Microsoft: Malware, ransomware, and cryptominer detections are down in 2019

Phishing and DDoS attacks are up, Microsoft security stats reveal.
Written by Catalin Cimpanu, Contributor
microsoft windows security patch tuesday
Image: Geralt on Pixabay

Because Windows Defender ships with all new Windows OS versions, no cyber-security firm can ever dream of having an insight into today's malware scene as Microsoft does.

As the year draws to a close, we've checked with Microsoft's interactive Security Intelligence Report to get an idea of what happened on the malware and security front for Windows users in 2019.

According to data collected by the OS maker, the number of detections for ransomware, cryptominers, and malware -- as a whole -- has gone down this year, compared to the same period over the past year, or even the past two years.

"Some potential reasons for the overall decrease in malware encounter rates in 2018 [and 2019] are the growth in adoption of Windows 10, and increased use of Windows Defender for protection," Microsoft said.

Both Windows 10 and Windows Defender have received important security improvements over the past half-decade, improvements that are making malware campaigns less efficient when targeting modern Windows 10 systems.

According to the chart below, Microsoft says that the number of Windows machines were malware has been spotted has gone down from 6-7% of the total Windows ecosystem in early 2017 to 4.15% in October 2019.


A similar drop was also observed for cryptominers -- malware specialized in mining cryptocurrency without the user's consent or knowledge -- which have been particularly popular among crooks in 2017.

Per Microsoft's data, this trend started dying out in January 2018, when cryptominer detections peaked near 0.3% of all Windows systems, and then slowly fell to a current low of 0.09%, recorded in October 2019.


Ransomware detections also fell in a similar pattern, going down from being detected in January 2018 on 0.11% of all Windows systems to a lowly 0.04% in October 2019.

The drop fits with what's been reported in other places, by multiple security researchers -- that ransomware gangs have abandoned targeting end-users (home users, consumers, regular users) and have shifted toward targeting enterprise networks, where they can ask for larger ransom payments than they'd be able to ask a normal user.

So, while detections are down, this doesn't mean that ransomware is dead. In fact, ransomware has been a plague this year for managed service providers, US schools, US local governments , and, more recently, for the European business scene, causing the same huge financial damage, but impacting fewer users overall.


"Even if there is an intermittent slowdown in malware encounter rates, attackers don't stand still - rather, they continue to evolve their techniques," Microsoft said.

The company points point that while the number of malware detections has gone down over the past two years, malware campaigns haven't stopped completely.

According to Microsoft's Security Intelligence Report, cybercrime gangs have responded by diversifying their modus operandi, moving to activities that do not involve the use of malware -- such as phishing, DDoS attacks, and credentials stuffing.

For example, Microsoft said the percentage of emails detected as phishing attempts grew from under 0.2% in January 2018 to around 0.6% in October 2019, while the size of average TCP-based DDoS attacks increased from 75 Gbps in May to over 200 Gbps by October this year.

Furthermore, while external attackers are constantly hammering at Windows users and Microsoft Azure customers, threats also reside within the company's userbase and customer.

Microsoft said that in 2019, it scanned Microsoft and Azure AD accounts using a list of three billion credentials leaked at third-party services.

It said it found that more than 44 million users were reusing passwords, putting their respective accounts at risk of getting hijacked via a technique known as credential stuffing.

How to perform a clean install of Windows 10: Here's a step-by-step checklist

Editorial standards