14 June 2016

Microsoft Malware Infection Index 2016 shows emerging Asia at risk from malware

The Asia Pacific heat map shows which countries are most affected by malware (darker colours), and which are least affected (lighter colours).
The Asia Pacific heat map shows which countries are most affected by malware (darker colours), and which are least affected (lighter colours).

Microsoft has launched its Malware Infection Index 2016* (MII2016), which has found that the top three most-encountered malware are the Gamarue computer worm, and trojans Skeeyah and Peals.

Gamarue can give a hacker control of the victim's PC while trojans can steal personal information, download more malware or give hackers access to a PC. It is commonly distributed via exploit kits and social engineering - spam email for example, and has been observed to steal information from the local computer, then communicate with servers managed by attackers. According to the MII2016 Gamarue is prevalent in ASEAN and was the third-most commonly-encountered malware family worldwide in 2H15. Indonesia reported Gamarue encounter rates of over 20% in Q415, close to the global encounter rates for all threat families combined for the quarter. In Mongolia, 35 out of every 1,000 computers running the Microsoft Malicious Software Removal Tool were infected with Gamarue in 2H15.

Trojan encounters grew 57% from Q215 to Q315, particularly due to Peals and Skeeyah. Both have been observed to download and install other malware, use the victim's computer for click fraud, steal information on the PC and give access to the device to hackers. Peals in particular corrupts important system files and causes applications to malfunction.

Keshav Dhakad, Regional Director, Intellectual Property & Digital Crimes Unit, Microsoft Asia disclosed that IP addresses are now being hard-coded into malware, so that rather than hit any destination, they are more like a laser-guided missile that "will only hit a particular target until it gets through".

Further, the Index has found that four of the top five locations worldwide most at risk of infection are from the Asia Pacific region: Pakistan, Indonesia, Bangladesh, and Nepal, ranked first, second, fourth and fifth respectively in terms of the number of computers encountering malware. There is even a dedicated group of cyber criminals, dubbed PLATINUM by the Microsoft Windows Defender Advanced Threat Hunting team, which has been targeting government agencies, defense institutes, intelligence agencies and telcos in South and Southeast Asia since 2009.

The MII2016 reports that the top 20 Asia Pacific markets under malware threats are:

Sri Lanka
Mainland China
Hong Kong
New Zealand

Each of the top five countries had close to 40% or more computers which encounter malware compared to the worldwide average of 20.8% as of Q415. This number is up from 17.6% in Q115.

Dhakad said, "The rising sophistication and targeted cyberattacks are causing devastating disruption and losses of data and information across all computer and Internet user segments. In fact it generally takes on average up to 200 days for organisations to find out that they have been victims of cyberattacks.

"We are noticing four key common IT environment issues. Firstly, the usage of IT assets which are old, unprotected or are non-genuine in nature. Secondly, unmanaged and unregulated IT assets usage, procurement and maintenance. Thirdly, poor cyberhygiene of users and negligent employee behaviour inside companies. Fourthly, the inability of the companies to timely monitor, detect and remove modern cyber threats, among others, are some of the common clauses for cybercrime risks."

Dhakad advised enterprises to:

Go for strong fundamentals - use only genuine, current and updated software.

Have a robust cyber defense ecosystem, not just free tools.

Focus on cyberhygiene so employees are aware of safer Internet practices and internal IT policies. "A lot of times cyberhygiene alone can cripple," he warned. "It is everyone's responsibility."

Assess, review and audit often, not annually. Include suppliers, vendors and customers as well.

A data culture is imperative. Everything requires different levels of protection - know what data is important, who is accessing the data. Encryption and multifactor authentication are a must.

Opt for the cloud as a next-generation cybersecurity and data protection.

Hashtags: #CyberTrustAPAC, #Trustintech

*The findings are based on data from the Microsoft Malware Protection Center (MMPC) and the Microsoft Security Intelligence Report (SIRv20).