DOCSLIB.ORG

Microsoft Security Intelligence Report

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Microsoft Security Intelligence Report Microsoft Security Intelligence Report Volume 20 | July through December, 2015 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. Copyright © 2016 Microsoft Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Authors Charlie Anthe Dana Kaufman Anthony Penta Cloud and Enterprise Security Azure Active Directory Team Safety Platform Nir Ben Zvi Nasos Kladakis Ina Ragragio Enterprise and Cloud Group Azure Active Directory Team Windows and Devices Group Patti Chrzan Daniel Kondratyuk Tim Rains Microsoft Digital Crimes Unit Azure Active Directory Team Commercial Communications Bulent Egilmez Andrea Lelli Paul Rebriy Office 365 - Information Windows Defender Labs Bing Protection Geoff McDonald Stefan Sellmer Elia Florio Windows Defender Labs Windows Defender Labs Windows Defender Labs Michael McLaughlin Mark Simos Chad Foster Identity Services Enterprise Cybersecurity Bing Group Nam Ng Roger Grimes Enterprise Cybersecurity Vikram Thakur Microsoft IT Group Windows Defender Labs Paul Henry Niall O'Sullivan Alex Weinert Wadeware LLC Microsoft Digital Crimes Unit Azure Active Directory Team Beth Jester Daryl Pecelj Terry Zink Windows Defender Microsoft IT Information Office 365 - Information Security and Risk Protection Jeff Jones Management Corporate Communications Contributors Joey Caparas Dolcita Montemayor Henk van Roest Windows Defender Labs Windows Defender Labs CSS Security Response Team Satomi Hayakawa Wendi Okun Pete Voss CSS Japan Security Response Corporate, External, and Corporate, External, and Team Legal Affairs Legal Affairs Ben Hope Laura A.Robinson Steve Wacker Corporate Communications Microsoft IT Wadeware LLC Yurika Kakiuchi Jasmine Sesso Iaan Whiltshire CSS Japan Security Response Windows Defender Labs Windows Defender Labs Team Norie Tamura Russ McRee CSS Japan Security Response Windows and Devices Group Team ii ABOUT THIS REPORT Table of contents About this report ......................................................................................................................... vi Foreword ....................................................................................................................................... vii How to use this report ............................................................................................................... ix Featured intelligence 1 PLATINUM: Targeted attacks in South and Southeast Asia ............................................ 3 Adversary profile ............................................................................................................................... 3 Methods of attack ............................................................................................................................. 5 Technical details................................................................................................................................ 11 Exploit (CVE-2015-2545) ............................................................................................................... 22 Identity ................................................................................................................................................ 24 Guidance ............................................................................................................................................ 25 Detection indicators........................................................................................................................ 27 Protecting identities in the cloud: Mitigating password attacks ................................ 38 Fighting email spoofing with Exchange Online Protection .......................................... 48 How EOP’s antispoofing feature works ..................................................................................... 49 Antispoofing statistics .................................................................................................................... 50 Making the most of EOP’s antispoofing services .................................................................... 51 Worldwide threat assessment 53 Vulnerabilities .............................................................................................................................. 55 Industry-wide vulnerability disclosures ..................................................................................... 55 Vulnerability severity ...................................................................................................................... 56 Vulnerability complexity ................................................................................................................ 58 Operating system, browser, and application vulnerabilities................................................ 59 Microsoft vulnerability disclosures ............................................................................................... 61 Guidance: Developing secure software ..................................................................................... 61 Exploits ........................................................................................................................................... 63 Exploit families .................................................................................................................................. 65 MICROSOFT SECURITY INTELLIGENCE REPORT, VOLUME 20 (JULY–DECEMBER 2015) iii Exploit kits.......................................................................................................................................... 66 Java exploits ...................................................................................................................................... 69 Operating system exploits ............................................................................................................. 71 Document exploits .......................................................................................................................... 73 Adobe Flash Player exploits ......................................................................................................... 