Even as businesses capitalize on the latest security intelligence and protections to stay ahead in the evolving cybersecurity landscape, Malaysia continues to be an attractive region for cybercriminals. Microsoft recently unveiled the Malaysia findings from the 24th edition of its Security Intelligence Report (SIR), an annual study aimed to improve cyber resilience in the region.
The SIRv24 comprises of core insights and key trends derived by sifting through data between January to December 2018 from multiple, diverse sources, including 6.5 trillion threat signals that go through the Microsoft cloud every day. The report includes an overview on the lessons learned from the field and recommended best practices.
“Undoubtedly, cybersecurity is one of the most pressing issues for organizations today. As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative,” said Dr. Dzahar Mansor, National Technology Officer, Microsoft Malaysia. “The SIRv24 aims to keep pace with the ever evolving cyberthreat landscape by highlighting the techniques and tradecraft of cybercriminals and offering insights to improve cyber resilience and overall cybersecurity health of an organization.”
Cryptocurrency Mining Malware Becomes Increasingly Prevalent in Malaysia
With the rise in value of cryptocurrency, such as Bitcoin, cybercriminals seeking illicit profits have turned to malware that lets them use victims’ computers to mine cryptocurrency coins. This approach allows them to leverage the processing power of hundreds of thousands of computers. Even when a minor infection is discovered, the anonymous nature of cryptocurrency complicates efforts to track down the responsible parties.
The SIRv24 found that between January to December 2018, the cryptocurrency mining malware encounter rate in Malaysia was nearly 33 percent higher than the global average. The report also found that the encounter rate increased or decreased with the rise or fall in the value of cryptocurrency.
Many factors have contributed to the increased popularity of mining as a payload for malware. Unlike ransomware, cryptocurrency mining does not require user input: it works in the background, while the user is performing other tasks or is away from the computer and may not be noticed at all unless it degrades the computer’s performance sufficiently. As a result, users are less likely to take any action to remove the threat, and it might continue mining for the benefit of the attacker for an extended period of time.
Another driver of the trend is the availability of “off the shelf” products for covert mining of many cryptocurrencies. The barrier to entry is low because of the wide availability of coin mining software, which cybercriminals repackage as malware to deliver to unsuspecting users’ computers. The weaponized miners are then distributed to victims using many of the same techniques that attackers use to deliver other threats, such as social engineering, exploits, and drive-by downloads.
Ransomware Still a Threat in Malaysia Despite a Decline in the Number of Attacks
According to the SIR v24, ransomware encounters have decreased by 73 percent worldwide. However, despite the decline, ransomware is still a viable threat in Malaysia as the encounter rate was 100 percent more than the global average.
One of the key reasons contributing to the fall of ransomware attacks is the organizations and individuals becoming more aware of and dealing more intelligently with ransomware threats, including exerting greater caution and backing up important files so they can be restored if encrypted by ransomware. While organizations and consumers are encountering ransomware at lower volumes compared to the previous year, it does not mean the severity of attacks has declined. It is still capable of making real-world impact by affecting corporate networks and crippling critical services such as hospitals, transportation, and traffic systems.
Cybercriminals Continue to Deliver Malicious Code through Drive-by Download Pages
Although drive-by download encounters globally has decreased by 22 percent, Malaysia experienced approximately 544 percent more drive-by download attacks than the rest of the world. The highest concentration of drive-by download pages were in Taiwan, Malaysia and Indonesia in the entire Asia Pacific region.
A drive-by download is an unintentional download of malicious code to an unsuspecting user’s computer when they visit a web site. The malicious code could be used to exploit vulnerabilities in web browsers, browser add-ons, applications, and the operating system. Users can be infected with malware simply by visiting a website, even without attempting to download anything. More advanced drive-by download campaigns can also install ransomware or even cryptocurrency mining software on a victim machine.
Developing Markets in Asia Pacific Among the Most Vulnerable to Malware
Malware poses risks to organizations and individuals in the form of impaired usability, data loss, intellectual property theft, monetary loss, emotional distress, and can even put human life at risk. While the global malware encounter rate has decreased by 34 percent, the malware encounter in Asia Pacific was 37 percent more than the global average. Indonesia, Philippines and Vietnam had the highest malware encounter rates in the region, highlighting the correlation of infection rates with human development factors and technology readiness within a society.
Poor cybersecurity hygiene and low user security awareness can lead to risky IT behaviors, including using unpatched software and visiting potentially dangerous websites such as file-sharing sites, which expose devices to malware. Using pirated software can also be a source of infection.
The report also found that the Asia Pacific markets with the lowest malware encounter rates are Japan, Australia and New Zealand. These locations tend to have mature cybersecurity infrastructures and well-established programs for protecting critical infrastructure and communicating with their citizens about basic cybersecurity best practices.
“To strengthen individuals’ trust in technology and prevent cyberattacks from derailing companies’ digital transformation initiatives, cybersecurity professionals need to devise a holistic strategy that includes prevention and detection and response. Measures such as preventive controls as well as the adoption of cloud and artificial intelligence to augment security operations will play a vital role in building organizational resilience and facilitating meaningful risk reduction within their organization,” Lam concluded.
Commenting on the report findings, Dato’ Ts. Dr. Haji Amirudin Bin Abdul Wahab, Chief Executive Officer of CyberSecurity Malaysia – the national cyber security specialist and technical agency said, “As the digital world progresses, it also continues to make us more vulnerable to more sophisticated cyber threats. The findings of this study show that we continue to be exposed to threats like ransomware and cryptocurrency mining. As cyber security specialists, we have been stepping up efforts to spread awareness on the importance of cyber security and creating strong safeguard for our cyberspace so that Malaysian businesses and the economy at large can operate seamlessly.”
To learn more about the latest cyberthreat trends as well as the best practices that organizations can adopt, download the full report here https://www.microsoft.com/sir. As a first step, Microsoft helps diagnose an organization’s cybersecurity position and identify gaps through its cybersecurity health-check assessment in 10-mins.