Andrea Rigoni, Director General of GCSEC, moderated the interactive session where Mr Gullotto presented Microsoft’s report, with the help of Frank Simorjay, Senior Product Manager of Microsoft Trustworthy Computing; representatives from Italian government, European Commission, Telecommunications, Banking and Energy sector attended the meeting.
Main topics highlighted in the report and discussed in the round table are:
• According to vulnerability and security breach trends, trojans are showing a moderate declining trend, while worms
and miscellaneous potential undesired software increased in the last year; latest versions of Microsoft operating
systems suffer of lower infection rates rather than older versions, meaning some security improvements have been
made in applying best practices for secure software development.
• Newer malware removal tools are more effective than in the past: it has been estimated that about six millions PCs
have been cleaned by Microsoft in the last three years; though, the malware infection trend is ever growing and this
remarks the need for strengthened defense strategies.
• Geographic distribution of bot infection levels reflects a direct proportionality with IT penetration rate of countries: but
while countries such Brazil and Saudi Arabia show positive recovery trends in the last year, Turkey, Spain and Korea
had increased significantly their infection rate. Locations like Belarus, Sri Lanka, Tunisia and Morocco have the lowest
infection rate. This can be a sign that targeted attacks have increased worldwide due to botnet spread.
• Botnet ecosystem shows a typical profit-oriented nature: bot-herders tap into well established black markets, acquiring
and selling sensitive informations about possible targets for spam, phishing, information stealing, denial of services
attacks, or more generally malware installation and distribution.
Ever more complex communication pattern – centralized via a command and control center or distributed through P2P
mechanisms – makes it more difficult to detect and dismantle such infrastructures.
• Contrasting botnets requires a coordinated defense and response strategy, involving different players in the
cybersecurity landscape; indeed the Global Response Center has confirmed its commitment on this topic, sharing the
expectations to finally promote the development of a consolidated information sharing framework, appropriately
involving governments, legal systems, law enforcement agencies, ISPs, telecommunication operators, industries and civil society.