75 Browser exploits .............................................................................................................................. 75 Exploit detection with Internet Explorer and IExtensionValidation .................................... 76 Malware and unwanted software ..........................................................................................79 Diplugem and infection rates ....................................................................................................... 81 Brantall, Rotbrow, and Filcout...................................................................................................... 82 Malware and unwanted software worldwide .......................................................................... 82 Microsoft and partners disrupt Dorkbot botnets .................................................................... 91 Threat categories ............................................................................................................................ 93 Threat families .................................................................................................................................. 97 Home and enterprise threats ......................................................................................................106 Threats from targeted attackers ................................................................................................. 111 Potentially unwanted applications in the enterprise ............................................................ 114 Security software use .................................................................................................................... 119 Guidance: Defending against malware .................................................................................... 127 Malicious websites.................................................................................................................... 128 Phishing sites ...................................................................................................................................129 Malware hosting sites ...................................................................................................................132 Drive-by download sites ..............................................................................................................133 Guidance: Protecting users from unsafe websites ................................................................ 137 Mitigating risk 139 Malware at Microsoft: Dealing with threats in the Microsoft environment .......... 141 Antimalware usage ........................................................................................................................ 141 Malware detections ...................................................................................................................... 142 Malware infections ........................................................................................................................ 145 What IT departments
Load more

Recommended publications
  • Office 365 Via SJU Microsoft Account
    Office 365 via SJU Microsoft Account SJU email accounts are also Microsoft Accounts, allowing students to download and install Microsoft Office 2016 on up to five personal devices. To access the software, login to email through MySJU. Once logged into MySJU, click on the “Email” link, located in the top of the page. ** If you have any issues logging into Email or MySJU, Contact (718) 990-5000. ** 1. Once logged in to Outlook, access Office 365 menu by clicking in the upper left part of the page. 2. The Office 365 Installation page will appear at the top of the screen. CLICK on “INSTALL OFFICE”. The version of the installation that will appear will depend on the operating system that is being used at the time of login. If Microsoft Office for Mac is needed, the student must sign in to the website with a Mac. If the Windows version of Microsoft Office is needed, the student must sign in to the website with a Windows computer. 3. Steps on how to continue the installation will appear. If you do not see the button to click “Run.” You may have to check your Downloads folder to see if the installation has fully downloaded. Once it is completed, you can open it up to install. You must remain connected to the internet for the software to install. Office will be automatically activated with your SJU account when the install is finalized. 4. After installation is complete. Open up one of the programs, such as Microsoft Word to complete activation. Click on the prompts to get to the Sign-In page.
    [Show full text]
  • On Client Ledger System™ Software
    Focus on Client Ledger System™ Software A Financial MicroSystems, Inc. Publication • Volume 18, Issue 1 • 4th Quarter of 2012 CLS II (1.61) and CLS-DOS (6.3) Updates are Scheduled for Release December 4th Year-end CLS updates for both CLS II and CLS-DOS are currently scheduled for release December 4th. We originally planned to discontinue CLS-DOS at the end of this year, because it has become increasingly difficult for us to make the required programming changes. However, we have decided to release one final year-end update for CLS-DOS and will continue to support it through September 2013. All future development will focus on CLS II. CLS updates include the new 2012 W-2 and 1099/1098 formats for both laser-printed plain-paper and preprinted forms. Dot-matrix preprinted W-2 and 1099 forms are available only in CLS-DOS. Formats for the standard, two-up, preprinted W-2 and W-3 forms are basically unchanged for 2012. However, the 1099- MISC form has alignment changes and formats for the 1099-INT, 1099-DIV, 1099-B, 1099-C, 1098 and 1096 forms are new. All W-2 and W-3 forms (including Copy A) may be printed on plain paper. Submittable 940, 941, 943 and 944 forms may also be printed on plain paper. For 1099, 1098 and 1096 forms, all copies except Copy A may be printed on plain-paper. Copy A must be filed using “official” scannable forms (the IRS may impose a penalty for using non-scannable forms). The CLS updates also include required changes to the federal 940, 941, 943 and 944 forms for the 2012 year-end.
