In Annual Threat Report, Microsoft Highlights Risks to Supply Chains

In its just released Security Intelligence Report (SIR), Microsoft points to supply chain attacks as being responsible for numerous high-profile incidents in 2018. These included a massive campaign to deliver the Dofoil Trojan through a peer-to-peer application’s update package. Dofoil carried a cryptocurrency mining payload and exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion techniques. Microsoft also reported on the rise in cryptocurrency mining campaigns – the illegal use of an organization’s or individual’s computing power without their knowledge to mine cryptocurrencies – and the relative decrease in the number of ransomware attacks. Similar findings were also reported in IBM’s other annual threat report, X-Force Threat Intelligence Index (discussed in the February 26 Security and Resilience Update). Read the report at Microsoft.