Security professionals know there’s no silver bullet to achieve perfect security—the volume and magnitude of cyber threats vary considerably depending on country and threat type. For example, during the second half of 2015 (2H15), encounter rates for some types of threats in Russia and Brazil were nearly three times the worldwide average. Of the ten most commonly encountered threat families in Russia in 2H15, five were trojans, including Win32/Peals, Win32/Skeeyah, Win32/Dynamer, and Win32/Spursint. And in Brazil, Suptab and the downloader/dropper families Win32/Sventore and Win32/Banload topped the threat list.
To help track the constantly shifting security terrain and meet demand for insights, twice each year Microsoft publishes the Security Intelligence Report (SIR), a comprehensive security analysis based on data we collect from around the world. The latest findings were published in May.
A relative look at the worldwide prevalence of malware
The current SIR gives an overarching view of the security situation around the world during the second half of 2015. It also provides more granular details to help you understand specific threats facing the areas you are concerned about right now.
Here are some of the country-specific malware patterns described in the SIR:
- France and Italy both had high encounter rates for Browser Modifiers, led by Win32/SupTab and Win32/Diplugem.
- Russia had a significantly higher encounter rate for Trojans than the other locations listed, led by Win32/Peals, Win32/Skeeyah, Win32/Dynamer, and Win32/Spursint; all four Trojans disproportionately affected computers in Russia and eastern Europe in the fourth quarter of 2015.
- Worms were particularly prevalent in Brazil, led by VBS/Jenxcus, Win32/Gamarue, and JS/Bondat.
- The highest encounter rates for adware were in Brazil, France, and Italy; Win32/EoRezo was the most commonly encountered adware family in all three locations.
- Viruses were particularly prevalent in China, led by DOS/JackTheRipper and Win32/Ramnit.
The following table previews regarding the relative prevalence of various categories of malware in several locations around the world in the fourth quarter of 2015. Here are some tips for interpreting the findings:
- Within each row, darker colors indicate more prevalent categories in each location.
- Lighter colors signify that the threat category is less common.
- The locations are arranged by the number of computers that reported threat detections during the second half of 2015.
The relative prevalence of different categories of malware in the fourth quarter of 2015 in several countries around the world.
Read the full report to learn more about security threats in your region and better understand what location-specific factors may affect your ability to create a secure environment for your organization.
Factors that cause high cybersecurity infection rates
Threat dissemination can be highly dependent on language and socioeconomic factors. In addition, distribution methods can play a considerable role. For instance:
- Attackers frequently use techniques that target people based on their native language.
- For threat vectors, attackers employ online services that are local to a specific geographic region.
- In some situations, attackers target vulnerabilities or operating system configurations and applications that show up disproportionately in a given location.
Microsoft’s commitment to ongoing cybersecurity analysis
We are committed to help reduce cyber threat infection rates on a regional and global scale. The SIR is just one aspect of this work. Through the regularly updated insights it allows, we aim to help inform policymakers and IT professionals about malware trends, and arm them to act accordingly.
We encourage you to evaluate your security stance in the light of our latest SIR report, so you can help defend your organization against the most significant risks it faces.
from Microsoft Secure Blog Staff