    [Show full text]
  • Hackers Hit Supermarket Self-Checkout Lanes, Steal Money
    December 15, 2011 INSIDE THIS ISSUE Hackers Hit Supermarket Self-Checkout Lanes, Steal Hackers Hit Supermarket Self- Money from Shoppers Checkout Lanes, Steal Money Ars Technica from Shoppers Microsoft's New Windows Criminals have tampered with the credit and debit card readers at self-checkout Defender Tool Runs Outside lanes in more than 20 supermarkets operated by a [U.S.] California chain, Windows allowing them to steal money from shoppers who used the compromised machines. The chain, Lucky Supermarkets, which is owned by Save Mart, is now inspecting the rest of its 234 stores in northern California and northern Nevada MICROSOFT and urging customers who used self-checkout lanes to close their bank and credit RESOURCES card accounts. Microsoft Security Home Related reading: Magnetic Strip Technology in Our Credit Cards Facilitates Fraud. Microsoft Trustworthy Computing Analysis: Microsoft Security Sites It is the holiday season so it seemed appropriate to report on security stories Worldwide affecting shoppers. Stories about electronic skimmers and identity theft are definitely not something new in our world today — as a matter of fact they are a daily occurrence. The availability of credit card skimmers for a really cheap price and the profit made when an identity is sold make this a very lucrative business. In the current economy people seem to be using this business model to earn extra money as indicated by these stories on the FBI [U.S. Federal Bureau of Investigation] website. While it is important to be extra careful about packages being stolen from your doorstep during the holidays, it pays to be extra vigilant about your credit card information and identity as well.
    [Show full text]
  • Windows 7 Operating Guide
    Welcome to Windows 7 1 1 You told us what you wanted. We listened. This Windows® 7 Product Guide highlights the new and improved features that will help deliver the one thing you said you wanted the most: Your PC, simplified. 3 3 Contents INTRODUCTION TO WINDOWS 7 6 DESIGNING WINDOWS 7 8 Market Trends that Inspired Windows 7 9 WINDOWS 7 EDITIONS 10 Windows 7 Starter 11 Windows 7 Home Basic 11 Windows 7 Home Premium 12 Windows 7 Professional 12 Windows 7 Enterprise / Windows 7 Ultimate 13 Windows Anytime Upgrade 14 Microsoft Desktop Optimization Pack 14 Windows 7 Editions Comparison 15 GETTING STARTED WITH WINDOWS 7 16 Upgrading a PC to Windows 7 16 WHAT’S NEW IN WINDOWS 7 20 Top Features for You 20 Top Features for IT Professionals 22 Application and Device Compatibility 23 WINDOWS 7 FOR YOU 24 WINDOWS 7 FOR YOU: SIMPLIFIES EVERYDAY TASKS 28 Simple to Navigate 28 Easier to Find Things 35 Easy to Browse the Web 38 Easy to Connect PCs and Manage Devices 41 Easy to Communicate and Share 47 WINDOWS 7 FOR YOU: WORKS THE WAY YOU WANT 50 Speed, Reliability, and Responsiveness 50 More Secure 55 Compatible with You 62 Better Troubleshooting and Problem Solving 66 WINDOWS 7 FOR YOU: MAKES NEW THINGS POSSIBLE 70 Media the Way You Want It 70 Work Anywhere 81 New Ways to Engage 84 INTRODUCTION TO WINDOWS 7 6 WINDOWS 7 FOR IT PROFESSIONALS 88 DESIGNING WINDOWS 7 8 WINDOWS 7 FOR IT PROFESSIONALS: Market Trends that Inspired Windows 7 9 MAKE PEOPLE PRODUCTIVE ANYWHERE 92 WINDOWS 7 EDITIONS 10 Remove Barriers to Information 92 Windows 7 Starter 11 Access
    [Show full text]
  • Apple Business Manager Overview Overview
    Getting Started Guide Apple Business Manager Overview Overview Contents Apple Business Manager is a web-based portal for IT administrators to deploy Overview iPhone, iPad, iPod touch, Apple TV, and Mac all from one place. Working Getting Started seamlessly with your mobile device management (MDM) solution, Apple Configuration Resources Business Manager makes it easy to automate device deployment, purchase apps and distribute content, and create Managed Apple IDs for employees. The Device Enrollment Program (DEP) and the Volume Purchase Program (VPP) are now completely integrated into Apple Business Manager, so organizations can bring together everything needed to deploy Apple devices. These programs will no longer be available starting December 1, 2019. Devices Apple Business Manager enables automated device enrollment, giving organizations a fast, streamlined way to deploy corporate-owned Apple devices and enroll in MDM without having to physically touch or prepare each device. • Simplify the setup process for users by streamlining steps in Setup Assistant, ensuring that employees receive the right configurations immediately upon activation. IT teams can now further customize this experience by providing consent text, corporate branding or modern authentication to employees. • Enable a higher level of control for corporate-owned devices by using supervision, which provides additional device management controls that are not available for other deployment models, including non-removable MDM. • More easily manage default MDM servers by setting a default server that’s based on device type. And you can now manually enroll iPhone, iPad, and Apple TV using Apple Configurator 2, regardless of how you acquired them. Content Apple Business Manager enables organizations to easily buy content in volume.
