1. Microsoft Security Intelligence Report v.14
CyberThreat Intelligence Program (C-TIP)
Héctor Sánchez Montenegro
@hectorsm
Chief Technology Officer
Microsoft ibérica

2. 2020
.ie
.ca
.no .se
.uk
.dk
.nl
.us
.fr
.cu
.mx
.jm
.gt
.sv
.cr
.ht
.pt
.do
.at
.ch
.ee
.pl
.de
.be
.lt
.fi
.cz
.si
.rs
.ba
.kz
.gr
.m
l
.tt
.sn
.ci
.ec
.br
.pe
.bo
.ar
.tg
.gh
.eg
.ly
.ng
.bf
.ug
.cd
.rw
.ao
.zm
.py
.mz
.uy
.il
.jo
.er
.bj
.cm
.iq
.lb
.tn
.za
.ir
.sy
.cy
.dz
.az
.ge
.et
sa
.kg
.tj
.uz
.af
.kw
.bh
.
.kr
.jp
.mn
.am
.tr
.gr
.pr
.ve
.cl
.ru
.mk
.al
.ma
.co
.md
.bg
.es
.hn
.ni
.pa
.ua
.ro
.hr
.it
.by
.sk
.hu
.cn
.lv
.qa
pk
.
.hk
.np
.in
.tw
.bd
.mm
.la
.th
.vn
.ae
.ye
.ph
.om
.lk
.ke
.my
.sg
.tz
.mw
.zw
.id
.au
.nz
Sizing Legend
Percent Penetration of Internet Users
Number of Internet Users
= 5M Internet Users
= 10M Internet Users
0-20
21-40
41-60
61-80
81-100
Brazil 122m
Japan 109m
China 765m
Mexico 61m
France 58m
Nigeria 82m
Germany 70m
Russia 95m
India 366m
USA 277m
Data visualization and design created by Column Five Media, data provided by Euromonitor Intl.; map concept derived from Geographies of the World's Knowledge, Graham, M., Hale, S.A. and Stephens, M. (Convoco! Edition, London, 2011).

3. 2020
.ie
.ca
.no .se
.uk
.dk
.nl
.us
.fr
.cu
.mx
.jm
.gt
.sv
.cr
.ht
.pt
.do
.at
.ch
.ee
.pl
.de
.be
.lt
.fi
.cz
.si
.rs
.ba
.kz
.gr
.m
l
.tt
.sn
.ci
.ec
.br
.pe
.bo
.ar
.tg
.gh
.eg
.ly
.ng
.bf
.ug
.cd
.rw
.ao
.zm
.py
.mz
.uy
.il
.jo
.er
.bj
.cm
.iq
.lb
.tn
.za
.ir
.sy
.cy
.dz
.az
.ge
.et
sa
.kg
.tj
.uz
.af
.kw
.bh
.
.kr
.jp
.mn
.am
.tr
.gr
.pr
.ve
.cl
.ru
.mk
.al
.ma
.co
.md
.bg
.es
.hn
.ni
.pa
.ua
.ro
.hr
.it
.by
.sk
.hu
.cn
.lv
.qa
pk
.
.hk
.np
.in
.tw
.bd
.mm
.la
.th
.vn
.ae
.ye
.ph
.om
.lk
.ke
.my
.sg
.tz
.mw
.zw
.id
.au
.nz
Sizing Legend
Percent Penetration of Internet Users
Number of Internet Users
= 5M Internet Users
= 10M Internet Users
0-20
21-40
41-60
61-80
81-100
Brazil 122m
Japan 109m
China 765m
Mexico 61m
France 58m
Nigeria 82m
Germany 70m
Russia 95m
India 366m
USA 277m
Data visualization and design created by Column Five Media, data provided by Euromonitor Intl.; map concept derived from Geographies of the World's Knowledge, Graham, M., Hale, S.A. and Stephens, M. (Convoco! Edition, London, 2011).

11. 5 veces mayor

14. 16,0
14,0
12,0
10,0
8,0
6,0
4,0
2,0
0,0
July
August
September
October
November
December

18. www.microsoft.com/windows/antivirus-partners/

20. Vulnerability disclosures across the industry were down 7.8 percent from 1H12, primarily because of a
decrease in application vulnerability disclosures.

21. 1.600
1.400
1.400
1.200
1.200
1.000
1.000
800
800
600
600
400
400
200
200
0
0
1H10
2H10
1H11
2H11
1H12
1H10
2H12
2.000
2H10
1H11
2H11
1H12
2H12
1H10
2H10
1H11
2H11
1H12
2H12
3.000
2.500
1.500
2.000
1.500
1.000
1.000
500
500
0
0
1H10
2H10
1H11
2H11
1H12
2H12

22. 1.600
1.400
1.200
1.000
800
600
400
200
0
1H10
2H10
1H11
2H11
1H12
2H12

27. 3Q11
4Q11
1Q12
2Q12
3Q12
4Q12

34. Country or region
1Q12
2Q12
3Q12
4Q12
Chg. 1H–2H

39. 32
32
32
32
32
32
64

44. Win32/Keygen
Win32/DealPly
Win32/Autorun
JS/IframeRef
Win32/Pdfjsc
Blacole
Win32/Onescan
Win32/Obfuscator
Win32/Dorkbot
Win32/Sality
Win32/Zwangi

46. 47

50. 51

51. Win32/Swisyn
Win32/Meredrop
Win32/Microjoin
Win32/Rimod
Win32/Dynamer
Win32/Obfuscator
Win32/Dowque
Win32/Malagent
Win32/QBundle
Java/SMSer
Win32/Kuluoz
Win32/VB
Win32/Xolondox
Win32/Small
VBS/Startpage

54. Chart Title

56. Microsoft Security
Intelligence Report
Microsoft Security Blog
Twitter
Microsoft Trustworthy
Computing
blogs.technet.com/b/security
www.microsoft.com/sir
@msftsecurity
www.microsoft.com/twc

60. Since 2010, Microsoft disrupts botnets
and distribute actionable data on
infection to countries

61. 2011 : Delivery of data to ISPs to help
them clean their customers

62. 2012 : Delivery of data to national
centers to help them clean their country
• Real time data
• Includes IP addresses
• Delivered through
Azure Microsoft
cloud

63. C-TIP (Cloud-Threat Intelligence Program
• DCU offers three services related to Threat Intelligence:
1. Real-time updates through Azure Blob Storage or Azure Queues
2. Fast and secure IP lookups through our REST API
3. Daily rollups through our REST API

65. Héctor Sánchez Montenegro
@hectorsm