The Microsoft Incident Response team takes swift action to help contain a ransomware attack and regain positive administrative control of the customer environment.
The latest volume of the Microsoft Security Intelligence Report is now available for free download at www.microsoft.com/sir.
This new volume of the report includes threat data from the first quarter of 2017. The report also provides specific threat data for over 100 countries/regions. As mentioned in a recent blog, using the tremendous breadth and depth of signal and intelligence from our various cloud and on-premises solutions deployed globally, we investigate threats and vulnerabilities and regularly publish this report to educate enterprise organizations on the current state of threats and recommended best practices and solutions.
In this 22nd volume, we’ve made two significant changes:
- We have organized the data sets into two categories, cloud and endpoint. Today, most enterprises now have hybrid environments and it’s important to provide more holistic visibility.
- We are sharing data from a shorter time period, one quarter (January 2017 – March 2017), instead of the typical six months, as we shift our focus to delivering improved and more frequent updates in the future.
The threat landscape is constantly changing. Going forward, we plan to improve how we share the insights, and plan to share data on a more frequent basis – so that you can have more timely visibility into the latest threat insights. We are committed to continuing our investment in researching and sharing the latest security intelligence with you, as we have for over a decade. This shift in our approach is rooted in a principle that guides Microsoft technology investments: to leverage vast data and unique intelligence to help our customers respond to threats faster.
Here are 3 key findings from the report:
As organizations migrate more and more to the cloud, the frequency and sophistication of attacks on consumer and enterprise accounts in the cloud is growing.
- There was a 300 percent increase in Microsoft cloud-based user accounts attacked year-over-year (Q1-2016 to Q1-2017).
- The number of account sign-ins attempted from malicious IP addresses has increased by 44 percent year over year in Q1-2017.
Cloud services such as Microsoft Azure are perennial targets for attackers seeking to compromise and weaponize virtual machines and other services, and these attacks are taking place across the globe.
- Over two-thirds of incoming attacks on Azure services in Q1-2017 came from IP addresses in China and the United States, at 35.1 percent and 32.5 percent, respectively. Korea was third at 3.1 percent, followed by 116 other countries and regions.
Ransomware is affecting different parts of the world to varying degrees.
- Ransomware encounter rates are the lowest in Japan (0.012 percent in March 2017), China (0.014 percent), and the United States (0.02 percent).
- Ransomware encounter rates are the highest in Europe vs. the rest of the world in Q1-2017.
- Multiple European countries, including the Czech Republic (0.17 percent), Italy (0.14 percent), Hungary (0.14 percent), Spain (0.14 percent), Romania (0.13 percent), Croatia (0.13 percent), and Greece (0.12 percent) had much higher ransomware encounter rates than the worldwide average in March 2017.
Download Volume 22 of the Microsoft Security Intelligence Report today to access additional insights: www.microsoft.com/sir.