    [Show full text]
  • The Application Usage and Risk Report an Analysis of End User Application Trends in the Enterprise
    The Application Usage and Risk Report An Analysis of End User Application Trends in the Enterprise 8th Edition, December 2011 Palo Alto Networks 3300 Olcott Street Santa Clara, CA 94089 www.paloaltonetworks.com Table of Contents Executive Summary ........................................................................................................ 3 Demographics ............................................................................................................................................. 4 Social Networking Use Becomes More Active ................................................................ 5 Facebook Applications Bandwidth Consumption Triples .......................................................................... 5 Twitter Bandwidth Consumption Increases 7-Fold ................................................................................... 6 Some Perspective On Bandwidth Consumption .................................................................................... 7 Managing the Risks .................................................................................................................................... 7 Browser-based Filesharing: Work vs. Entertainment .................................................... 8 Infrastructure- or Productivity-Oriented Browser-based Filesharing ..................................................... 9 Entertainment Oriented Browser-based Filesharing .............................................................................. 10 Comparing Frequency and Volume of Use
    [Show full text]
  • Onenote Preview
    OneNote Preview Quick Start Guide We’ve created a touch version of OneNote for your Windows 10 tablet. Use this guide to learn the basics. Explore the OneNote toolbox Concentrate on your ideas instead of your files Undo your mistakes Look through the ribbon to see what this version of OneNote saves your notebook files automatically and continually, so you When you’re working in tablet mode without a keyboard, OneNote can do. Tap the same tab to hide its commands. can always focus on your work. tap the Undo button to quickly erase mistakes. Tag important notes Tap here to browse and apply tags to selected notes on the current page. Navigate and search Use page titles Tap here to search or print your notes, go to a specific Label your notes with notebook, or set options. meaningful titles for better search results later. View and manage notes Draw, write, or sketch Tap a page tab to view its notes, Notes don’t have to be walls of or press and hold a page tab to text. Use the drawing tools to see more options. get creative. OneNote Preview Access your notes anywhere Jot down and recall with ease What good are notes, plans, and ideas if they’re trapped on a computer at home or OneNote never runs out of paper. To create new pages, tap the plus sign [+] at the at the office? Keep all of your notebooks available to you at every turn by signing top of the sidebar. In the Recent Notes list, tap the name of the page that you want into OneNote with your free Microsoft account when you first start the app.
    [Show full text]
  • Microsoft 365 Onedrive Frequently Asked Questions
    MICROSOFT 365 ONEDRIVE FREQUENTLY ASKED QUESTIONS What is OneDrive for Business? OneDrive is an integral part of Office 365. OneDrive is a Microsoft-hosted location where employees can store and share files and access files from anywhere using any Internet-connected device. How does OneDrive for Business work? Getting started with OneDrive for Business is easy. You can add files already on your computer to OneDrive by either copying them over or moving them from your computer through drag-and- drop. When you save new files, you can choose to save them to OneDrive so you can get to them from any device and share them with other people. And, if your computer has a built-in camera, you can automatically save copies of the photos in your camera roll to OneDrive, so you'll always have a backup. How can I benefit from using OneDrive? Here are a number of ways you can benefit from using OneDrive: Automatically save a backup copy of your files. Access your files from anywhere. Easily switch between different devices. Share files with whomever you want – whenever you want. Free access to Office online. Do I have to install the OneDrive app on all my computers? No. If you don't want to keep all the files in your OneDrive on a computer, you can still work with your OneDrive on that computer by going to the OneDrive website. How should I prepare for my files to be moved to OneDrive? The process of moving your files is relatively simple. While your files are moving, you may not edit them, so plan on doing other work tasks that do not require you to work within your files.
