We’ve just published hundreds of pages of new threat intelligence available for free download at www.microsoft.com/sir.

This includes threat data from the first half of 2015 as well as longer term trend data on the industry vulnerabilities, exploits, malware, and malicious websites that your organization should use to assess your current security posture. We are also providing threat data for over 100 countries/regions.

Additionally, this volume of the report includes a case study and profile on a determined adversary code name “Strontium.” This case study provides insight into the techniques that these modern threat actors are using. My colleagues in the Microsoft Malware Protection Center have written an article on Strontium that will give you more details and context: http://blogs.technet.com/b/mmpc/archive/2015/11/18/microsoft-security-intelligence-report-strontium.aspx.

Also included in this volume of the report is an in-depth look at the malware behind much of the bank fraud that has characterized the threat landscape in Brazil for the better part of the last decade. This is required reading for financial services customers.

One of my favorite new data-sets in this report is exploit detection data from the IExtensionValidation interface in Internet Explorer 11. Essentially this interface enables real-time security software to block ActiveX controls from loading on malicious web pages. When Internet Explorer loads a webpage that includes ActiveX controls, if the security software has implemented IExtensionValidation, the browser calls the security software to scan the HTML and script content on the page before loading the controls themselves. If the security software determines that the page is malicious (for example, if it identifies the page as an exploit kit landing page), it can direct Internet Explorer to prevent individual controls or the entire page from loading. The interface helps protect our customers and the data it provides helps us understand how attackers are evolving their web-based attacks such as drive-by download attacks and watering hole attacks. The data in figure 1 shows how attackers have shifted from attacking Flash and Java controls in almost the same frequency to targeting Flash almost 100% of the time. This illustrates the importance of ensuring that Flash is being patched efficiently in your environment.

Figure 1: ActiveX controls detected on malicious webpages through IExtensionValidation, 3Q14–2Q15, by control type
111615_01

And of course, the report also contains the guidance your organization can use to protect its data and assets.

You can download Volume 19 of the Microsoft Security Intelligence Report at www.microsoft.com/sir.

Tim Rains
Chief Security Advisor
Worldwide Cybersecurity & Data Protection