The 24^th edition of the Microsoft Security Intelligence Report (SIR) is now available. And this year, I’m thrilled to share that not only can you download the PDF, but you can also visit an online, interactive version that provides tools to filter and deep dive into the data. This edition of the report is a reflection on last year’s security events and includes an overview of the security landscape, lessons learned from the field, and recommended best practices. I know you may find some of the trends, such as the increase in cryptocurrency mining and supply chain activity, worrisome. But I also hope you’re encouraged to learn that the defensive techniques we’ve taken as a security community are paying off: there is good evidence that bad actors have been forced to change their tactics.

To create this report, the SIR team culled core insights and key trends out of a year’s worth of data from multiple, diverse sources. We analyzed the 6.5 trillion security signals that go through the Microsoft cloud every day. We gathered insights from thousands of security researchers based around the world, and we learned lessons from real-world experiences, like the Ursnif campaign and the Dofoil coin-miner outbreak. There is a lot going on, but the SIR team distilled the data down into four key trends:

• Ransomware attacks are on the decline.
• Cryptocurrency mining is prevalent.
• Software supply chains are at risk.
• Phishing remains a preferred attack method.

Ransomware attacks are on the decline

The decline of ransomware attacks that we saw in the 2018 data is a great example of how the security community is pushing bad actors to adjust. Just last year, we highlighted the large threat that ransomware played in the 2017 data, so this decline is notable. We believe that attackers have shifted from this highly visible method to more stealth attacks because users have gotten smarter about how they respond.

Cryptocurrency mining is prevalent

The decline in ransomware is good news; however, on the flip side we are seeing cryptocurrency mining to be prevalent. This is one of the methods that attackers have deployed in lieu of ransomware. Mining coins profitably requires an immense amount of computing power to perform complex calculations, so attackers install malware on users’ computers to “steal” the necessary computing power. The SIR report provides a great overview of how cryptocurrency works and other factors driving this trend.

Software supply chains are at risk

Software supply chain attacks are another trend that Microsoft has been tracking for several years. One supply chain tactic used by attackers is to incorporate a compromised component into a legitimate application or update package, which then is distributed to the users via the software. These attacks can be very difficult to detect because they take advantage of the trust that users have in their software vendors. The report includes several examples, including the Dofoil campaign, which illustrates how wide-reaching these types of attacks are and what we are doing to prevent and respond to them.

Phishing remains the preferred method of attack

It’s probably not surprising that phishing continues to be a popular method of attack, and we expect that to continue for the foreseeable future. The good news: much like ransomware, bad actors have shifted tactics in response to the more sophisticated tools and techniques that have been deployed to protect users. We uncovered a lot of details about these new phishing methods that we hope you find useful in your fight to defend against them.

Learn more

When I was a practitioner, I sought out reports like these to help me better understand attacker techniques and plan my defenses accordingly. I hope you find the insights, tips, and best practices that we’ve pulled together just as helpful. Download volume 24 of the Microsoft Security Intelligence Report and then dig into the data specific to your region in the interactive website. The site will be updated monthly, so you can keep up with emerging data and insights throughout the year.

Also, later in March, join me and my colleague, Jonathan Trull, for a webinar where we’ll dissect these trends in more detail and share best practices to help you protect your organization.

The SIR serves to share some of the intelligence and insights that Microsoft generates as part of our broader security operations work, but it is not the whole story. Please also make sure to check out today’s announcements on new Microsoft security innovations aimed at helping defenders capitalize on the latest security intelligence and protections to help them stay ahead in the evolving cybersecurity landscape.

The basic concept of Wars Across the World is to take a single set of game mechanics that can underpin a range of different scenario types across history, at varying command levels. The design justification being that the base mechanics only need to be learned once, so that the developers can offer a breadth of battles and campaigns that all follow the same underlying logic, and so can be played in succession without much difficulty.

I was rather sceptical that such a design could both be fun and plausible, but so far I’ve been pleasantly surprised with what has been created. A combination of modern gaming techniques and ease of accessibility make Wars across the World an impressive achievement, and an excellent addition to mobile war games overall.

