Archive

Archive for the ‘ADDS’ Category

How cyber threats affect enterprise and consumer devices

Over the past decade, Microsoft has methodically studied the evolving cyber threat landscape. We share what we learn twice a year in our Security Intelligence Report, and the most recent issue reveals some important differences between consumer devices and enterprise threats.

Attackers don’t view all attack vectors equally – home computer users and enterprise users tend to be exposed to a different mix of threats due to different usage patterns. These usage patterns can influence the type of cyber-attack attempted. Typically, users in work settings perform business activities while connected to a company network. Users in these situations may also have limitations regarding use of the Internet and email for personal use.

On the other hand, consumers generally connect to the Internet directly or use a home router (a personal network). Here, consumers more often use computers for activities like social media, personal email, playing games, watching videos, consuming content, and shopping.

Active Directory Domains vs. Non-Domains

Microsoft antimalware products and tools produce telemetry data that reveal if infected computers belong to an Active Directory Domain Services (ADDS) domain. (Computers that do not belong to an ADDS are more likely to be for personal or other non-enterprise use).

By comparing the threats ADDS computers encounter with those of non-ADDS computers, we can gain compelling insights into the stark differences between personal and enterprise security attacks and can begin to understand which threats are most likely to succeed in each environment.

As the following table shows, enterprise computers encounter less malware and encounter different kinds of threats than consumer computers do.

Malware and unwanted software encounter rates by category for domain-based and non-domain computers during the second half of 2015.

Malware and unwanted software encounter rates by category for domain-based and non-domain computers during the second half of 2015.

Our analysis of related data collected over the course of 2015 reveals the following:

  • Non-domain computers encountered disproportionate amounts of unwanted software compared to domain-based computers, with Adware, Browser Modifiers, and Software Bundlers each appearing between three and six times as often on non-domain computers
  • Domain-based computers encountered exploits nearly as often as their non-domain counterparts, despite encountering less than half as much malware as non-domain computers overall
  • Six families—Win32/SupTab, Win32/Diplugem, Win32/Gamarue, Win32/Skeeyah, Win32/Peals, and Win32/OutBrowse—were common to both lists; all were more frequently encountered on non-domain computers than on domain-joined computers
  • The four families that were unique to the top ten list for domain-joined computers but not for non-domain computers are the exploit kit JS/Axpergle, the Trojan family Win32/Dorv, the worm family Win32/Conficker, and the generic detection INF/Autorun

In addition, the encounter rate for consumer computers was about 2.2 times as high as the rate for enterprise computers during the second half of 2015.

How to stay updated on emerging threats

The threat landscape has changed dramatically in recent years. Constant vigilance is needed to maintain visibility into emerging vulnerabilities so you can make the adjustments necessary to help protect your organization and customers. From big data analysis to continuous machine learning and human intelligence, security demands a holistic approach to ensure your organization is prepared to handle new attacks.

Visit www.microsoft.com/security/sir to gain a deeper understanding about the security threats that affect your environment. Learn more about Security at Microsoft Secure.