Microsoft Security Endpoint Threat Summary 2019

Global and notable country specific encounter rates of malware, ransomware, cryptocurrency- mining, and drive-by downloads, for calendar year 2019. Encounter rates measured across Microsoft’s Defender and Bing cloud services. Findings published on the Microsoft Security Intelligence website: https://www.microsoft.com/securityinsights Malware 3.24% Malware encounter rates continue their encounters downward trend from 5.07% in 2018 and 6.29% in 2017. A reduction of almost 50% in three years.

Typically, malware infection is a result of poor security hygiene and minimal security education and Summary awareness among users. Unlicensed and/or pirated software can also be a source of malware. To reduce the risk of a malware encounter and infection, Microsoft recommends that users keep software up to date, remain wary of links and attachments—especially from unknown senders—watch out for malicious or compromised websites, avoid pirated content, and don’t attach unfamiliar removable drives.

Average malware encounter rates by country for 2019. 20+ 15 - 19 10 - 14 5 - 9 0 - 4 For full details visit: https://www.microsoft.com/securityinsights

Highest encounter rates Lowest encounter rates Greatest change YoY

1. Ethiopia 6. Palestinian Auth. 1. Ireland 6. Netherlands 1. Ghana 6. Japan 2. Pakistan 7. Uzbekistan 2. United States 7. Denmark 2 Nigeria 7. Tanzania 3. Syria 8. Ghana 3. Japan 8. Switzerland 3. China 8. New Zealand 4. Tanzania 9. Egypt 4. Finland 9. Iceland 4. Nicaragua 9. Denmark 5. Bangladesh 10. Myanmar 5. Norway 10. Sweden 5. Australia 10. Guatemala

Microsoft customers should enable the Microsoft Defender services built into Windows 10. Enterprise Learn more customers should consider Microsoft Defender Advanced Threat Protection (ATP) for comprehensive endpoint protection, detection, and response capabilities. Learn more at https://aka.ms/understandingmalware Ransomware .03% On average, thirty endpoints in every hundred encounters thousand encountered ransomware, in 2019, a decline of 40% from 2018.

Indiscriminate ransomware encounters are down for the third consecutive year; however, attackers are Summary shifting their efforts to customized campaigns—sometimes referred to as human operated ransomware—targeted at specific geographies, industries, and even individual businesses. Given this change, Microsoft recommends that IT keep endpoints up to date, utilize cloud file storage and backups, and invest in training to help users identify phishing and social engineering techniques.

Average ransomware encounter rates by country for 2019. 0.56 - 0.66 0.45 - 0.55 0.34 - 0.44 0.23 - 0.33 0.12 - 0.22 0 - 0.11 For full details visit: https://www.microsoft.com/securityinsights

Highest encounter rates Lowest encounter rates Greatest change YoY

1. Mozambique 6. Tanzania 1. Ireland 6. United States 1. Ghana 6. Angola 2. Ghana 7. Bangladesh 2. Japan 7. Netherlands 2 Mozambique 7. Kazakhstan 3. Uzbekistan 8. Syria 3. Finland 8. Switzerland 3. Uzbekistan 8. Palestinian Auth. 4. Ethiopia 9. Pakistan 4. Denmark 9. New Zealand 4. Ivory Coast 9. Philippines 5. Mongolia 10. Venezuela 5. United Kingdom 10. Australia 5. Tanzania 10. Japan

Microsoft strongly recommends that all customers enable multi-factor authentication. In addition, Learn more Microsoft 365 customers should consider utilizing Versioning in Office 365 as well as Controlled Folder Access in Windows 10 to help mitigate the risk and impact of ransomware attacks. Learn more at https://aka.ms/understandingransomware Cryptocurrency .05% Cryptocurrency mining encounters are down mining encounters 40% from 2018. On average, just fifty endpoints in every one hundred thousand encountered a cryptocurrency miner.

As the value of cryptocurrency rises and falls, so does the mining encounter rate. Attackers inject mining Summary software into an unsuspecting user or organization’s machine(s) and then use the machine’s compute power to mine for the cryptocurrency. This can cause decreases in system performance and increases in utility costs. But perhaps more concerning is that attackers often turn mining software into something more malicious as their motivations change.

Average cryptocurrency mining encounter rates by country for 2019. 2.0+ 1.31 - 1.99 0.66 - 1.30 0 - 0.65 For full details visit: https://www.microsoft.com/securityinsights

Highest encounter rates Lowest encounter rates Greatest change YoY

1. Ethiopia 6. Bolivia 1. Ireland 6. Netherlands 1. Peru 6. Guatemala 2. Uzbekistan 7. Mozambique 2. United States 7. United Kingdom 2 Bolivia 7. Mexico 3. Pakistan 8. Ecuador 3. Japan 8. China 3. Ecuador 8. China 4. Tanzania 9. Kazakhstan 4. Norway 9. Finland 4. Brazil 9. Japan 5. Peru 10. Ghana 5. Switzerland 10. Denmark 5. Nicaragua 10. United States

Protecting against malware is the best strategy for mitigating cryptocurrency mining encounters. For Learn more Microsoft 365 customers we also recommend enabling Potentially Unwanted Applications (PUA) detection which can stop adware and torrent downloaders as well as cryptocurrency miners. Learn more at https://aka.ms/understandingcoinmining Drive-by download .08% For every 100,000 URLs indexed by Bing, drive-by encounters downloads were detected on 8. This average is down from 9 in 2018 and 13 in 2017.

cryptocurrency mining

A drive-by download (DBD) is an unintentional download of malicious code to an unsuspecting user’s Summary computer when they visit a web site. The malicious code could be used to exploit vulnerabilities in web browsers, browser add-ons, applications, and the operating system. Users can be infected with malware simply by visiting a website, even without attempting to download anything. In our research, we track drive-by downloads that affect web browser vulnerabilities.

Average drive-by download encounter rates by country for 2019. 0.04 - 0.05 0.03 - 0.04 0.02 - 0.03 0.01 - 0.02 0 - 0.01 For full details visit: https://www.microsoft.com/securityinsights

Highest encounter rates Lowest encounter rates Greatest change YoY

1. Iran 6. Vietnam 1. New Zealand 6. Denmark 1. Taiwan 6. Bulgaria 2. Russian Fed. 7. France 2. Austria 7. Norway 2 Iran 7. Russian Fed. 3. Singapore 8. Ireland 3. Switzerland 8. Czech Republic 3. Norway 8. Brazil 4. United States 9. Hong Kong 4. Korea 9. Spain 4. Indonesia 9. Romania 5. India 10. Taiwan 5. Belgium 10. Estonia 5. Australia 10. Thailand

Microsoft SmartScreen technologies included in Windows 10 and the Microsoft Edge browser help protect Learn more against drive-by downloads by pre-scanning URLs and blocking those found to be compromised. Learn more at https://aka.ms/learnaboutsmartscreen Copyright © 2020 Microsoft Corporation. All rights reserved.

This document is for informational purposes only.

MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT

This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it.