The company behind this, STRATEGIAE, have managed to find the sweet spot for mobile gamers and very much captures you in the ‘just one more turn’ trap. Whether it was defending Berlin in the dying days of the Second World War, force marching down to London from York in 1066 or desperately trying to seize Sinai whilst holding off the Syrians in 1967, I always needed to keep clicking that button to see what happened next.

The success of this game isn’t down to a single contributing factor, there are a range of elements here that have just been done very well underpinned by a well thought out baseline.

Firstly, the game is incredibly easy to pick up and play. Within a minute or two of installation you are quickly in the front line of the action dragging units around, making political decisions and trying to get some sort of strategic plan together. Within ten minutes you are quickly wondering whether not bothering to read through the scenario notes is really an excuse that will go down well in the Fuhrer’s Bunker and perhaps you are just better off blaming everything on Steiner (Insert Downfall meme video-ED).

Every phase it’s very clear what you need to do as the game highlights units and warns you when you haven’t activated elements. Even better it highlights cards that you could play so you don’t need to wade through endless cards trying to figure out what you need to do. It is so well implemented it ought to be mandatory for every game to copy this style of in-game assistance. Mr. Clippy this is not.

The game is built around an area movement map with strict turn and phase orders, but the designers have not let themselves be restricted or influenced by any specific school of wargaming techniques or traditions. This game is a smorgasbord of mechanics and they come together beautifully. Yes, there were times I didn’t really know what was going on but because I was so immersed in the experience it didn’t detract from the game.

My biggest concern was that I couldn’t see how they could merge such wide ranging historical eras together, let alone combine that with options for grand strategic level and operational level player perspectives all into a single game.

How they have overcome this is through incredible flexibility in their design tools. Units can be given any combat, movement and morale stats that fit the geographical region and the historical/ political situation. As a result not all scenarios are equal in quality, some of them are simply better designed than others. The base game on the iPad comes with a tutorial and a single mission but you are going to have to buy additional scenarios to justify getting this game in the first place.

Apart from the Berlin 1945 scenario ($2.99), the rest of the scenario IAPs are $1 each Everything I tried was worth the app purchase fee, and for this review I played Hasting 1066, Waterloo 1815. Tannenberg 1914, Normandy 1944, Berlin 1945 and Six Days 1967. I thought Berlin 1945 was the best of the bunch; an excellent scenario that had considerable depth compared to the other options, which probably explains the higher price. 

I always approached each new scenario somewhat sceptically, doubting that the mechanics I had just been using could work on a totally different time frame I was now loading up. However I continually found that my doubts were unfounded and that it was actually really fascinating to see how different unit types worked in different era’s and situations.  It was genuinely interesting to compare how my tanks performed in Suez against how my cavalry performed in 1815 or in 1914 at Tannenberg.

There are nuances to combat which I found strange at first as there are restrictions on unit limits and leader requirements. However these restrictions are designed to abstractly reflect logistical limitations and can occasionally be broken with the right card. Relatively modern armies tended to suffer morale collapse less readily than historical armies but none of the scenarios felt like a grind and there was often a real decision to be made. Most importantly the end result is plausible more often than not.

The AI isn’t a genius but considering that I lost my first four games in a row suggests that the competency level is definitely a fun challenge. Certainly the AI rarely lacks compunction to act, which often kills computer war games for me in general.

Wars Across the World also has an option for hotseat multiplayer and because it doesn’t take more than 1-2 hours (and I finished some in 30 minutes) to complete a scenario so you can easily sit down with a friend/ adversary and play a game or two over an evening or on a journey.

Everything you would want from a modern wargame is here; fog of war, morale, logistics, political considerations, supply, time pressures, interesting investment trade off’s. This is a far cry from many of the other wargames that we see with no real political context or pressures. War isn’t a logical, mechanical odds counting exercise, it’s a disorganized mess in which you simply attempt to act less badly than the people on the other team.

