Today we released volume 11 of the Microsoft Security Intelligence Report (SIRv11), covering the period January to June 2011. With detailed analysis on 105 countries, it is the largest and most in-depth report on cyber-threats we have ever developed.
People ask me what the key finding is. And that’s a tough one; believe me, there is so much good information that it is hard to focus on just one. Twist my arm though and I’d say that the most compelling discovery relates to some research we did around the threat posed by zero-day vulnerabilities.
‘Zero-day’ is the term used to describe a situation where an exploit is released before a software company has issued a security update. Understandably organizations and consumers are concerned at the thought of being exposed to a ‘zero-day’.
As part of SIRv11, we conducted research to quantify exactly how pervasive the threat posed by zero-day attacks was in the first half of this year. We found that none of the most prevalent malware threats used zero day exploits to propagate in the first half of 2011, and less than one percent of attacks using exploits, leveraged zero-day vulnerabilities.
I definitely don’t want to dismiss the significance of zero-days vulnerabilities, but SIRv11 does put them into perspective. It also draws attention to the other 99+ percent of attacks which occur as a result of things like social engineering, weak passwords and unpatched vulnerabilities. The good news is that many of the attacks that go into this 99+ percent can be mitigated against with good security best practices.