Asian countries, especially emerging ones, are most exposed to malware, according to the latest edition of Microsoft’s Security Intelligence Report (SIR).
Of the top locations across the globe most at risk of malware infection in the first quarter of 2017, most of them are developing economies in this region, says Microsoft Asia, which released Asia-related data from the report.
The report found that Bangladesh and Pakistan have the highest malware encounter rates around the world, followed by Cambodia and Indonesia. Approximately one in four computers running Microsoft real-time security products in these countries reported a malware encounter from January to March 2017.
Other top areas facing malware threats include Myanmar, Nepal, Thailand, Vietnam, each with an average malware encounter rate of more than 20% in the first quarter of 2017. This is more than double the global average of 9%.
On the other hand, markets with higher levels of IT maturity – Australia, Hong Kong, Japan, New Zealand and Singapore – performed better than the worldwide average. In fact, Japan has been ranked the safest country in the world, with only 2% of its computers reporting a malicious program incident.
Malware encounter rates for markets in Asia in Q1 2017 (from highest to lowest):
11. Sri Lanka
17. Hong Kong
20. New Zealand
Ransomware on the rise
Ransomware is one of the most infamous malware families in 2017. In the first half of this year, two waves of ransomware attacks, WannaCrypt and Petya, exploited vulnerabilities in outdated Windows operating systems worldwide, disabling thousands of devices by illegitimately restricting access to data, through encryption.
The attacks were disproportionately concentrated in Europe while most Asian markets have not been too heavily impacted. Japan and China were listed as the two top countries with the lowest ransomware encounter rates. One of the few exceptions in the region is Korea, which has the second highest ransomware occurrence rate worldwide.
Attackers evaluate several factors when determining which regions to target, such as a country’s GDP, average age of computer users and available payment methods. A region’s language can also be a key contributing factor as a successful attack often depends on an attacker’s ability to personalize a message to convince a user to execute the malicious file.
As cloud migration increases, the cloud has become the central data hub for the majority of organizations. That means more valuable data and digital assets being stored the cloud, making it an increasingly attractive target for cybercriminals.
The SIR highlighted a 300% increase in consumer and enterprise accounts managed in the cloud being attacked globally over the past year, while the number of logins attempted from malicious IP addresses have increased by 44% year-over-year.
A large majority of these security compromises were the result of weak, guessable passwords and poor password management, followed by targeted phishing attacks and breaches of third-party services. As the frequency and sophistication of attacks on user accounts in the cloud accelerates, there is an increased emphasis on the need to move beyond passwords for authentication.
Do’s and don’ts
As the threat landscape continues to evolve and grow, says the report, organizations need to ensure they have a solid cybersecurity architecture and robust cyber hygiene best practices. This will enable them to better protect their digital environment, detect threats and respond to attacks.
Microsoft Asia offers four best practices that individuals and organizations can follow to minimize risk:
- Do not work in public Wi-Fi hotspots where attackers can eavesdrop on digital communications, capture logins and passwords, and access personal data.
- Regularly update the operating system and other software programs to ensure the latest patches are installed.
- Reduce risk of credential compromise by educating users on why they should avoid simple passwords and enforcing multi-factor authentication methods.
- Enforce security policies that control access to sensitive data and limit corporate network access to appropriate users, locations, devices, and operating systems.
“For digitalization to reach its fullest potential, users must first trust the technology they use,” said Keshav Dhakad, assistant general counsel & regional director of Microsoft Asia’s Digital Crimes Unit (DCU). “In today’s digital age, security cannot be an afterthought. It must be “built-in”, all-inclusive and intelligent. By making security a top priority, we can build greater trust in technology and enable digital transformation to reach its fullest potential and fulfil its grandest ambitions.”
The SIR can be downloaded here.