Microsoft updates APAC malware intelligence

Source: Microsoft website. Graphic for the SIR page.

Findings from the Microsoft Security Intelligence Report (SIR), Volume 21, show that one in five computers in Singapore running Microsoft real-time security products reported a malware encounter in Q216.

The Microsoft SIR is a twice-yearly report that provides unique insights into the threat landscape to help organisations learn about trend data in industry vulnerabilities, exploits, malware and web-based attacks. The latest report also identified Asia Pacific markets, especially the emerging ones, as among those at the highest risk of cybersecurity threats with three out of the top five global spots for rate of malware encounters in the region. Volume 21 covers threat data from 1H16, based on analysis of threat information from over a billion systems worldwide. Also included are longer term trend data and detailed threat profiles for over 100 individual markets and regions.

Singapore, as with markets in Asia Pacific with higher levels of IT maturity such as Australia, Hong Kong, Japan, New Zealand and South Korea, displayed malware encounter rates that are below the worldwide average. In particular, malware encounter rates in Singapore during Q216 stood at 19.4%, almost two percentage points lower than the worldwide average.

When compared with countries such as Vietnam and Indonesia, where the malware encounter rate is more than 45% in Q216, these numbers highlighted the diverse cybersecurity landscape in the region. With a malware encounter rate that is more than double the worldwide average of over 21% during the same period, Vietnam and Indonesia are also among the top five locations across the globe most at risk of infection.

Below are some of the key regional and Singapore findings from the Microsoft SIR, Volume 21:

The top markets in the Asia Pacific under threat from malware are:

Mongolia
Vietnam
Pakistan
Indonesia
Nepal and Bangladesh
Cambodia
Philippines
Thailand
India
Sri Lanka
Malaysia
Taiwan
Mainland China
Singapore
Hong Kong
South Korea
Australia
New Zealand
Japan

The most-encountered malicious software categories in Singapore include:

• Trojans
• Worms
• Downloaders and droppers, a type of malware that installs other malicious files, including malware, onto the PC

The report showed that the top most encountered malicious software families in Singapore include:

• Dynamer, a Trojan which can steal personal information, download more malware or give hackers access to computers.
• Spursint, a Trojan with similar capabilities.
• Xadupi, a Trojan that is often installed by Sasquor or Suptab under the name WinZipper, QkSee or both, posing as a useful application but which silently downloads and installs other malware.

Keshav Dhakad, Regional Director, Digital Crimes Unit (DCU), Microsoft Asia, said, “With increasing malware encounters and sophistication of cyberattacks, cybersecurity is becoming a mission critical priority for most organisations. It generally takes an average up to 200 days for organisations to find out that they have been breached. With no sign of abatement in the future, what companies need is a secure modern enterprise posture, which involves well-integrated 'Protect-Detect-Respond' investments and capabilities, with a strategic focus on the core pillars – identity, apps, data, infrastructure and devices.

"Additionally, organisations should also strongly consider adopting trusted cloud-based services to enjoy the highest levels of data protection, leveraging the cloud provider’s enterprise-grade security and privacy expertise, assurances and certifications.”

Security teams should also keep abreast of changes in the threat landscape brought about by the emergence of cloud computing. The latest report contains an expanded Featured Intelligence section that includes a deep dive section titled Protecting cloud infrastructure: detecting and mitigating threats using Azure Security Center. This section details new threats that organisations may encounter and explains how they can use Azure Security Center to protect, detect, and respond to security threats against Azure cloud-based resources.

Some of the new cloud-targeted threats outlined are:

• Pivot back attacks, which occur when an attacker compromises a public cloud resource to obtain information that they then use to attack the resource provider’s on-premises environment
• 'Man in the cloud' attacks, in which an attacker induces a prospective victim to install a piece of malware using a typical mechanism, such as an email with a link to a malicious website. It then switches out the user’s cloud storage synchronisation token with the attacker’s token, allowing the attacker to receive copies of each file the user places in cloud storage. This effectively makes the attacker a 'man in the middle' for cloud storage.
• Side-channel attacks, where an attacker attempts to put a virtual machine on the same physical server as the intended victim. If he succeeds, the attacker will be able to launch local attacks against the victim. These attacks might include local distributed denial of service (DDoS), network sniffing, and man-in-the-middle attacks, all of which can be used to extract information.
• Resource ransom, where attackers hold cloud resource hostage by breaking into and controlling public cloud account, and then requiring the victim to pay a ransom to release encrypted or restricted resources.

Organisations need to ensure they have a robust cybersecurity posture to withstand and respond effectively to most cyberattacks and malware infections. Five best practices for improving defence against cybersecurity threats are:

1. Use only genuine, current and updated software.
2. Focus on cyber hygiene.
3. Develop a big data analytics culture involving data classification, multifactor authentication, encryption, rights management, machine learning for behavioural analytics and log analytics to spot user anomalies and irregular or suspicious patterns.
4. Invest in trusted security solutions and modern threat protection technologies.
5. Cover all aspects of cybersecurity, not just technology. Have a IT trusted supply chain across cloud, software, hardware, Internet of Things, BYOD (bring your own device) and regularly review and assess cybersecurity investments and performance of both software and hardware deployment, including customer and vendor access to the corporate network.

Interested?

Download the Microsoft SIR, Volume 21 report