Wars Across the World captures that essence through the use of scenario specific cards. These cards cover a whole range of political and military factors and can be played at a strategic and tactical level during various phases of the game. Each set of cards is different for each side in each scenario and they provide a central part of the immersion that make this game good.

Most scenarios allow you to spend investment points on new units, replacements or cards. This creates interesting strategic dynamics and decision trade off’s.  Many of the political elements allow you to buy time in some way or alter the balance of the conflict in the longer term. Some of the political cards impact the opponent, creating unforeseen challenges and friction of war.

Current scenarios range from ancient warfare through to the 20^th century and there are more being released. Excitingly there is the option for user created scenarios as well. Wars Across the World straddles a line between offering meaningful depth and decisions, without crossing too much into the territory of hardcore wargames that you might see grace the front page of our sister website. It’s a welcome site in an app store increasingly looking at free-to-play and casual audiences.

At the time of writing, Wars Across the World has the following IAPs, all of which unlock additional scenarios to play within the game:

• Saratoga 1777 ($0.99)
• Six Days 1967 ($0.99)
• Tannenberg 1914 ($0.99)
• Malaya 1941 ($0.99)
• Waterloo 1815 ($0.99)
• Bulge 1944 ($0.99)
• Bull Run 1861 ($0.99)
• Hastings 1066 ($0.99)
• Berlin 1945 ($2.99)
• Hamilkar 264 ($0.99)

One item I forgot to add to story, sources say execs are now deciding whether they will recast the role or replace Deadshot with a different character from the DC universe to join the team in sequel

— Justin Kroll (@krolljvar) February 28, 2019

Revealed as part of today’s Pokémon Direct, the highly anticipated Generation 8 games of the Pokémon series will be called Pokémon Sword and Shield. You’ll be able to get your hands on them in “late 2019”.

The games will take place in a brand new region called the Galar region, which is set to feature vast plains and craggy snow-covered mountains. Game Freak director Junichi Masuda said that the games will feature “never before seen Pokémon” and “new adventures you’ve yet to experience”.

Also shown in the new trailer were the three new starter Pokémon, Grookey, Scorbunny, and Sobble.

That’s not all, though, as the video ends with a cheeky tease stating that there’s “plenty” more in the works for the Pokémon brand in 2019.

So, what do you think? Feel free to share your thoughts with us in the comments below.

Mobile app Animal Crossing: Pocket Camp has just received what is being described as a “major” update, introducing a new interior design minigame called Happy Homeroom.

In this new game, you can use your furniture to practice your interior design skills. Your finished designs will be judged by Lottie and other adorable critters, and if you pass the Happy Homeroom classes, your HH Rank will increase, earning you items like the HH material and more. These HH materials can be used to make Golden Series furniture, which can be crafted after reaching Amateur Rank 1 in Happy Homeroom.

To access this new mode, you’ll need HH Vouchers, which replenish over time. Today’s press release tells us that your Camp Manager Level must also be level 6 or above, and has also provided a list of several other additions that have arrived in the game recently.

• New Local Produce – Grapes, lemons and lychees are the newest local fruit to be added to the game. While each player has a Local Produce tree in both their Lost Lure Creek and Breezy Hollow locations, they will need to make use of other players’ Market Boxes to obtain the other two regional fruit.
• Blathers’s Treasure Trek – A new mini-game that involves rolling a die on a map that resembles a board game. Treasure maps earned in this mini-game will reward bells or crafting materials. Special maps will even invite new animals to your campsite!
• Pete’s Parcel Service – A new and handy way to level up your friendship with animals. By selecting this service, Pete will complete animal requests for you without you needing to visit their locations. What a nice pelican!

A new video highlighting all of the app’s latest features and additions, including recently introduced animal friends, the cabin, and more, has also been shared. Check it out below.

Will you be checking out the Happy Homeroom? Do you regularly play Animal Crossing: Pocket Camp? Tell us below.

In my day job at LinuxGizmos, I’ve been neck deep recently in embedded Linux hardware news from the Embedded World show in Nuremberg. There are plenty of new SBCs and compute modules — many based on NXP’s newly shipping i.MX8M Mini — as well as a new Qualcomm Robotics RB3 Platform, more IoT gateways, and Linux-ready chips like ST’s STM32MP1 and Octavo SiP version of the SoC.

