In addition, Microsoft detected a staggering 220 million Conficker attacks (successful or otherwise) over the past two and half years. For its SIRv12 report, Microsoft gathered threat intelligence from over 600 million systems in more than 100 countries.
While 1.7 million infections pale compared to its heyday in 2009 when the worm infected as many as 15 million machines, according to some estimates, it still is a substantial number, given that a security patch was issued three years ago, no new variants have appeared in the last two years, and most antivirus software can detect and block Conficker and its variants.
Why does Conficker continue to pose such a large security threat?
Poor password practices and policy, explained Tim Rains, director of Microsoft’s Trustworthy Computing. A full 92% of Conficker infections were caused by weak or stolen passwords. “We thought that that was an amazingly high number”, he commented.
“We are surprised that weak or stolen passwords are at the heart of Conficker’s success”, he added.
Also, Rains questioned the use of the term advanced persistent threat (APT) to describe targeted attacks, as opposed to broad-based attacks like Conficker. “The term APT is not particularly useful to the customers we talk to because it puts the focus on the sophistication of the tactics. But the tactics are not any more sophisticated than those used in basic automated broad-based attacks, they don’t think that term is helpful”, Rains told Infosecurity.
Microsoft found that attackers use similar tactics to carry out both targeted and broad-based attacks. They target weak passwords and unpatched vulnerabilities and use social engineering to trick users into download malware.
Rains stressed that individuals and organizations should focus on security fundamentals to protect themselves against targeted and broad-based attacks. He recommended that they use strong passwords, regularly apply available security updates for software, use antivirus software from a trusted source, invest in new products that have higher quality of protection, and consider the cloud as a business resource, particularly smaller organizations.
The Microsoft official also recommended that organizations take a four-pronged holistic approach to risk management: prevention (security fundamentals), detection (regular monitoring of systems), containment (if network is compromised), and recovery (development of a recovery plan).