Microsoft has issued ato summarize the mammoth 160-page bi-annual , released at the start of May.
The company’s security personnel has sifted through the entire report and extracted ten key points which they believe are to be this year’s top cyber-security trends.
A rise in more severe vulnerabilities
Microsoft says that during the past three years, the numbers of security bugs didn’t only go up, but also became more severe.
The company’s experts say that in 2015, 41.8 percent of all vulnerability disclosures were given a severe mark, a trend that’s bound to continue as more and more IoT devices are analyzed.
Java exploitation is dying
Microsoft says that crooks moved on from exploiting Java flaws. The reason behind this may be Oracle’s addition of a security feature called Click2Play, which has made it very hard to exploit Java objects automatically.
A similar report from the NTT group also reached the same conclusion that Microsoft did, pointing out that most exploit kits in 2015altogether, focusing more on Flash.
Home users see more malware than business users
With companies realizing the dangers of malware and data breaches to their reputation and financial bottom line, more businesses are investing in stronger security solutions.
This has reflected in more infections on home computers, rather than work PCs, mainly because they’re more likely to run without powerful antivirus solutions or a big firewall protecting them from all kinds of threats.
Malware goes international
In the past, many security vendors have seen malware target predominantly developed countries, especially the US, Australia, and the EU zone.
During 2015, Microsoft reports that the locations with the highest malware infection rates were Mongolia, Libya, the Palestinian territories, Iraq, and Pakistan. This can be explained by the presence of outdated devices in these countries, but also by the proliferation of malware that doesn’t necessarily go after the infected user’s bank account, and only uses his machine as part of a botnet, not caring where the machine is located.
Exploit kits enter primetime
Also during the past year, Microsoft says that 40 percent of all malicious user exploitation attempts came exploit kits.
This has been facilitated by the rise of Malware-as-a-Service operations on the Dark Web, which has seriously reduced the technical skills needed to enter and run cyber-crime campaigns.
Flash will continue to be the most targeted technology
To nobody’s surprise, Adobe Flash content was found on 90 percent of all the malicious Web pages were user exploitation was detected.
The danger surrounding Flash usage has been known for years now, and Microsoft once again hihglighted “the importance of keeping Adobe Flash Player updated.”
The rise of security flaws in non-browser and non-OS technology
During the past years, security bugs discovered in browsers, browser-related technology, and at the OS level, dominated the infosec domain.
In 2015, Microsoft says that 44.2 percent of all security flaws were found outside browsers and operating systems, in products like cloud services, IoT equipment, routers, and other network equipment.
Get ready for more trojans
Trojans are computer viruses that employ social engineering to trick users into installing them. During the past year, Microsoft saw a rise of 57 percent in terms of new trojans, which it expects to grow this year as well.
Microsoft recommends companies to train employees into the most common distribution methods used by these threats, such as phishing emails, Office macros, or fake file icons.
More complex malware
Malware creation has become a worldwide economy of its own, and malware coders are competing against each other on the global market, with specific techniques seen in each country.
Malware coders in Russia and Brazil are known to be some of the most creative, and Microsoft says that this underground economy is going to produce more dangerous and complex threats as it continues to develop.
Microsoft: Other software companies have problems too
Microsoft says that despite its reputation of having products with huge security flaws, statistical numbers don’t support this statement anymore.
The company points out that less than 10 percent of all the recent security flaws were found in its products. Microsoft says that companies should be well aware that a security incident can originate from anywhere, not just its Windows desktop, and that other vendors are just as bad, if not worse at managing their products’ security.