Americans are already terrified of cyberattacks, and Microsoft’s latest Security Intelligence Report probably won’t do much to assuage those fears. The annual document, which this year spans a whopping 178 pages, details “the threat landscape of exploits, vulnerabilities, and malware using data from internet services and over 600 million computers worldwide.” And while it’s meant to help keep you safe, it also raises quite a few alarms when it comes to security in our digital age.
The United States really isn’t the country that should be most concerned about malware attacks, according to Microsoft. Rather, Pakistan, Indonesia, the Palestinian territories, Bangladesh, and Nepal saw the highest rates of attempted attacks between June and December 2015. The safest countries, or at least, those that attracted the fewest malware attacks, were Japan, Finland, Norway, and Sweden. The company drew these conclusions by examining sensors in systems that ran Microsoft’s anti-malware software.
Stunningly, this software sees “north of 10 million attacks on identities everyday,” according to Microsoft group program manager Alex Weinert. And while these are not always successful attempts, the sheer volume is a bit staggering. Microsoft says around 50 percent of these attacks can be traced back to Asia, and 20 percent to Latin America, although such attacks do not always succeed.
The real danger lies in the amount of time it takes to detect an attack. On average, the report says, 240 days pass before a breach is actually detected. And worse yet, these attacks are on the rise.
Microsoft says that one of the most popular phishing methods is pretending to be an online service, like eBay, Facebook, Amazon, or Google.
“Impressions for online services was higher than any other,” Tim Rains, Microsoft’s chief security adviser for worldwide cybersecurity and data protection, told ZDNet. “We had more people trying to get to phishing sites for online services, and there are more sites dedicated to that.
“If you think about it, there are thousands of financial institutions around the world, so if you’re going to phish financial institutions, you need to have lots of sites, but there’s only one Facebook, there’s only one eBay, so what we see with those is a low number of sites, but with a high number of impressions,” Rains continued.
Of course, financial institutions were still extremely popular targets as well, as they have the “potential for providing direct illicit access to victims’ bank accounts.”
You can check out the full report from Microsoft here.