Microsoft Security Report: Conficker Still Top Security Concern
According to Microsoft, the Conficker worm should continue to be a top concern in enterprise security -- even though there hasn't been a new variant seen in the wild in over two years.
Microsoft presented its warning in its Microsoft Security Intelligence Report (SIR), released today. The report compiled security information from over 600 million systems worldwide between July and December 2011 to provide analysis on the current threat landscape.
According to the report, the Conficker malware has increased 225 percent since 2009 and was documented on 1.7 million systems during the report period.
"Conficker is one of the biggest security problems we face, yet it is well within our power to defend against," said Tim Rains, director of Microsoft Trustworthy Computing, in a call discussing the report. "It is critically important that organizations focus on the security fundamentals to help protect against the most common threats."
And the top security fundamental that should be followed is implementing strong passwords. The report cited that 92 percent of Conficker infections in organizations were caused by either weak or stolen passwords. The remaining eight percent of infections were caused by exploiting a hole in unpatched software.
In other security news, Microsoft reported that overall vulnerability disclosures were down 10 percent compared with such disclosures made in the first half of 2011. It's a downward trend that has been holding steady since 2006. Microsoft cited overall improved security protocols by software firms as being responsible for this improved trend.
"This trend is likely because of better development practices and quality control throughout the industry, which results in more secure software and fewer vulnerabilities from major vendors, who are most likely to have their vulnerabilities associated with a distinct CVE [common vulnerabilities and exposure] identifier," the SIR report states.
Industry-wide, vulnerabilities were also down for the second half of 2011. High-risk vulnerabilities dropped by 31.1 percent. Medium-risk vulnerabilities, which made up the largest amount of disclosures, fell slightly by 3.5 percent compared to the the first half of that year. Low-complexity vulnerabilities also had a sizeable decrease, dropping 13.7 percent, according to the SIR report.
The report also categorized vulnerabilities by type. Those vulnerabilities found in applications were responsible for 71.2 percent of all disclosed holes. OS vulnerabilities had a sizeable decrease over the first quarter of 2011, dropping by 34.7 percent. Microsoft-specific holes accounted for 6.4 percent of all reported vulnerabilities -- a decrease of 6.8 percent, according to Microsoft's report.
The rate of malware detection during the second half of last year decreased by 1.7 percent in the United States, while Germany (up 30.4 percent) and Russia (up 28.5 percent) had the biggest changes in malware detection.
"Detections and removals in individual countries/regions can vary significantly from quarter to quarter," said Microsoft in the report. "Increases in the number of computers with detections can be caused not only by increased prevalence of malware in that location, but also by improvements in the ability of Microsoft antimalware solutions to detect malware."
During Microsoft's telephone conference call, Rains said that the best approach for organizations with regard to security is to adopt a holistic approach to guard against both targeted and broad-based attacks. The approach should focus on prevention, detection, containment and recovery.
Microsoft's full SIR report can be found here.