Microsoft Security Intelligence Report Volume 20 | July through December, 2015 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. Copyright © 2016 Microsoft Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Authors Charlie Anthe Dana Kaufman Anthony Penta Cloud and Enterprise Security Azure Active Directory Team Safety Platform Nir Ben Zvi Nasos Kladakis Ina Ragragio Enterprise and Cloud Group Azure Active Directory Team Windows and Devices Group Patti Chrzan Daniel Kondratyuk Tim Rains Microsoft Digital Crimes Unit Azure Active Directory Team Commercial Communications Bulent Egilmez Andrea Lelli Paul Rebriy Office 365 - Information Windows Defender Labs Bing Protection Geoff McDonald Stefan Sellmer Elia Florio Windows Defender Labs Windows Defender Labs Windows Defender Labs Michael McLaughlin Mark Simos Chad Foster Identity Services Enterprise Cybersecurity Bing Group Nam Ng Roger Grimes Enterprise Cybersecurity Vikram Thakur Microsoft IT Group Windows Defender Labs Paul Henry Niall O'Sullivan Alex Weinert Wadeware LLC Microsoft Digital Crimes Unit Azure Active Directory Team Beth Jester Daryl Pecelj Terry Zink Windows Defender Microsoft IT Information Office 365 - Information Security and Risk Protection Jeff Jones Management Corporate Communications Contributors Joey Caparas Dolcita Montemayor Henk van Roest Windows Defender Labs Windows Defender Labs CSS Security Response Team Satomi Hayakawa Wendi Okun Pete Voss CSS Japan Security Response Corporate, External, and Corporate, External, and Team Legal Affairs Legal Affairs Ben Hope Laura A.Robinson Steve Wacker Corporate Communications Microsoft IT Wadeware LLC Yurika Kakiuchi Jasmine Sesso Iaan Whiltshire CSS Japan Security Response Windows Defender Labs Windows Defender Labs Team Norie Tamura Russ McRee CSS Japan Security Response Windows and Devices Group Team ii ABOUT THIS REPORT Table of contents About this report ......................................................................................................................... vi Foreword ....................................................................................................................................... vii How to use this report ............................................................................................................... ix Featured intelligence 1 PLATINUM: Targeted attacks in South and Southeast Asia ............................................ 3 Adversary profile ............................................................................................................................... 3 Methods of attack ............................................................................................................................. 5 Technical details................................................................................................................................ 11 Exploit (CVE-2015-2545) ............................................................................................................... 22 Identity ................................................................................................................................................ 24 Guidance ............................................................................................................................................ 25 Detection indicators........................................................................................................................ 27 Protecting identities in the cloud: Mitigating password attacks ................................ 38 Fighting email spoofing with Exchange Online Protection .......................................... 48 How EOP’s antispoofing feature works ..................................................................................... 49 Antispoofing statistics .................................................................................................................... 50 Making the most of EOP’s antispoofing services .................................................................... 51 Worldwide threat assessment 53 Vulnerabilities .............................................................................................................................. 55 Industry-wide vulnerability disclosures ..................................................................................... 55 Vulnerability severity ...................................................................................................................... 56 Vulnerability complexity ................................................................................................................ 58 Operating system, browser, and application vulnerabilities................................................ 59 Microsoft vulnerability disclosures ............................................................................................... 61 Guidance: Developing secure software ..................................................................................... 61 Exploits ........................................................................................................................................... 63 Exploit families .................................................................................................................................. 65 MICROSOFT SECURITY INTELLIGENCE REPORT, VOLUME 20 (JULY–DECEMBER 2015) iii Exploit kits.......................................................................................................................................... 66 Java exploits ...................................................................................................................................... 69 Operating system exploits ............................................................................................................. 71 Document exploits .......................................................................................................................... 73 Adobe Flash Player exploits ......................................................................................................... 75 Browser exploits .............................................................................................................................. 75 Exploit detection with Internet Explorer and IExtensionValidation .................................... 76 Malware and unwanted software ..........................................................................................79 Diplugem and infection rates ....................................................................................................... 81 Brantall, Rotbrow, and Filcout...................................................................................................... 82 Malware and unwanted software worldwide .......................................................................... 82 Microsoft and partners disrupt Dorkbot botnets .................................................................... 91 Threat categories ............................................................................................................................ 93 Threat families .................................................................................................................................. 97 Home and enterprise threats ......................................................................................................106 Threats from targeted attackers ................................................................................................. 111 Potentially unwanted applications in the enterprise ............................................................ 114 Security software use .................................................................................................................... 119 Guidance: Defending against malware .................................................................................... 127 Malicious websites.................................................................................................................... 128 Phishing sites ...................................................................................................................................129 Malware hosting sites ...................................................................................................................132 Drive-by download sites ..............................................................................................................133 Guidance: Protecting users from unsafe websites ................................................................ 137 Mitigating risk 139 Malware at Microsoft: Dealing with threats in the Microsoft environment .......... 141 Antimalware usage ........................................................................................................................ 141 Malware detections ...................................................................................................................... 142 Malware infections ........................................................................................................................ 145 What IT departments
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages198 Page
-
File Size-