
Metric 3Q12 4Q12 1Q13 2Q13
Phishing sites per 1000 hosts
(Worldwide)
6.79
(5.41)
5.23
(5.10)
4.72
(4.56)
4.85
(4.24)
Malware hosting sites per 1000
hosts
(Worldwide)
8.20
(9.46)
7.99
(10.85)
7.10
(11.66)
11.80
(17.67)
Drive-by download sites per 1000
URLs
(Worldwide)
0.39
(0.56)
0.31
(0.33)
0.39
(0.50)
1.41
(1.12)
If Windows XP shares any of those vulnerabilities, attackers
will develop exploit code to take advantage of them
Between July 2012 and July 2013 Windows XP was an
affected product in 45 Microsoft security bulletins, of
which 30 also affected Windows 7 and Windows 8
Since a security update will never become available
for Windows XP to address new vulnerabilities,
Windows XP will essentially have a “zero day”
vulnerability forever
After support ends, when Microsoft releases its
monthly security updates for supported versions
of Windows, attackers will reverse engineer them
to identify any that exist in Windows XP
Attackers will have the advantage over defenders
risk
Windows
XP
Infection rate (CCM) by operating system and service pack in the fourth quarter of 2012 as
reported in the Microsoft Security Intelligence Report volume 14
The number of CVEs for which exploits were written that could have been mitigated by
enabling DEP as compared to the number of CVEs that had exploits that bypassed DEP
0
2
4
6
8
10
12
14
1 2 3 4 5 6 7
Series1 Series2
0
2
4
6
8
10
12
1 2 3 4 5 6 7Series1 Series2
evolved
Software Vulnerability Exploitation Trends: http://blogs.technet.com/b/security/archive/2013/07/25/the-impact-of-security-science-in-protecting-
customers.aspx
Microsoft Security Blog:http://blogs.technet.com/b/security/archive/2013/08/15/the-risk-of-running-windows-xp-after-
support-ends.aspx
Windows Springboard Series Blog:http://blogs.windows.com/windows/b/springboard/archive/2013/04/08/365-days-remaining-until-xp-
end-of-support-the-countdown-begins.aspx
now
Twitter@msftsecurity
Microsoft Trustworthy Computingwww.microsoft.com/twc
Microsoft Security Intelligence Reportwww.microsoft.com/sir
Microsoft Security Blogblogs.technet.com/b/security