 |
| Source: Malwarebytes. Business and consumer detections for 2017 and 2018. |
In January, Malwarebytes released its annual State of Malware Report, which analyses top malware threats from January through November 2018 and compares them with the same period in 2017. In Asia Pacific (APAC), the report identified a sharp increase in business-based malware detections, including massive increases in backdoors, cryptocurrency miners, and the use of exploits against endpoints. Highlights included:
Malware detections increased more than 270%
Malware
authors pivoted in 2H18 to target organisations over consumers,
recognising that businesses provided a bigger payoff. Overall business
detections of malware rose significantly over the last
year—270%—primarily due to the increase in backdoors (5,137%),
cryptocurrency miners (1,184%), and the use of exploits against their
endpoints (3,690%), suggesting a greater need to patch and secure
endpoints.
Indonesia, Malaysia, Thailand, Australia and the Philippines all finished in the top 10 countries with most business detections globally
Five countries in the Asia Pacific region made the top 10 for the most business threat detections per country in 2018, by volume. This included Indonesia, Malaysia, Thailand, Australia and the Philippines, which ranked second, fifth, sixth, seventh and 10th on the global rankings respectively.
Indonesia, Malaysia and Thailand have been fending off an influx of backdoor malware in their business networks. In Australia, the main threat was adware and cryptomining, a big reason to be concerned as many miners and adware families drop additional malware, modify system settings, slow down or use up computing power, or otherwise disrupt operations.
Cryptominers were the all-stars of the year
In APAC Malwarebytes saw a wave of cryptominers forcing their way onto corporate networks. While cryptomining detections increased only by 7% globally, in Asia Pacific that increase was 1,184% year over year. The company said attacks were seen from desktop to mobile; on Mac, Windows, and Android operating systems; and there were both software- and browser-based attacks.
WannaCry infections are still spreading in Asia Pacific
In our region, the biggest ransomware threat is WannaCry. Infections are still spreading to unpatched endpoints and moving across networks. Overall, while ransomware is not the wide-ranging threat it was in 2017, more sophisticated attacks were aimed at businesses, specially across education, manufacturing and government verticals.
In Singapore specifically, cybercriminals were increasingly taking aim at businesses, with a 180% increase in malware detections among Singapore businesses in 2018. The returns can be lucrative when a single national identity number (NRIC) can be worth up to US$25, Malwarebytes said.
Android users were also a popular target for hackers in Singapore. The 2019 State of Malware report revealed an increase of 738% in Android ransomware detections, and 151% increase in Android backdoor year over year. Both threats sneak in mobile devices very easily to steal user’s data, send unwanted text messages to contacts, or even keep an eye on users’ location.
“We
experienced another very active year for malware that shows no signs of
stopping,” said Jeff Hurmuses, Area VP and MD, Asia Pacific,
Malwarebytes at the time.
“Attackers continued to shift their methodologies to follow the payload. We saw evidence of this with the strong focus on attacking businesses with insecure and unpatched networks. From massive data breaches to ransomware attacks, businesses are experiencing what consumers have been dealing with, but on a larger scale. In the coming year, Malwarebytes is dedicated to providing the cutting-edge protection and remediation tools needed for protecting the world against the most dangerous malware now, and well into the future.”
At a media lunch to discuss the state of play for cybersecurity in the Asia Pacific region last week, Hurmuses observed that companies continue to believe that older, signature-based technology will protect them. Even though breaches have gone up by 180% in Singapore over the past year, just 30% of people believe that the trend is serious, he pointed out. Malwarebytes research has also found that despite all efforts, more than 80% of Singapore organisations were hit by at least one cyberthreat in past 12 months.
“Attackers continued to shift their methodologies to follow the payload. We saw evidence of this with the strong focus on attacking businesses with insecure and unpatched networks. From massive data breaches to ransomware attacks, businesses are experiencing what consumers have been dealing with, but on a larger scale. In the coming year, Malwarebytes is dedicated to providing the cutting-edge protection and remediation tools needed for protecting the world against the most dangerous malware now, and well into the future.”
At a media lunch to discuss the state of play for cybersecurity in the Asia Pacific region last week, Hurmuses observed that companies continue to believe that older, signature-based technology will protect them. Even though breaches have gone up by 180% in Singapore over the past year, just 30% of people believe that the trend is serious, he pointed out. Malwarebytes research has also found that despite all efforts, more than 80% of Singapore organisations were hit by at least one cyberthreat in past 12 months.
 |
| Bhargava. |
Bhargava added that there tend to be a lot of backdoors available in the region due to unpatched devices. "Asia Pacific is the biggest culprit in the world for having unpatched systems," he said.
