Cyber-Threats in the European Union

I recently visited Brussels, where the European Union has its main base of operations. I had the opportunity to talk to numerous people there about the latest Microsoft Security Intelligence Report containing data and insights on the cyber-threats Microsoft has observed specifically in the EU. Microsoft publishes the Security Intelligence Report twice per year, containing data and analysis on cyber-threats we observe from more than 600 million systems worldwide and from some of the Internet’s busiest online services. The threat intelligence and technical guidance in the SIR helps inform the security efforts of businesses, organizations, and governments in many markets around the world.

The most recent volume of the Microsoft Security Intelligence Report, volume 11, includes deep dive regional threat assessments on every member state in the EU as well as many other locations. The regional assessments on EU member states provide insight into how many systems were infected with malicious software in each location, what the most prevalent malicious software threats were and the relative concentration of botnets (collections of compromised systems controlled by criminals) used to send spam in each location. We compare trends in different locations without skewing the results because of the differences in populations or computer install bases. This type of data can be useful to EU policymakers by helping to identify the specific security challenges that governments are currently facing, and whether they share common issues that might be tackled through collaboration between member states.

For example, some observations I have made studying the data on EU member states in volume 11 of the Microsoft Security Intelligence Report include:

  • Malicious software infection rates during the second quarter of 2011 were higher than the worldwide average in locations such as Bulgaria, Croatia, Georgia, Lithuania, Poland, Romania, and Spain. Finland’s infection rate was 7.4 times lower than the worldwide average during the same period, and has had one of the lowest infection rates in the world consistently over the past several years.
  • Microsoft anti-malware technologies detected adware (a program that displays advertisements; although some adware can be beneficial by subsidizing a program or service, other adware programs may display advertisements without adequate consent.) at percentages far above the worldwide average during the second quarter of 2011 in many EU member states including Belgium, France, Germany, Italy and the United Kingdom.
  • Locations such as Bulgaria, Georgia, Portugal and Romania have significantly higher percentages of web pages hosting drive-by download exploit code than the worldwide average (ranging between 8 to 12 times the worldwide average). A drive-by download site is a website that hosts one or more exploits that target vulnerabilities in web browsers and browser add-ons. Users with vulnerable computers can be infected with malware simply by visiting such a website, even without attempting to download anything. During the same period, web pages hosting drive-by download exploit code in Luxembourg was 1/3 of the worldwide average.
  • The number of phishing sites (per 1,000 hosts) in the second quarter of 2011 was more than double the worldwide average in France, Georgia, Slovenia, and the United Kingdom. Phishing is a method of credential theft that tricks Internet users into revealing personal or financial information online. Phishers use phony websites or deceptive email messages that mimic trusted businesses and brands to steal personally identifiable information (PII), such as user names, passwords, credit card numbers, and identification numbers. Austria and Finland have far fewer phishing sites (per 1,000 hosts) than the worldwide average, 5.8 times less and 11 times less respectively.

The threat landscape appears to be much more active and hostile in some EU member states than others. This seems to present an opportunity for collaboration whereby the consistently least infected locations within the EU could share best practices, and perhaps even resources, with the more impacted member states. I have written about best practices shared by countries like Austria, Germany and Finland before. If every EU member state had malicious software infection rates as low as Finland’s, this would be a huge accomplishment in terms of cost savings and productivity gains.

Please feel free to read the key findings summary, download the full report and watch related videos at

Tim Rains
Trustworthy Computing Communications

About the Author
Tim Rains

Chief Security Advisor, Microsoft Worldwide Cybersecurity & Data Protection

Tim Rains is Chief Security Advisor of Microsoft’s Worldwide Cybersecurity & Data Protection group where he helps Microsoft’s enterprise customers with cybersecurity strategy and planning. Formerly, Tim was Director Cybersecurity & Cloud Strategy in Trustworthy Computing at Microsoft, where he Read more »