Men sit at their computers waiting to load media files into mobile phones for customers in the Abpara market in Islamabad, Pakistan October 20, 2017. Source: Reuters/Caren Firouz
MICROSOFT’S most recent Security Intelligence Report (SIR) shows Bangladesh and Pakistan to be most at risk of malicious software attacks.
The bi-annual global report from the first quarter of 2017 reveals the most vulnerable nations prone to cyberattacks. The in-depth study gives insights into the global threat landscape, with individuals sometimes finding themselves having to pay huge amounts to cybercriminals just to access their own devices.
The other at-risk countries ranking behind Bangladesh and Pakistan are Cambodia and Indonesia. An approximate one in four computers running Microsoft real-time security products in these countries reported a malware encounter in Q1 2017.
A man sits on back of a van with pile of discarded computer screen frames to be recycled, while heading to workshop in Karachi, Pakistan, on Oct 17, 2017. Source: Reuters/Akhtar Soomro
“Malicious software is evolving rapidly, fuelled by the growing market for exploits being sold in the dark web,” cybersecurity technology company SQR Systems CEO Nithin Thomas told Tech Wire Asia.
“The fragmented nature of networks being used in the Internet of Things, presents an even greater challenge due to the difficulty in tracking the potential risks to the networks.”
Japan sees the least amount of cyberattacks in the region, reporting only two percent of computers as having malicious program incidents.
Findings revealed an approximate average of 12.9 percent of computers (running Microsoft real-time security products) in Malaysia reporting a malware encounter in the first quarter of 2017. This put Malaysia’s rate of cyberattacks higher than the global average of just nine percent.
However, the report boasted positive data, showing that Malaysia’s malware occurrences, compared to Q1 2016, had decreased by 16.7 percent.
Cloud threat intelligence
The various types of malicious software make it almost impossible for cybersecurity to be 100 percent effective all the time.
Cloud-based computing, for example, is a key resource used by many organizations. Whilst it’s a central and mostly safe data hub, it is of course still at risk of attack. However, the majority of companies that face cloud-based cyber-attacks, simply need to strengthen password management to ensure targeted phishing attacks and breaches of third-party services are avoided.
Ransomware is as mean as it sounds. It exercises its malice by holding victims to ransom until they pay a fee for their devices to be usable again. Ransomware often makes the headlines, and earlier this year the WannaCry and NotPetya viruses infected systems which were running outdated Windows operating systems. The malware rendered thousands of devices unusable and had detrimental effects on enterprise.
Malware includes worms, Trojan horses, rootkits, and spyware, which all cause users to suffer intellectual property loss, with devastating effects.
“Most Asian countries have not focused on cybersecurity in large part because hackers did not target them the way they targeted the US,” E.J. Hilbert, ex-FBI cyber and counterterror agent, and managing director at Kroll Advisory Solutions’ Cyber Practice told Tech Wire Asia.
“Hacking for profit targeted large consumer opportunities, that’s why the US was the initial target now Asia represents that market.”
A screenshot shows a WannaCry ransomware demand, provided by cyber security firm Symantec. Source: Reuters
Impact of cyberattacks on enterprise
Targeted cyberattacks impact enterprise and almost always have a detrimental knock-on effect to the customer too.
“Our personal data increasingly has tangible value, and this means that we are all vulnerable to the threat from malware,” Thomas said.
“Enterprises that have a large amount of legacy IT infrastructure and handle significant amounts of data are particularly vulnerable due to the difficulty in effectively protecting the legacy systems.”
Twice this year, Singaporean telecommunications provider StarHub has been hit by distributed denial of service (DDoS) attacks, causing its servers to crash and leave customers stranded.
“These two recent attacks that we experienced were unprecedented in scale, nature and complexity,” the company said in a statement.
Attacks like these cause a loss financially but also in reputation and customer loyalty for the business. For the customer, the stolen information stolen by malware could lead to identity theft, blackmail, and financial loss.
Projections for the future of Asia’s cyber safety don’t appear to be gleaming. Jeffrey Kok, director of presales at CyberArk, explained in a post that even though companies are working to use artificial intelligence (AI) to combat cyber-attacks, online security breaches of 2016 and Q1 2017 show that new technologies might not work entirely in an enterprises favour.
“We can expect cyberattackers to take advantage of AI in a similar way as businesses,” said Kok.
“Much like 2016 saw the first massive IoT-driven botnet unleashed on the Internet, 2017 will be characterized by the first AI-driven cyberattack.”
A student works on her computer sitting on a bench at Shaheed Benazir Bhutto Women’s University in Peshawar, Pakistan, on Oct 19, 2017 Source: Reuters/ Fayaz Aziz
Is it preventable?
In the same way that enterprise works to increase revenue and become leaders in the market, cyberattackers do the same.
However, there are preventative measures employed by operating system and app developers like Microsoft, to keep your information safe.
It is essential to always practice caution when you are connected to a public Internet network. Just like the man pretending to read a newspaper in the corner while sneakily eavesdropping on your conversation, hackers can access your online data easily if your passwords aren’t protected and communications aren’t encrypted.
Another way to keep up your cyber-hygiene and avoid ransomware attacks is by always updating operating systems and other software programs. This reduces risk of vulnerability.
Organisations have to take a holistic approach to cybersecurity. “Investing in good technology is a good start but does not provide the full solution,” Thomas said.
“Protection measures have to be deployed across the entire network along with training user behaviour to follow best practices”.
This article originally appeared on our sister website Tech Wire Asia.