An easily-obtainable exploit kit is all hackers need, he explained. Malware is also getting harder to detect as hackers are changing the code while retaining what it does.
An easily-obtainable exploit kit is all hackers need, he explained. Malware is also getting harder to detect as hackers are changing the code while retaining what it does.
The company has over 60,000 business customers, and sees 8.8 million threats blocked daily. It positions itself as offering multiple
protection layers; comprehensive remediation; as well as advanced detection techniques. "There are a lot of vendors that do one of them
but Malwarebytes does all three and has leading technologies that does them all," said Bhargava.
His predictions are:
The username and password problem will be
solved.
It is simply difficult for people to remember many passwords, and they tend to create ones which can be guessed. While two-factor authentication has helped, it is insufficient, Bhargava said.
"Technology can evolve and make the username-password problem a problem of the past," he said.It is simply difficult for people to remember many passwords, and they tend to create ones which can be guessed. While two-factor authentication has helped, it is insufficient, Bhargava said.
The IoT botnets are coming
"We're going to see more breaches," he said, sharing predictions of how many Internet of Things (IoT) devices there are expected to be in the future.
Information is not safe despite
policies
Privacy policies and laws make it harder to steal data, but that only makes information more valuable in hackers' eyes.
"Attackers will be more persistent and continue to target more information," he predicted. There will be more information-stealer malware in 2019.
Privacy policies and laws make it harder to steal data, but that only makes information more valuable in hackers' eyes.
"Attackers will be more persistent and continue to target more information," he predicted. There will be more information-stealer malware in 2019.
"Eternal" malware will become the norm
Malware exploiting the EternalBlue vulnerability makes use of a very effective exploit kit.
"More attackers will use standard toolkits because they're just so effective," he said.
Sophisticated new attack technologies will appear
State-sponsored malware tools being leaked, while soundloggers could be a potential threat for states, Bhargava said. Soundloggers, also known as keyloggers, can determine what is being typed on a keyboard by analysing the cadence and volume of tapping.
State-sponsored malware tools being leaked, while soundloggers could be a potential threat for states, Bhargava said. Soundloggers, also known as keyloggers, can determine what is being typed on a keyboard by analysing the cadence and volume of tapping.
More artificial intelligence (AI) will be used
Bhargava said, "AI will be used in more sophisticated ways by attackers."
Hackers will use AI to qualify, deploy and maintain malware, he said.
BYOS becomes a thing
More people will participate in a 'bring your own security' trend, because they cannot trust what's provided. "We don't even know where our data is today," Bhargava said. "We don't even know how many agencies have access."
More people will participate in a 'bring your own security' trend, because they cannot trust what's provided. "We don't even know where our data is today," Bhargava said. "We don't even know how many agencies have access."
"Users will take control of their own security. They want rights. They want to know who has access and want controls on it," he added.
Malwarebytes recommends some 'must dos':
- Patch and ensure software and systems are up to date
- Patch and ensure software and systems are up to date
- Utilise security solutions and implement advanced endpoint protection, detection and response
- Educate and train end users on cyber best practices
The best strategy for companies is to invest in processes, technologies, and people. "Use cutting-edge technology, use the right technology that's designed for how the attacks are evolving," Bhargava said. "People don't understand the importance of
cybereducation. It's not even part of the curriculum. Train end users, IT managers and security
professionals."
Bhargava shared that training used to be targeted, such as asking people not to click specific links, or abstaining from specific behaviour. People are now being taught why. "Telling people not to do it doesn't work, he said, describing an experiment where an email was sent asking recipients not to click on the link, resulting in 75% of them doing so out of curiosity.
"Educate them on why you shouldn't do it and the repercussions of doing it," he said.
Bhargava shared that training used to be targeted, such as asking people not to click specific links, or abstaining from specific behaviour. People are now being taught why. "Telling people not to do it doesn't work, he said, describing an experiment where an email was sent asking recipients not to click on the link, resulting in 75% of them doing so out of curiosity.
"Educate them on why you shouldn't do it and the repercussions of doing it," he said.
While Hurmuses said no company can protect anyone 100%, investing in layers of protection is important. He also stressed that companies in APAC are particularly lax on protecting themselves, and need to remedy the situation quickly. "APAC has the highest amount of dwell
time," he said, referring the amount of time an attack has occurred but has not yet been discovered by the company.
"The average in APAC is 197 days. That's way more than anywhere else in the world."
Download the 2019 State of Malware report
No comments:
Post a Comment