Microsoft Corp released the Microsoft Security Intelligence Report volume

Are you using weak passwords or have not updated your computer anti-virus? Well, there's something to worry about and that threat comes from Conficker, a computer worm that targets Microsoft Windows Operating systems. Microsoft Corp released the Microsoft Security Intelligence Report volume 12 (SIRv12), which found that the Conficker worm was detected about 220 million times worldwide in the past two-and-a-half years, making it one of the biggest ongoing threats to enterprises. The study also revealed the worm continues to spread because of weak or stolen passwords and vulnerabilities for which a security update exists. According to the report, quarterly detections of the Conficker worm have increased by more than 225% since the beginning of 2009. In the fourth quarter of 2011 alone, Conficker was detected on 1.7 million systems worldwide. A whopping 92% of Conficker infections were a result of weak or stolen passwords, and 8% percent of infections exploited vulnerabilities for which a security update exists.

"Conficker is one of the biggest security problems we face, yet it is well within our power to defend against," said Tim Rains, director of Microsoft Trustworthy Computing, in a release. "It is critical that organizations focus on the security fundamentals to help protect against the most common threats." The report also revealed that many of the threats often referred to as Advanced Persistent Threats (APTs) are no more advanced or sophisticated than other types of attacks. In most cases, these attacks leverage known vectors such as exploiting weak or stolen passwords and vulnerabilities for which security updates exist, but their efficacy lies in the persistence and determination in trying different tactics to compromise the target. This is why these types of threats are referred as 'Targeted Attacks performed by Determined Adversaries', rather than APTs. "Labeling cyberthreats as 'advanced' is often times misleading and can divert organizations' attention away from addressing basic security issues, which can prevent more common threats from infiltrating their systems," Rains said. Microsoft recommends that users adhere to the following security fundamentals to help ensure they are protected:

Use strong passwords and educate employees on their importance.

Keep systems up-to-date by regularly applying available updates for all products.

Use antivirus software from a trusted source.

Invest in newer products with a higher quality of software protection.

Consider the cloud as a business resource.

"With organizations being presented with significant amounts of data and reports on cyberthreats, the Microsoft Security Intelligence Report gives us good perspective on recent trends in the global threat landscape," said Bob Rodger, global head of IT Infrastructure Security at HSBC.

Source: The Economic Times