How threat intelligence became key to Microsoft’s computer security

/in


Probably anyone who has ever used Microsoft software, which is pretty much everyone, is familiar with the message. After one of the tech giant’s software programs crashes, for example Office or Windows, the system asks you to send a report about the fault back to the company. For years, these reports helped Microsoft fix thousands of software bugs, but only in 2007 did the company realize that the billion reports received every month also have great value in the field of security. The first to recognize this was John Lambert.

It all began when a customer reported a cyberattack. After Microsoft investigated the matter, they found that it was zero-day attack, the most sophisticated type of attack, which exploits an unknown defect in the software to penetrate inside.

Obsession for analyzing crash reports

At the same time Lambert, a cybersecurity expert, and other engineers at Microsoft, began identifying a pattern of attacks on other computers. All the crashes were connected to the same type of attack and Lambert understood that there was something concealed here that could help detect cyberattacks at an early stage. In the following months he became obsessed with analyzing crash reports.

“The thing about zero-day attacks is that the attackers cannot try them before using them, and they don’t always work,” Lambert tells “Globes.” “It is possible that the weakness was in the French version of Windows and the attacker tried to attack the English version, or they expected a user to open a document in a 32-bit version of Office and in fact he used the 64-bit version. These things sometimes cause the operating system to crash, and through these crashes it is possible to detect disguised attacks.”

Lambert’s obsession with analyzing crash reports paid off a year later, in 2008, when he used them to uncover one of the most serious vulnerabilities ever in Windows. Taking advantage of the weakness revealed by Lambert, it was possible for hackers to see all the files the user had on the computer, take a picture of the screen and basically do whatever they wanted on any computer running Windows. The weakness was so serious that Microsoft decided to break from the routine of releasing…

Source…