Developing markets in Asia Pacific challenged by ransomware and malware encounters, while developed markets struggle with increased drive-by download attack volumes: Microsoft Security Endpoint Threat Report 2019

• Malware
  and ransomware attack rates in developing markets were 1.6 times higher than
  the regional average
• Key
  financial hubs, Singapore and Hong Kong, struggled with drive-by download attack
  volumes that were three times higher than the regional and global average

SINGAPORE
– Media OutReach –
16 June 2020 – Microsoft
today unveiled Asia Pacific findings from the latest edition of its Security Endpoint
Threat Report 2019,
an annual research aimed at identifying cyber threats and building cyber resilience
across the region.

 

Findings were derived from an analysis of
diverse Microsoft data sources, including 8 trillion threat signals received
and analyzed by Microsoft every day, covering a 12-month period, from January
to December 2019.

 

The
research revealed significant differences in the exposure to cyberthreats
between developed and developing countries^[1], with developing countries continuing to remain vulnerable to
threats despite the overall decrease in encounter rates across the region.

 

“As
security defenses evolve and attackers rely on new techniques, Microsoft’s
unique access to billions of threat signals every day enables us to gather data
and insights to inform our response to cyberattacks,” said Mary Jo Schrade,
Assistant General Counsel, Microsoft Digital Crimes Unit, Microsoft Asia.

 

“The
Microsoft Security Endpoint Threat report aims to create a better understanding
of the evolving threat landscape and help organizations improve their
cybersecurity posture by mitigating the effects of increasingly sophisticated
attacks.”

 

Malware
and ransomware remain key cybersecurity challenges in developing markets

Asia
Pacific continued to experience a higher-than-average encounter rate for
malware and ransomware attacks – 1.6 and 1.7 times higher respectively than the
rest of the world. This is despite a 23 and 29 percent overall decline across
these two threat vectors when compared to the 2018 findings.

 

The
research revealed that developing countries, including Indonesia, Sri Lanka, India,
and Vietnam, were most vulnerable to malware and ransomware threats in 2019.

 

“Often,
high malware encounters correlate with both piracy rates and overall cyber
hygiene, that includes regular patching and updating of software.  Countries that have higher piracy rates and
lower cyber hygiene tend to be more severely impacted by cyberthreats. Patching,
using legitimate software, and keeping it updated can decrease the likelihood
of malware and ransomware infections,” explained Schrade.

 

 

The
research identified that countries with lower piracy rates and stronger cyber
hygiene practices have witnessed a significant decline in attacks. Specifically, malware
and ransomware threat encounter rates in Japan, New Zealand, and Australia, were
three to six times lower than the regional average.

 

Despite
the low threat encounters observed in developed countries, Schrade encouraged all
businesses to remain vigilant. “Cybercriminals do not stand still. We are witnessing
attackers pivoting away from conventional methods, and shifting towards customized
campaigns, targeted at specific geographies, industries, and businesses. By
relying on cloud technology and developing a comprehensive cyber resilience
strategy, organizations can effectively bolster their cybersecurity strategies.”

 

Cryptocurrency
mining on the rise in developing markets

India,
Indonesia, and Sri Lanka recorded the highest cryptocurrency mining encounters in
Asia last year.  During such attacks,
victims’ computers are infected with cryptocurrency mining malware, allowing
criminals to leverage the computing power of their computers without their
knowledge.

 

On
the declining encounter rate recorded in countries such as Hong Kong, Japan and
Singapore, Schrade elaborated, “Cybercriminals are usually incentivized by
quick financial gains. We believe that the recent fluctuations in the value of
cryptocurrency and the increased time required to generate it, has perhaps led
to them focusing on other forms of cybercrime.”

 

 

Drive-by
download attack volume reaches parity with global average but continue to
challenge regional business and financial hubs

The Drive-by
download attack volume^[2] in Asia Pacific has
converged with the rest of the world at 0.08, following a 27 percent decline
from 2018.

 

These
attacks involve downloading malicious code onto an unsuspecting user’s computer
when they visit a website or fill up a form. The malicious code that is
downloaded is then used by an attacker to steal passwords or financial
information.

 

 

Despite
the general decline in drive-by download attacks across the region, the study
found that regional business hubs, Singapore and Hong Kong, recorded the
highest attack volume in 2019, over 3 times the regional and global average.

 

“We
usually see cybercriminals launch such attacks to steal financial information or
intellectual property. This is a likely reason why regional financial hubs
recorded the highest volume of such threats. The high attack volume in these
markets may not necessarily translate into a high infection rate, perhaps due
to their good cyber hygiene practices and use of genuine software,” explained
Schrade.

 

Cybersecurity
in the age of COVID-19

With
the turn of the new year, COVID-19 has changed the landscape and remains the
top-of-mind concern for individuals, organizations, and governments around the
world.

 

Since
the outbreak, Microsoft Intelligence Protection team’s data has shown that every
country in the world has seen at least one COVID-19 themed attack, and the
volume of successful attacks in outbreak-hit countries seems to be increasing,
as fear and the desire for information grows.

 

Of
the millions of targeted phishing messages seen globally each day, roughly
60,000 include COVID-19 related malicious attachments or malicious URLs. Attackers
are impersonating established entities like the World Health Organization
(WHO), Centers for Disease Control and Prevention (CDC), and the Department of
Health to get into inboxes.

 

Schrade
further explained, “According to our data, we found that COVID-19 themed threats are mostly rethreads of existing
attacks that have been slightly altered to tie to the pandemic. This
means that attackers have been pivoting their existing infrastructure, like
ransomware, phishing, and other malware delivery tools, to include COVID-19
keywords, to capitalize on people’s fear. Once users click on these malicious
links, attackers can infiltrate networks, steal information and monetize their
attacks.”

 

Businesses
and individuals have a crucial role to play in navigating cyberspace securely and
are encouraged to take the following steps:

Guidance for businesses:

• Have strong tools to
  safeguard employees and infrastructure. This means looking into multi-layered defense
  systems and turning on multi-factor authentication (MFA) as employees work from
  home. Additionally, enable endpoint protection and protect against shadow IT
  and unsanctioned app usage with solutions like Microsoft Cloud App Security
• Ensure employee
  guidelines are communicated clearly to employees. This includes information on how
  to identify phishing attempts, distinguishing between official communications
  and suspicious messages that violate company policy, and where these can be
  reported internally
• Choose a trusted
  application for audio/video calling and file sharing that ensures end-to-end
  encryption

 

Guidance for individuals:

• Update
  all devices with the latest security updates and use an antivirus or
  anti-malware service. For Windows 10 devices, Microsoft Defender Antivirus is a
  free built-in service enabled through settings
• Be
  alert to links and attachments, especially from unknown senders
• Use
  multi-factor authentication (MFA) on all accounts. Now, most online services
  provide a way to use your mobile device or other methods to protect your
  accounts in this way
• Get
  educated on how to recognize phishing attempts and report suspected encounters,
  including watching out for spelling and bad grammar, and suspicious links and
  attachments from people you do not know

For more information on the findings
published on the Microsoft Security Intelligence website, please visit: https://www.microsoft.com/securityinsights

About Microsoft

Microsoft (Nasdaq “MSFT”
@microsoft) enables digital transformation for the era of an intelligent cloud
and an intelligent edge. Its mission is to empower every person and every
organization on the planet to achieve more.