Yet, Embedded World has produced some embedded Linux software news, as well. Here we take a brief look at some highlights, including Google open sourcing its Cloud IoT Device SDK, the Linux Foundation launching an ELISA project for open source safety-critical systems, and a new long-term kernel from the Civil Infrastructure Platform project.

In other news, Siemens has spun a Debian-based binary version of Mentor Embedded Linux (MEL), and AMD and Advantech are collaborating with Mentor to develop a machine-learning savvy implementation of MEL. Finally, Wind River announced a “Helix Platform” that combines Wind River Linux and VxWorks, and MontaVista has launched MontaVista Carrier Grade eXpress 2.6.

Google releases open source Device SDK

Google has released a Cloud IoT Device SDK under open source license designed to connect microcontroller devices and IoT-oriented Linux gizmos to its Google Cloud IoT platform. The SDK can be considered a lower-end, MCU endpoint-oriented counterpart to its Linux-focused Cloud IoT Edge stack for IoT gateways that integrate Google’s AI-accelerating Cloud TPU chips.

The Cloud IoT Device SDK comprises client libraries written in Embedded C to “enable developers to securely connect, provision, and manage devices with Cloud IoT Core,” says Google. Target devices range from handhelds to low-end smart home devices. OS support includes Zephyr, Mbed OS, FreeRTOS, and POSIX-compliant platforms like Linux. Early partners include Arm, Cypress, Nordic, Espressif, Microchip, and NXP.

The open source release presents an alternative strategy to Google’s proprietary, higher-end Android Things IoT platform. Google recently announced that Android Things would be limited to OEM partners developing smart speakers and displays with Google Assistant.

Linux Foundation launches ELISA safety-critical project

The Linux Foundation, which this week welcomed 34 new members including HP, also announced a project called Enabling Linux in Safety Applications (ELISA) to develop open source tools and processes that help companies build and certify Linux-based safety-critical applications and systems. Targeted applications include robotics, medical, smart factories, transportation, and autonomous cars.

ELISA is building on work done by the SIL2LinuxMP project from the Open Source Automation Development Lab (OSADL), as well as the Linux Foundation’s Real-Time Linux project. Founding ELISA members include Arm, BMW Car IT GmbH, Linutronix, and Toyota, which is a leading member of the LF’s Automotive Grade Linux project. The roster also includes new LF member and robotics manufacturer KUKA.

ELISA project goals include working with certification authorities and standardization bodies “to establish how Linux can be used as a component in safety-critical systems.” The project will develop safety-related reference documentation and use cases, educate and collaborate with the open source community, provide members with incident and hazard monitoring of critical components, and encourage best practices.

CIP releases first SLTS kernel

ELISA is related to the LF’s Civil Infrastructure Platform (CIP) project, which this week announced the release of its promised Super Long Term Support (SLTS) Linux Kernel with 64-bit Arm support. The key enhancement of the SLTS kernel is its unprecedented 10-year plus support. The kernel is also designed for the higher safety, security, and reliability requirements of large infrastructure and industrial applications.

The CIP project also announced two new working groups. The first is a Software Update Working Group led by Toshiba. The second is a Security Working Group led by Renesas, whose new RZ-G2 SoCs are the first to support the SLTS.

Mentor Embedded Linux goes binary

Like Wind River Linux and MontaVista, Mentor Graphics’ Mentor Embedded Linux (MEL) has been one of the leading commercial embedded Linux distros. It is also similarly based on Yocto Project code. Now, almost two years after Siemens acquired Mentor, Siemens PLM Software has announced a new version of MEL that ditches the Yocto foundation for Debian. The distro, which melds MEL with an inhouse Debian stack designed for Siemens automation equipment, is available as an “enterprise-class” binary.

Because it can load as a simple binary, the new Siemens enterprise version of MEL is easier to install and use than the Yocto-based version, claims Siemens. (The Yocto version will continue to be available.)

