Microsoft Security Intelligence Report 2017
The new volume of the report includes threat data from the first quarter of 2017. The report also provides specific threat data for over 100 countries/regions. As mentioned in a recent blog, using the tremendous breadth and depth of signal and intelligence from our various cloud and on-premises solutions deployed globally, Microsoft investigate threats and vulnerabilities and regularly publish this report to educate enterprise organizations on the current state of threats and recommended best practices and solutions.
In this 22nd volume, Microsoft made two significant changes:
- Data sets organized into two categories, cloud and endpoint. Today, most enterprises now have hybrid environments and it’s important to provide more holistic visibility.
- Data shared from a shorter time period, one quarter (January 2017 – March 2017), instead of the typical six months, as Microsoft shift focus to delivering improved and more frequent updates in the future.
The threat landscape is constantly changing. Going forward, Microsoft plan to improve how they share the insights, and plan to share data on a more frequent basis – so that you can have more timely visibility into the latest threat insights. They are committed to continuing our investment in researching and sharing the latest security intelligence with you, as they have for over a decade. This shift in their approach is rooted in a principle that guides Microsoft technology investments: to leverage vast data and unique intelligence to help our customers respond to threats faster.
Here are 3 key findings from the report:
As organizations migrate more and more to the cloud, the frequency and sophistication of attacks on consumer and enterprise accounts in the cloud is growing.
- There was a 300 percent increase in Microsoft cloud-based user accounts attacked year-over-year (Q1-2016 to Q1-2017).
- The number of account sign-ins attempted from malicious IP addresses has increased by 44 percent year over year in Q1-2017.
Cloud services such as Microsoft Azure are perennial targets for attackers seeking to compromise and weaponize virtual machines and other services, and these attacks are taking place across the globe.
- Over two-thirds of incoming attacks on Azure services in Q1-2017 came from IP addresses in China and the United States, at 35.1 percent and 32.5 percent, respectively. Korea was third at 3.1 percent, followed by 116 other countries and regions.
Ransomware is affecting different parts of the world to varying degrees.
- Ransomware encounter rates are the lowest in Japan (0.012 percent in March 2017), China (0.014 percent), and the United States (0.02 percent).
- Ransomware encounter rates are the highest in Europe vs. the rest of the world in Q1-2017.
- Multiple European countries, including the Czech Republic (0.17 percent), Italy (0.14 percent), Hungary (0.14 percent), Spain (0.14 percent), Romania (0.13 percent), Croatia (0.13 percent), and Greece (0.12 percent) had much higher ransomware encounter rates than the worldwide average in March 2017.
Download Volume 22 of the Microsoft Security Intelligence Report today to access additional insights: www.microsoft.com/sir.