SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
APAC the highest risk spot for malware encounters, says Microsoft report
Wed, 1st Feb 2017
FYI, this story is more than a year old

Asia Pacific countries have serious work to do when it comes to protecting themselves against malware – in fact, the region is one of the highest risk areas when it comes to cybersecurity threats.

Those are the figures from a regional biannual report from Microsoft Asia, titled Security Intelligence Report (SIR), Volume 21, which warned that Asia Pacific and emerging areas take out three out of the top five global spots for malware encounters. 

The two main risk points are in Southeast Asia, specifically Vietnam and Indonesia – as they both have malware encounter rates of more than 45%, the report says.  This is double the worldwide average of 21%.

Other countries in the top 10 include Mongolia, Thailand, Pakistan, the Philippines and India, all featuring encounter rates of more than 30%.

Other established regions such as Australia, New Zealand, Singapore and Japan have malware rates that are below the worldwide average, which Microsoft says is reflective of the ‘diverse cybersecurity landscape'.

The most featured malware threats include:

Dynamer: A Trojan that can steal personal information, download malware or provide access for hackers.

Gamarue: A malicious worm that gives hackers control of a PC, allowing them to steal information and change PC security settings. This worm has been the most commonly encountered non-generic threat worldwide, with strong hit rates in India and Indonesia. These countries accounted for 25% of all Gamarue encounters.

Lodbak: A Trojan that is installed on removable drives by Gamarue.  It also installs Gamarue when the drive is plugged into a computer.

Keshav Dhakad, Microsoft Asia's regional director, digital crimes unit, says the increase in malware attacks is now ‘mission critical priority', and can take up to 200 days for attacks to be truly visible.

“With no sign of abatement in the future, what companies need is a Secure Modern Enterprise posture, which involves well-integrated “Protect-Detect-Respond” investments and capabilities, with a strategic focus on the core pillars – Identity, Apps, Data, Infrastructure and  Devices,” Dhakad says.

He says organizations should also consider cloud-based services for enterprise-grade security, privacy, assurances and certifications.

The report analysed threat information for more than one billion systems worldwide, analysing both long term trend data and threat profiles for more than 100 markets and regions.

Microsoft Asia says that there are five best practices for preventing malware infections.

Use genuine, current and updated software. Anything that is not any of these things will increase chances of a cyber attack.

Maintain proper cyber hygiene. Password protection, high credentials and more control over personal devices can lower the risk of infection.

Create a data culture. Big data analytics, classification, multifactor authentication, encryption, machine learning and other tools can provide clues to impending attacks.

Invest in real-time monitoring and a robust cyber defence ecosystem. These can monitor, detect and remove threats in real time, while developing in-house expertise for threat analytics.

Assess, review and audit. These steps involve a trusted IT supply chain across BYOD, cloud, hardware, Internet of Things and software. In addition, reviewing network access, security assessments and deployments can help organizations keep track of cyber protection effectiveness.