- Profit-oriented cybercriminals are turning their
attention to stealthier tricks
such as cryptocurrency mining;
- While ransomware
encounters declined globally, the region was hit by 40 percent more ransomware
attacks as compared to the rest of the world;
- Poor cyber hygiene
and low security awareness led to 22 percent more Drive-by download attacks and
37 percent more malware encounters than the global average.
SINGAPORE - Media OutReach - 21 March
2019 - Even as businesses
capitalize on the latest security intelligence and protections to stay ahead in
the evolving cybersecurity landscape, Asia Pacific continues to be an attractive region for
cybercriminals. Microsoft today unveiled the Asia Pacific findings from the 24th
edition of its Security Intelligence Report (SIR), an annual study aimed to improve cyber resilience in the region.
The SIRv24 comprises
of core insights and key trends derived by sifting through data between January
to December 2018 from multiple, diverse sources, including 6.5 trillion threat signals
that go through the Microsoft cloud every day. The Asia Pacific insights were
derived from analyzing data from 15 markets, including Australia, China, Hong
Kong, India, Indonesia, Japan, Malaysia, New Zealand, Philippines, Singapore,
South Korea, Sri Lanka, Taiwan, Thailand and Vietnam. The report includes an
overview on the lessons learned from the field and recommended best practices.
"Undoubtedly, cybersecurity is one of the most
pressing issues for organizations today. As cyberattacks continue to increase
in frequency and sophistication, understanding prevalent cyberthreats and how
to limit their impact has become an imperative," said Eric Lam, Director,
Cybersecurity Solutions Group, Microsoft Asia. "The SIRv24 aims to keep pace
with the ever evolving cyberthreat landscape by highlighting the techniques and
tradecraft of cybercriminals and offering insights to improve cyber resilience
and overall cybersecurity health of an organization."
Mining Malware Becomes Increasingly Prevalent in Asia Pacific
With the rise in value of cryptocurrency, such as
Bitcoin, cybercriminals seeking illicit profits have turned to malware that
lets them use victims' computers to mine cryptocurrency coins. This approach
allows them to leverage the processing power of hundreds of thousands of
computers. Even when a minor infection is discovered, the anonymous nature of
cryptocurrency complicates efforts to track down the responsible parties.
The SIRv24 found that between January to December
2018, the cryptocurrency mining malware encounter rate
in Asia Pacific was nearly 1.2 times (17 percent) higher than the global
average, and India, Sri Lanka and Indonesia recorded the highest encounter rate
in the region. The report also found that the encounter rate increased or decreased with the rise or fall
in the value of cryptocurrency.
Many factors have
contributed to the increased popularity of mining as a payload for malware.
Unlike ransomware, cryptocurrency mining does not require user input: it works
in the background, while the user is performing other tasks or is away from the
computer, and may not be noticed at all unless it degrades the computer's
performance sufficiently. As a result, users are less likely to take any action
to remove the threat, and it might continue mining for the benefit of the
attacker for an extended period of time.
Another driver of the trend is the availability of "off the shelf"
products for covert mining of many cryptocurrencies. The barrier to entry is
low because of the wide availability of coin mining software, which
cybercriminals repackage as malware to deliver to unsuspecting users' computers.
The weaponized miners are then distributed to victims using many of the same
techniques that attackers use to deliver other threats, such as social
engineering, exploits, and drive-by downloads.
Still a Threat in Asia Pacific Despite a Decline in the Number of Attacks
According to the
SIR v24, ransomware encounters have decreased by 73 percent worldwide. However,
despite the decline, ransomware is still a viable threat in Asia Pacific as the
region's encounter rate was 40 percent more than the global average. Indonesia,
Vietnam and India have the highest ransomware encounter rate in Asia Pacific.
One of the key reasons contributing to the fall of ransomware attacks is
the organizations and individuals becoming more aware of and dealing more
intelligently with ransomware threats, including exerting greater caution and
backing up important files so they can be restored if encrypted by ransomware.
While organizations and consumers are encountering ransomware at lower
volumes compared to the previous year, it does not mean the severity of attacks
has declined. It is still capable of
making real-world impact by affecting corporate networks and crippling critical
services such as hospitals, transportation, and traffic systems.
Continue to Deliver Malicious Code through Drive-by Download Pages
Although drive-by download encounters
globally has decreased by 22 percent, Asia Pacific region experienced approximately
22 percent more drive-by download attacks than the rest of the world. The highest concentration of
drive-by download pages were in Taiwan, Malaysia and Indonesia.
A drive-by download is an unintentional download of malicious
code to an unsuspecting user's computer when they visit a web site. The
malicious code could be used to exploit vulnerabilities in web browsers,
browser add-ons, applications, and the operating system. Users can be infected
with malware simply by visiting a website, even without attempting to download
anything. More advanced drive-by download campaigns can also install ransomware
or even cryptocurrency mining software on a victim machine.
Markets in Asia Pacific Among the Most Vulnerable to Malware
Malware poses risks
to organizations and individuals in the form of impaired usability, data loss,
intellectual property theft, monetary loss, emotional distress, and can even
put human life at risk. While the global malware encounter rate has decreased
by 34 percent, the malware encounter in Asia Pacific was 37 percent more than
the global average. Indonesia, Philippines and Vietnam had the highest malware
encounter rates in the region, highlighting the correlation of infection rates with
human development factors and technology readiness within a society.
Poor cybersecurity hygiene and low
user security awareness can lead to risky IT behaviors, including using
unpatched software and visiting potentially dangerous websites such as
file-sharing sites, which expose devices to malware. Using pirated software can
also be a source of infection.
The report also found
that the Asia Pacific markets with the lowest malware encounter rates are
Japan, Australia and New Zealand. These locations tend to
have mature cybersecurity infrastructures and well-established programs for protecting
critical infrastructure and communicating with their citizens about basic
cybersecurity best practices.
"To strengthen individuals' trust in
technology and prevent cyberattacks from derailing companies' digital
transformation initiatives, cybersecurity professionals need to devise a
holistic strategy that includes prevention and detection and response.
Measures such as preventive controls as well as the adoption of cloud and
artificial intelligence to augment security operations will play a vital role
in building organizational resilience and facilitating meaningful risk
reduction within their organization," Lam concluded.
To learn more about
the latest cyberthreat trends as well as the best practices that organizations
can adopt, you can download the full report here https://www.microsoft.com/sir.
Encounter rate is the percentage of computers running Microsoft real-time
security products that report a malware encounter. Encountering a threat does
not mean the computer has been infected. Only computers whose users have opted
in to provide data to Microsoft are considered when calculating encounter rates.
About Microsoft Security Intelligence Report
24th edition of the Microsoft Security Intelligence Report
(SIR) is a reflection on last year's security events and includes an overview
of the security landscape, lessons learned from the field, and recommended best
The data analyzed in this report includes the 6.5 trillion threat signals that go through
the Microsoft cloud every day and the research and real-world experiences from
our thousands of security researchers and responders around the world.
"MSFT" @microsoft) enables digital transformation for the era of an intelligent
cloud and an intelligent edge. Its mission is to empower every person and every
organization on the planet to achieve more.