Siemens partner Xilinx is also sold on the binary approach: “By combining the capabilities of an embedded Linux distribution with those from the Debian binary desktop Linux distribution, today’s developers — many of whom have honed their skills in the Linux desktop development — can easily extend those same skills into fully featured embedded systems,” stated Simon George, director of system software and SoC Solution Marketing, Xilinx.

The new Linux solution provides a stable kernel, a robust toolchain, broad community support, secure field updates, and application isolation, says Siemens. It offers up-to-date cloud support and familiar MEL features such as Sourcery Analyzer tools. Improved multi-core support enables heterogeneous systems that also run Mentor’s Nucleus RTOS.

AMD and Advantech collaborate on ML-focused MEL version

In other MEL news, AMD, Advantech, and Mentor announced a customized version of MEL that runs on Advantech’s SOM-5871 compute module based on AMD’s Ryzen Embedded V1000 SoC. The solution will “make it easier for customers to implement machine vision applications within their IoT or edge compute ecosystem, helping to improve efficiency and accuracy of machine vision solutions,” says AMD. The chipmaker hints that the platform will align with the LF’s EdgeX Foundry project for edge computing.

Wind River goes cross-platform with Helix Platform

Wind River, which is no longer owned by Intel, has unveiled a Wind River Helix Virtualization Platform, an umbrella framework that integrates both Wind River Linux and the company’s VxWorks RTOS. The Helix Platform provides an integrated edge compute platform for applications ranging from industrial infrastructure to autonomous driving.

Helix Platform uses Wind River Hypervisor to enable time and space partitioning that leverages RTOS and virtualization technology, safety functionality, and COTS certification. Linux, VxWorks, and even third-party OSes such as Windows and Android can coexist together on multi-processor and multi-core systems, all orchestrated by the common Helix Cloud platform.

MontaVista unveils CGX 2.6

Finally, MontaVista has announced version 2.6 of its MontaVista Carrier Grade eXpress (CGX), the 12th generation of its Carrier Grade Linux certified distribution. Like Wind River Linux and the original MEL, CGX is a commercial embedded distro based on Yocto Project code and aimed at industrial and networking customers.

Due for release in mid-2019 with BSPs for x86 and ARMv8, MontaVista CGX 2.6 is based on Yocto 2.6, Linux kernel 4.19, and GCC 8.2 toolchain. Highlights include improved security features such as OpenSSL FIPS, OPTEE/Trustzone, Secure Boot, and SWUpdate.

CGX 2.6 provides protocol support for BLE, 4G/LTE, Zigbee, LoRA, CANbus, Modbus, and Profibus. Cloud support has been updated with APIs for the latest Amazon AWS IoT, Microsoft Azure IoT, Google Cloud IoT, and ARM mBed Client. Naturally, Kubernetes is also supported.

MontaVista was instrumental in the early development of embedded Linux, was owned by networking chip maker Cavium for several years before being spun back out as an independent company when Marvell acquired Cavium. Like its old rival Wind River, MontaVista is once again unhitched and ready for action.

Cybersecurity is about people. The frontline defenders who stand between the promise of digital transformation and the daily reality of cyber-attacks need our help. At Microsoft, we’ve made it our mission to empower every person and organization on the planet to achieve more. Today that mission is focused on defenders. We are unveiling two new cloud-based technologies in Microsoft Azure Sentinel and Microsoft Threat Experts that empower security operations teams by reducing the noise, false alarms, time consuming tasks and complexity that are weighing them down. Let me start by sharing some insight into the modern defender experience.

Every day Microsoft security professionals help organizations respond to threats at scale and through targeted incident response. In one recent example from the latest Security Intelligence Report, Microsoft experts were called in to help several financial services organizations deal with attacks launched by a state-sponsored group that had gained administrative access and executed fraudulent transactions, transferring large sums of cash into foreign bank accounts. When the attack group realized they had been detected, they rapidly deployed destructive malware that crippled the customers’ operations for several days. Microsoft experts were on site within hours, working around the clock with the customers’ security teams to restore normal business operations.

