Cybercriminals Turn Opportunistic with Cryptocurrency Mining; Continue to Exploit Vulnerabilities; Steal Data and Resources to Disrupt Businesses and Individuals in Asia Pacific

March 21, 2019 - 03:34
Cybercriminals Turn Opportunistic with Cryptocurrency Mining; Continue to Exploit Vulnerabilities; Steal Data and Resources to Disrupt Businesses and Individuals in Asia Pacific

  • Profit-oriented cybercriminals are turning theirattention to stealthier trickssuch as cryptocurrency mining;
  • While ransomwareencounters declined globally, the region was hit by 40 percent more ransomwareattacks as compared to the rest of the world;
  • Poor cyber hygieneand low security awareness led to 22 percent more Drive-by download attacks and37 percent more malware encounters than the global average.

 

SINGAPORE - Media OutReach - 21 March2019 - Even as businessescapitalize on the latest security intelligence and protections to stay ahead inthe evolving cybersecurity landscape, Asia Pacific continues to be an attractive region forcybercriminals. Microsoft today unveiled the Asia Pacific findings from the 24thedition of its Security Intelligence Report (SIR), an annual study aimed to improve cyber resilience in the region.




The SIRv24 comprisesof core insights and key trends derived by sifting through data between Januaryto December 2018 from multiple, diverse sources, including 6.5 trillion threat signalsthat go through the Microsoft cloud every day. The Asia Pacific insights werederived from analyzing data from 15 markets, including Australia, China, HongKong, India, Indonesia, Japan, Malaysia, New Zealand, Philippines, Singapore,South Korea, Sri Lanka, Taiwan, Thailand and Vietnam. The report includes anoverview on the lessons learned from the field and recommended best practices.

 

"Undoubtedly, cybersecurity is one of the mostpressing issues for organizations today. As cyberattacks continue to increasein frequency and sophistication, understanding prevalent cyberthreats and howto limit their impact has become an imperative," said Eric Lam, Director,Cybersecurity Solutions Group, Microsoft Asia. "The SIRv24 aims to keep pacewith the ever evolving cyberthreat landscape by highlighting the techniques andtradecraft of cybercriminals and offering insights to improve cyber resilienceand overall cybersecurity health of an organization."

 

CryptocurrencyMining Malware Becomes Increasingly Prevalent in Asia Pacific

With the rise in value of cryptocurrency, such asBitcoin, cybercriminals seeking illicit profits have turned to malware thatlets them use victims' computers to mine cryptocurrency coins. This approachallows them to leverage the processing power of hundreds of thousands ofcomputers. Even when a minor infection is discovered, the anonymous nature ofcryptocurrency complicates efforts to track down the responsible parties.

 

The SIRv24 found that between January to December2018, the cryptocurrency mining malware encounter rate[1]in Asia Pacific was nearly 1.2 times (17 percent) higher than the globalaverage, and India, Sri Lanka and Indonesia recorded the highest encounter ratein the region. The report also found that the encounter rate increased or decreased with the rise or fallin the value of cryptocurrency.

 

Many factors havecontributed to the increased popularity of mining as a payload for malware.Unlike ransomware, cryptocurrency mining does not require user input: it worksin the background, while the user is performing other tasks or is away from thecomputer, and may not be noticed at all unless it degrades the computer'sperformance sufficiently. As a result, users are less likely to take any actionto remove the threat, and it might continue mining for the benefit of theattacker for an extended period of time.

 

Another driver of the trend is the availability of "off the shelf"products for covert mining of many cryptocurrencies. The barrier to entry islow because of the wide availability of coin mining software, whichcybercriminals repackage as malware to deliver to unsuspecting users' computers.The weaponized miners are then distributed to victims using many of the sametechniques that attackers use to deliver other threats, such as socialengineering, exploits, and drive-by downloads.

