Microsoft today released the latest edition of the Microsoft Security Intelligence Report (SIR) and it is now available for download. The Microsoft Security Intelligence Report (SIR) analyzes the threat landscape of exploits, vulnerabilities, and malware using data from Internet services and over 600 million computers worldwide. Threat awareness can help you protect your organization, software, and people. This new edition of the report includes threat data from the second half of 2015 as well as longer term trend data on industry vulnerabilities, exploits, malware, and malicious websites. It also includes threat data for over 100 countries/regions.
Adobe Flash remained the most vulnerable software on Windows. After accounting for almost half of object detections during some quarters in 2014, detections of Java applets on malicious pages decreased to negligible levels by 4Q15. Detections of malicious Silverlight objects increased from 0.5 percent in 2Q15 to 3.8 percent in 3Q15, with most of the increase targeting CVE-20151671, a TrueType font parsing vulnerability addressed by Security Bulletin MS15-044 in May 2015. Silverlight object detections decreased again in 4Q15 as attackers focused on Flash Player almost exclusively.
There is a lot of other new data in this report which are interesting.
Microsoft has also added couple of new sections in this volume of the SIR.
First, the report includes a section called “PLATINUM: Targeted attacks in South and Southeast Asia.” This section provides details on a newly discovered determined adversary group, which Microsoft has code-named PLATINUM. This group has conducted several cyber espionage campaigns since 2009, focusing on targets associated with governments and related organizations in southeast Asia.
The other section called “Protecting Identities in the Cloud: Mitigating Password Attacks.” This section of the report focuses on some of the things that Microsoft does to prevent account compromise inside our cloud services.
Download the report here from Microsoft.