Incidents like this are a reminder that many defenders are overwhelmed by threats and alerts – often spending their days chasing down false alarms instead of investigating and solving complex cases. Compounding the problem is a critical shortage of skilled cyber defenders, with an estimated shortfall of 3.5 million security professionals by 2021. With today’s announcements we are unlocking the power of the cloud and AI for security to do what they do best—reason over vast amounts of security signal, spot anomalies and bring global scale to highly trained security professionals.

Too many enterprises still rely on traditional Security Information and Event Management (SIEM) tools that are unable to keep pace with the needs of defenders, volume of data or the agility of adversaries. The cloud enables a new class of intelligent security technologies that reduce complexity and integrate with the platforms and productivity tools you depend on. Today we are pleased to announce Microsoft Azure Sentinel, the first native SIEM within a major cloud platform. Azure Sentinel enables you to protect your entire organization by letting you see and stop threats before they cause harm. With AI on your side it helps reduce noise drastically—we have seen an overall reduction of up to 90 percent in alert fatigue with early adopters. Because it’s built on Azure you can take advantage of nearly limitless cloud speed and scale and invest your time in security and not servers. In just a few clicks you can bring in your Microsoft Office 365 data for free and combine it with your other security data for analysis.

Azure Sentinel is the product of Microsoft’s close partnership with customers on their journey to digital transformation. We worked hand in hand with dozens of customers and partners to rearchitect a modern security tool built from the ground up to help defenders do what they do best – solve complex security problems. Early adopters are finding that Azure Sentinel reduces threat hunting from hours to seconds.

Corey McGarry, Senior Technical Specialist, Enterprise Operations, Tolko Industries, Ltd., told me, “After using Microsoft Azure Sentinel for six months, it has become a go-to resource every morning. We get a clear visual of what’s happening across our network without having to check all our systems and dashboards individually. I haven’t seen an offering like Microsoft Azure Sentinel from any other company.”

Azure Sentinel supports open standards such as Common Event Format (CEF) and broad partner connections, including Microsoft Intelligent Security Association partners such as Check Point, Cisco, F5, Fortinet, Palo Alto and Symantec, as well as broader ecosystem partners such as ServiceNow. You can even bring your own insights and collaborate with a diverse community of defenders. Azure Sentinel blends the insights of Microsoft experts and AI with the unique insights and skills of your own in-house defenders and machine learning tools to uncover the most sophisticated attacks before they take root. Azure Sentinel helps empower SecOps teams to keep their organizations safe by harnessing the power, simplicity and extensibility of Azure to analyze data from Microsoft 365 and security solutions from other vendors. Azure Sentinel is available in preview today from the Azure portal.

Our approach to security is not only about applying the cloud and AI to your scale challenges, but also making the security operations experts who defend our cloud available to you. Therefore, we are pleased to announce Microsoft Threat Experts, a new service within Windows Defender ATP which provides managed hunting to extend the capability of your security operations center team. Through this service, Microsoft will proactively hunt over your anonymized security data for the most important threats, such as human adversary intrusions, hands-on-keyboard attacks, and advanced attacks like cyberespionage—helping your team prioritize the most important risks and respond quickly. The service also provides world-class expertise on demand. With the new “Ask a Threat Expert” button, your security operations team can submit questions directly in the product console. To join the public preview of Microsoft Threat Experts, apply in the Windows Defender ATP settings.

There are no easy answers or silver bullets for security, however the cloud is unlocking new capabilities. This is why we are putting the cloud and AI to work to extend and empower the defenders whose unique human insights are key to avoiding cyber threats. Azure Sentinel and Microsoft Threat Experts are two new capabilities that join our broad portfolio of security solutions across identity, endpoints, data, cloud applications and infrastructure. We look forward to showcasing Azure Sentinel and Microsoft Threat Experts at the RSA Conference next week and encourage you to stop by the Microsoft booth on the main show floor or any of our compelling sessions to learn more.

Tags: cybersecurity, Microsoft Azure Sentinel, Microsoft Threat Experts, Security