    [Show full text]
  • Secure Software Distribution System
    SECURE SOFTWARE DISTRIBUTION SYSTEM Tony Bartoletti ([email protected]), Lauri A. Dobbs ([email protected]), Marcey Kelley ([email protected]) Computer Security Technology Center Lawrence Livermore National Laboratory PO Box 808 L-303 Livermore, CA 94551 June 18, 1997 Abstract Authenticating and upgrading system software plays a critical role in information security, yet practical tools for assessing and installing software are lacking in today’s marketplace. The Secure Software Distribution System (SSDS) will provide automated analysis, notification, distribution, and installation of security patches and related software to network-based computer systems in a vendor-independent fashion. SSDS will assist with the authentication of software by comparing the system’s objects with the patch’s objects. SSDS will monitor vendors’ patch sites to determine when new patches are released and will upgrade system software on target systems automatically. This paper describes the design of SSDS. Motivations behind the project, the advantages of SSDS over existing tools as well as the current status of the project are also discussed. Keywords: security, distributed, software management DISCLAIMER This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or the University of California.
    [Show full text]
  • Microsoft Security Intelligence Report
    Microsoft Security Intelligence Report VOLUME 23 Table of Contents Foreword...............................................................................................III Section 3: Wrestling ransomware............................................29 Analysis and explanation................................................................................30 Executive Summary........................................................................IV Solutions and recommendations.................................................................34 Section 1: Breaking botnets.........................................................5 Additional noteworthy threat intelligence.........................36 Analysis and explanation.................................................................................6 Cloud threat intelligence................................................................................37 Solutions and recommendations...............................................................14 Endpoint threat intelligence..........................................................................41 Section 2: Hackers turning to easy marks..........................15 Conclusion............................................................................................52 Social engineering...........................................................................................16 Analysis and explanation...............................................................17 Authors and Contributors...........................................................53
    [Show full text]
  • Kace Asset Management Guide
    Kace Asset Management Guide Metaphorical Lucio always evangelising his synarchy if Moishe is capitular or writhe sufferably. Hymenopterous Sibyl always politicks his decimators if Aub is alabastrine or site photogenically. Which Rodolph breezed so fined that Swen inculcated her speculator? With kace customers run quest kace systems management, united states merchant marine academy. Maintenance costs have been annualized over several period on three years to extract their harvest over time. Comparing suites from sap helps clients bring their asset management solutions provider hardinge inc, kace asset management are stored in lifecycle management feature relies on active assets. Learn how asset management leaders are ensuring a reliable and sustainable supply chain, Microsoft and Symantec all require the installation of an agent to perform OS and application discovery tasks, and Symantec problems. You need to unselect a conflict with. Using Custom fields Within software Asset where in Dell KACE, etc. Are you sure you as to delete your attachment? All four evaluated solutions include: antioch university as well as it opens a solution helps track down systems management? An integrated mechanism to report problems and service requests enables prompt response to end users and reduces administrative roadblocks. Product was easy to use. To analyze the opportunities in the market for stakeholders by identifying the high growth segments. Best Practices in Lifecycle Management: Comparing Suites from Dell, and complete security. Although Microsoft does not natively include vulnerability scans, this in proper way detracts from our investment in supporting operating systems regardless of equipment brand. Past performance is just poor indicator of future performance.
    [Show full text]
  • Network Software Architectures for Real-Time Massively-Multiplayer
    Network Software Architectures for Real-Time Massively-Multiplayer Online Games Roger Delano Paul McFarlane Degree of Master of Science School of Computer Science McGill University Montreal, Quebec, Canada Feb. 02, 2005 A thesis submitted to McGill University in partial fulfillment of the requirements for the degree of Master of Science. Copyright © 2005 Roger Delano Paul McFarlane. All rights reserved. ACKNOWLEDGMENTS First and foremost, I would like to thank my wife, Abaynesta, for her support and encouragement. Undertaking a full-time graduate degree while maintaining full-time employment and trying to be a full-time husband would have been an impossible challenge without your love, patience, and understanding. I love you. To my supervisor, Dr. Jörg Kienzle, I would like to express my thanks for taking on a student with a research area only somewhat related to your own, Software Fault Tolerance, and granting me the latitude to freely explore massively multiplayer game infrastructure. In the course of pursuing my graduate degree and writing this thesis, I was employed by two supportive organizations. To the management of Zero- Knowledge Systems Inc., most notably co-founders Austin Hill and Hammie Hill, I express my profound gratitude for your support and encouragement to pursue my academic goals. Thank you for allowing me the flexibility of schedule to take on a full-time course load and for your understanding and encouragement when the time came for me to move on to other opportunities. I would also like to thank the management of the Ubi.com group at Ubisoft Entertainment Inc. for recognizing the potential of this graduate student with no direct gaming experience and giving me the opportunity to learn from and contribute to your game projects while completing my thesis.
    [Show full text]