In order to create this report, the SIR team analyzed trends from data collected anonymously globally throughout the year through numerous Microsoft services and products. Over 6.5 billion security incidents were passed through the Microsoft cloud every day, and information from thousands of security researchers around the world has been gathered.
"We know the risks and invest more than $ 1 billion a year to balance the cyber war, focusing on three areas: implementing security operations that best fit our clients, developing a security technology enterprise-class type and the establishment of partnerships in the field of cyber security, necessary for a heterogeneous world. ", Adrian Georgescu, National Technology Officer, Microsoft Romania.
The Microsoft Security Intelligence report also provides data for Romania, our country registering higher percentages than world averages in all categories: pishing attacks, illegal cryptomonas mining, ransomware attacks, and malware attacks.
The biggest difference compared to the median recorded in Europe is the malware attack rate, with Romania at 7.46%, 2.13 percentage points higher than the average rate in Europe. Romania is far ahead of the Czech Republic (3.44%), but also Hungary (6.21%) and Bulgaria (7.10%) in the malware category. An even more unpleasant position in this area is held by Serbia, which records an average rate of 8.13% for the average monthly percentage of malware-affected devices, exceeding the average for Europe by 2.8 percentage points.
The second category in which Romania is positioned above the world average is the average monthly percentage of devices that have faced illicit mining of cryptomonas. The world average reaches 0.11%, while in Romania the rate reaches 0.26%. In this chapter, the Czech Republic seems to be much better positioned at a rate of only 0.09%, while Serbia, for example, exceeds the world average by 0.23 percentage points.
The main four trends outlined this year by the Microsoft Security Intelligence report are:
1. The ransomware attacks are decreasing
The decline in ransomware attacks, as seen in the 2018 data, is a relevant example of how the security community imposes limitations on cyber attackers who are forced to rethink their methods of attack. Ransomware attacks have declined globally by up to 73% from January to December 2018. Ransomware has been a huge threat to the 2017 data, and the decline over 2018 is one that can be noticed.
2. Illegal mining of cryptomonas becomes a threat
The decline of the ransomware appears to be the result of passing on new ways to monetize cyber attacks, and cryptomonas mining is one of the methods cyber attackers have used to replace it. Profitable mining coins require a huge amount of computing power, so attackers install malware on user computers to "evade" the required computing power.
A revealed trend is that as the cryptomonas value grow or decrease, the same happens with their mining rate. March 2018 is the month that recorded the highest monthly average of devices experiencing this threat, at a rate of 0.28% of total devices versus August 2018, the month at which the rate drops to 0 , 08%, further significant considering the billions of devices connected to the Internet at this time.
3. Digital software delivery systems are at risk
Attacks on the software supply chain are another trend Microsoft has been monitoring for several years. A tactic used by attackers is to incorporate a compromised component into the installation package of a legitimate application or in a software update that is then distributed to users via official channels.
These attacks can be very difficult to detect because they take advantage of users' confidence in software vendors. The report contains some examples illustrating how large these types of attacks can be, such as the use of unauthorized and / or pirated software.
The increase in adoption of Windows 10 and the use of Windows Defender for Protection, registered in 2018, are considered as potential reasons for the overall decline in malware attacks over the past year.
4. Phishing remains among the most common attack methods
Phishing continues to be a preferred method of cyber attackers. As with ransomware, it can be said that villains have changed tactics due to more sophisticated tools and techniques that have been deployed to protect users. A pishing method is known as "domain spoofing," where an attacker uses a domain of a company to use his identity. This can be done by sending emails with fake domain names that are apparently legitimate or by creating deceptive websites.
The graph provided by SIR regarding the percentage of pishing emails detected from the total volume of emails analyzed anonymously by Microsoft worldwide shows an average of 0.38% in 2018, with an increase towards the end of the year, in November recording an average of 0.55% of all communication via email globally.