SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Microsoft releases latest edition of Security Endpoints Threats report
Wed, 17th Jun 2020
FYI, this story is more than a year old

Microsoft has released findings from the latest edition of its Security Endpoint Threats report, detailing the key cybersecurity trends for 2019 in the Asia Pacific (APAC) region.

The latest iteration of the report sheds more light on the difference in exposure and response to cyber threats between developed and developing countries in the region, and highlights the most common and effective methods of attack experienced across APAC.

Malware and ransomware thrive in APAC

Especially in developing markets in the Asia Pacific region, malware and ransomware remain significant challenges. Countries like Indonesia, Sri Lanka, India and Vietnam continue to experience an encounter rate for malware and ransomware approximately 1.7 times higher than the rest of the world, according to the report.

This is despite a 23 and 29% overall decline across these two threat vectors when compared to the 2018 findings.

On the other hand, threat encounter rates for malware and ransomware in Japan, New Zealand and Australia were three to six times lower than the regional average.

“Often, high malware encounters correlate with both piracy rates and overall cyber hygiene, that includes regular patching and updating of software. Countries that have higher piracy rates and lower cyber hygiene tend to be more severely impacted by cyber threats,” says Microsoft Asia assistant general counsel for the Digital Crimes Unit Mary Jo Schrade.

“Patching, using legitimate software, and keeping it updated can decrease the likelihood of malware and ransomware infections.

“Cybercriminals do not stand still. We are witnessing attackers pivoting away from conventional methods, and shifting towards customised campaigns, targeted at specific geographies, industries, and businesses.

“By relying on cloud technology and developing a comprehensive cyber resilience strategy, organisations can effectively bolster their cybersecurity strategies.”

Developing countries see rise in cryptocurrency mining 

India, Indonesia and Sri Lanka have recorded the highest cryptocurrency mining attack encounters in Asia last year, according to the report.

These kinds of attacks target victims who attempt to mine currency, infecting their computers with mining malware.

This method of breach remains popular for attackers looking to make quick money, according to Schrade.

“Cybercriminals are usually incentivised by quick financial gains. We believe that the recent fluctuations in the value of cryptocurrency and the increased time required to generate it, has perhaps led to them focusing on other forms of cybercrime,” says Schrade.

Drive-by download attacks level out

These attacks involve downloading malicious code onto an unsuspecting user's computer when they visit a website or fill up a form. The malicious code that is downloaded is then used by an attacker to steal passwords or financial information.

Volume for these attacks in APAC has converged with the rest of the world at 0.08%, following a 27% decline from 2018.

Despite the general decline in drive-by download attacks across the region, the study found that regional business hubs, Singapore and Hong Kong, recorded the highest attack volume in 2019, over 3 times the regional and global average.

“We usually see cybercriminals launch such attacks to steal financial information or intellectual property,” adds Schrade.

“This is a likely reason why regional financial hubs recorded the highest volume of such threats.

“The high attack volume in these markets may not necessarily translate into a high infection rate, perhaps due to their good cyber hygiene practices and use of genuine software.”