 

RansomwareStill a Threat in Asia Pacific Despite a Decline in the Number of Attacks

According to theSIR v24, ransomware encounters have decreased by 73 percent worldwide. However,despite the decline, ransomware is still a viable threat in Asia Pacific as theregion's encounter rate was 40 percent more than the global average. Indonesia,Vietnam and India have the highest ransomware encounter rate in Asia Pacific.

 

One of the key reasons contributing to the fall of ransomware attacks isthe organizations and individuals becoming more aware of and dealing moreintelligently with ransomware threats, including exerting greater caution andbacking up important files so they can be restored if encrypted by ransomware.While organizations and consumers are encountering ransomware at lowervolumes compared to the previous year, it does not mean the severity of attackshas declined. It is still capable ofmaking real-world impact by affecting corporate networks and crippling criticalservices such as hospitals, transportation, and traffic systems.

 

CybercriminalsContinue to Deliver Malicious Code through Drive-by Download Pages

Although drive-by download encountersglobally has decreased by 22 percent, Asia Pacific region experienced approximately22 percent more drive-by download attacks than the rest of the world. The highest concentration ofdrive-by download pages were in Taiwan, Malaysia and Indonesia.

 

A drive-by download is an unintentional download of maliciouscode to an unsuspecting user's computer when they visit a web site. Themalicious code could be used to exploit vulnerabilities in web browsers,browser add-ons, applications, and the operating system. Users can be infectedwith malware simply by visiting a website, even without attempting to downloadanything. More advanced drive-by download campaigns can also install ransomwareor even cryptocurrency mining software on a victim machine.

 

DevelopingMarkets in Asia Pacific Among the Most Vulnerable to Malware

Malware poses risksto organizations and individuals in the form of impaired usability, data loss,intellectual property theft, monetary loss, emotional distress, and can evenput human life at risk. While the global malware encounter rate has decreasedby 34 percent, the malware encounter in Asia Pacific was 37 percent more thanthe global average. Indonesia, Philippines and Vietnam had the highest malwareencounter rates in the region, highlighting the correlation of infection rates withhuman development factors and technology readiness within a society.

 

Poor cybersecurity hygiene and lowuser security awareness can lead to risky IT behaviors, including usingunpatched software and visiting potentially dangerous websites such asfile-sharing sites, which expose devices to malware. Using pirated software canalso be a source of infection.

 

The report also foundthat the Asia Pacific markets with the lowest malware encounter rates areJapan, Australia and New Zealand. These locations tend tohave mature cybersecurity infrastructures and well-established programs for protectingcritical infrastructure and communicating with their citizens about basiccybersecurity best practices.

 

"To strengthen individuals' trust intechnology and prevent cyberattacks from derailing companies' digitaltransformation initiatives, cybersecurity professionals need to devise aholistic strategy that includes prevention and detection and response.Measures such as preventive controls as well as the adoption of cloud andartificial intelligence to augment security operations will play a vital rolein building organizational resilience and facilitating meaningful riskreduction within their organization," Lam concluded.

 

To learn more aboutthe latest cyberthreat trends as well as the best practices that organizationscan adopt, you can download the full report here https://www.microsoft.com/sir.



[1]Encounter rate is the percentage of computers running Microsoft real-timesecurity products that report a malware encounter. Encountering a threat doesnot mean the computer has been infected. Only computers whose users have optedin to provide data to Microsoft are considered when calculating encounter rates.

About Microsoft Security Intelligence Report

The24th edition of the Microsoft Security Intelligence Report(SIR) is a reflection on last year's security events and includes an overviewof the security landscape, lessons learned from the field, and recommended bestpractices.

 

The data analyzed in this report includes the 6.5 trillion threat signals that go throughthe Microsoft cloud every day and the research and real-world experiences fromour thousands of security researchers and responders around the world.


About Microsoft

Microsoft (Nasdaq"MSFT" @microsoft) enables digital transformation for the era of an intelligentcloud and an intelligent edge. Its mission is to empower every person and everyorganization on the planet to achieve more.

E-paper