Story image

APAC the highest risk spot for malware encounters, says Microsoft report

01 Feb 2017

Asia Pacific countries have serious work to do when it comes to protecting themselves against malware – in fact, the region is one of the highest risk areas when it comes to cybersecurity threats.

Those are the figures from a regional biannual report from Microsoft Asia, titled Security Intelligence Report (SIR), Volume 21, which warned that Asia Pacific and emerging areas take out three out of the top five global spots for malware encounters.  

The two main risk points are in Southeast Asia, specifically Vietnam and Indonesia – as they both have malware encounter rates of more than 45%, the report says.  This is double the worldwide average of 21%.

Other countries in the top 10 include Mongolia, Thailand, Pakistan, the Philippines and India, all featuring encounter rates of more than 30%.

Other established regions such as Australia, New Zealand, Singapore and Japan have malware rates that are below the worldwide average, which Microsoft says is reflective of the ‘diverse cybersecurity landscape’.

The most featured malware threats include:

Dynamer: A Trojan that can steal personal information, download malware or provide access for hackers.

Gamarue: A malicious worm that gives hackers control of a PC, allowing them to steal information and change PC security settings. This worm has been the most commonly encountered non-generic threat worldwide, with strong hit rates in India and Indonesia. These countries accounted for 25% of all Gamarue encounters.

Lodbak: A Trojan that is installed on removable drives by Gamarue.  It also installs Gamarue when the drive is plugged into a computer.

Keshav Dhakad, Microsoft Asia’s regional director, digital crimes unit, says the increase in malware attacks is now ‘mission critical priority’, and can take up to 200 days for attacks to be truly visible.

“With no sign of abatement in the future, what companies need is a Secure Modern Enterprise posture, which involves well-integrated “Protect-Detect-Respond” investments and capabilities, with a strategic focus on the core pillars – Identity, Apps, Data, Infrastructure and  Devices,” Dhakad says.

He says organizations should also consider cloud-based services for enterprise-grade security, privacy, assurances and certifications.

The report analysed threat information for more than one billion systems worldwide, analysing both long term trend data and threat profiles for more than 100 markets and regions.

Microsoft Asia says that there are five best practices for preventing malware infections.

Use genuine, current and updated software. Anything that is not any of these things will increase chances of a cyber attack.

Maintain proper cyber hygiene. Password protection, high credentials and more control over personal devices can lower the risk of infection.

Create a data culture. Big data analytics, classification, multifactor authentication, encryption, machine learning and other tools can provide clues to impending attacks.

Invest in real-time monitoring and a robust cyber defence ecosystem. These can monitor, detect and remove threats in real time, while developing in-house expertise for threat analytics.

Assess, review and audit. These steps involve a trusted IT supply chain across BYOD, cloud, hardware, Internet of Things and software. In addition, reviewing network access, security assessments and deployments can help organizations keep track of cyber protection effectiveness.

Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Security top priority for Filipinos when choosing a bank - Unisys
Filipinos have greatest appetite in Asia Pacific to use biometrics to access banking services
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.