{"id":13611,"date":"2012-10-10T13:02:00","date_gmt":"2012-10-10T12:02:00","guid":{"rendered":"https:\/\/aidanfinn.com\/?p=13611"},"modified":"2012-10-10T13:02:00","modified_gmt":"2012-10-10T12:02:00","slug":"microsoft-security-intelligence-report-h1-2012","status":"publish","type":"post","link":"https:\/\/aidanfinn.com\/?p=13611","title":{"rendered":"Microsoft Security Intelligence Report \u2013 H1 2012"},"content":{"rendered":"

Volume 13 (Jan-June 2012) of the Microsoft SIR has been released<\/a>.  Last year I read the same one, and Conficker was still<\/em> the number 1 malware on domain-joined computers.  What nuggets are there this year?<\/p>\n

Before we get there \u2026<\/em><\/p>\n

I heard of another report (Symantec I think) that a new kind of attack is being employed by hackers called a \u201cwater-hole attack\u201d. Much like Lions on the plains, the hackers lie in wait at locations where their prey comes to get something. So they deliberately place targeted malware on a site that they know their intended victim will visit, and wait.  And eventually *bang* they hit and take over a machine in the networks of their victim.  It\u2019s more efficient than the normal un-targeted drive-by attack.<\/p>\n

Hackers are also now attacking the supply chains of their prey.  This is a good approach if you wanted to cripple a manufacturer, e.g. hit their suppliers so the manufacturer cannot produce.  This is very effective now because of Just-in-Time manufacturing and exclusive supply contracts. The real victim (the manufacturer) can do nothing with their own IT security to defend against this.  The only solutions are business ones: demand high levels of security\/compliance in suppliers, and have varied supply chains so one down supplier does not shut down the business.<\/p>\n

And back to the main event \u2026<\/em><\/p>\n

Unsecure Supply Chains<\/u><\/strong><\/p>\n

There is a rise in malware being spread by BitTorrent, warez, legit website downloads, etc. The rise in BYOD and consumerisation of IT makes this a threat in the business. Users are downloading software outside of the traditional locked down administrator-driven controls, and they are bringing in malware. <\/p>\n

Win32\/Keygen is a common threat in this space, and the name gives away what it sells itself as \u2013 a quick way to activate software that you haven\u2019t bought or can\u2019t find a product key for: Photoshop, Nero, AutoCAD, Call of Duty, etc.  Some \u201cAdobe Flash\u201d installers were also found with malware.  These were non legit installers hosted on 3rd party sites; the user comes to a site that won\u2019t play and they\u2019re told to install an up to date version of Flash.  They do, and their PC is owned, because that was not the official installer from the Adobe site.<\/p>\n

Contrary to many misconceptions, no malware can offer 100% protection anymore.  There are just too many attacks, many of which go unreported for very long times thanks to the new zero-day black markets and their \u201croyalty for staying quiet\u201d payment schemes.  The days of the teenager in the basement are over, and this stuff is very professional now, looking to steal confidential data and financial access.<\/p>\n

What can help is a well designed BYOD scheme with isolation.  I like the App Catalog in ConfigMgr 2012.  It gives the user the flexibility of BYOD but on a corporate machine.  As for true, BYPD personally owned devices, you have to treat those as untrusted and not let them all the way in, in my opinion.  Windows To Go is a nice touch, allowing the user to use their own device but they must use a Windows 8 image on a USB 3.0 storage device that is provided and managed by the business.<\/p>\n

This kind of malware is a real threat in BYOD deployments.  Isolate those machines and only give them limited access to web apps via firewalls is my thinking.  But I can see how that\u2019s not enough, e.g. key loggers.<\/p>\n

Microsoft has a few suggestions:<\/p>\n