The Microsoft Security Intelligence Report (SIR) is a periodic study of the threat landscape of exploits, vulnerabilities, and malware. It is based on data from Internet services and over 600 million computers worldwide and it is interesting because it provides useful information on the evolution of principal cyber threats, data that could help the security community to protect organizations and prevent incidents.
In the latest Security Intelligence Report, the Microsoft Malware Protection Center (MMPC) revealed that Turkey is the heaven of malware, the percentage of computers that reported at least one detection of malware (Encounter rate) is greater than that of any other country.
Microsoft evaluated the Encounter rate classifying grouping the malicious agents in the following categories:
The top 10 countries with the highest encounter rates worldwide are the U.S., Brazil, Turkey, Russia, India, U.K., China, Mexico, France, and Germany.
Turkey exceeded in every category especially for miscellaneous Trojans, worms, exploits, and Trojan downloaders and droppers, only China is suffering greater backdoor-related threats than Turkey.
The exceptional increase of malware based attacks against Turkish systems suggests cybercriminals are increasingly targeting Turkey for some reason.
“Language targeting is not uncommon; many families specifically target languages, as we have seen above and in the Security Intelligence Report. A quick look at the Turkish language shows that most people who read websites in Turkish live in Turkey. So, malware authors targeting Turkey might just be an unintentional consequence of trying to infect the population of Turkish computer users.
From this data, we can confidently conclude that Turkey was indeed targeted by malware authors through language targeting. Social engineering, used by all families discussed above, is a method that online criminals use to trick users into performing actions or divulging confidential information, to gain access to their computers or hide the presence of malicious behavior.” commented Microsoft on the results of the Microsoft Security Intelligence Report.
Microsoft Security Intelligence Report the Kilm trojan has infected nearly 235,000 machines, 92 percent of them located in Turkey meanwhile The Murkados worm has compromised nearly 170,000 machines, 97 percent inside Turkey. The list of malware is long and the incidence on Turkish systems is serious as reported in the below table.
Going deep in the analysis of malware families that hit the Turkey we discover that 30.6 percent of machines have suffered miscellaneous trojans infections defined as generic trojans as malware that are self-contained and does not self-replicate.
Russia is the second country most hit by the same family of malware accounting for 23.6 percent. We have to consider that majority of threats observed during the last 12 months was composed by exploits of software vulnerabilities and exploit kits. Turkey is top contry for this type of menaces, it is ranked ahead India.
Microsoft Security Intelligence Report states that worm category is dominated by Turkey that leads India 21.4 to 18 percent with a worldwide average of 4.7 percent, meanwhile for trojan downloaders and droppers Turkey scores 10.7 percent ahead Brazil at 8.7 percent.
The detailed analysis is syntetized in the following table, the real surprise in my opinion is data relared to US, it is significant the deviation related to Turkish data compared to the global average.
Microsoft experts provided a series of recommendations with Microsoft Security Intelligence Report on commonly known protective measures. In case users suspect that confidential information has been stolen by a social engineering attack that a computer user may have responded to, take a few steps to protect data, such as:
(Security Affairs – Microsoft, Microsoft Security Intelligence Report)