SINGAPORE, 6 February 2017 – Findings from the Microsoft Security Intelligence Report (SIR), Volume 21, showed that one in five computers in Singapore running Microsoft real-time security products reported a malware encounter in the second quarter of 2016. The Microsoft SIR is a twice-yearly report that provides unique insights into the threat landscape to help organisations learn about trend data in industry vulnerabilities, exploits, malware and web-based attacks. The latest report also identified Asia Pacific markets, especially the emerging ones, as among those at the highest risk of cybersecurity threats with three out of the top five global spots for rate of malware encounters in the region.
- Trojans, the most common type of malware that relies on the user to run them on your PC by mistake, or to visit a malicious webpage.
- Worms, a type of malware that spreads by copying themselves to other PCs through a PC network by exploiting security vulnerabilities.
- Downloaders and Droppers, a type of malware that installs other malicious files, including malware, onto your PC. It can download the files from a remote PC or install them directly from a copy that is included in its file.
- Dynamer, a trojan which can steal personal information, download more malware or give hackers access to computers.
- Spursint, a trojan which can steal personal information, download more malware or give hackers access to computers.
- Xadupi, a trojan that is often installed by Sasquor or Suptab under the name “WinZipper”, “QkSee” or both, posing as a useful application but silently downloads and installs other malware.
- Pivot back attacks, which occurs when an attacker compromises a public cloud resource to obtain information that they then use to attack the resource provider’s on-premises environment
- “Man in the Cloud” attacks, in which an attacker induces a prospective victim to install a piece of malware using a typical mechanism, such as an email with a link to a malicious website. It then switches out the user’s cloud storage synchronisation token with the attacker’s token, allowing the attacker to receive copies of each file the user places in cloud storage. This effectively makes the attacker a “man in the middle” for cloud storage.
- Side-channel attacks, where an attacker attempts to put a virtual machine on the same physical server as the intended victim. If he succeeds, the attacker will be able to launch local attacks against the victim. These attacks might include local DDoS, network sniffing, and man-in-the-middle attacks, all of which can be used to extract information.
- Resource ransom, where attackers hold cloud resource hostage by breaking into and controlling public cloud account, and then requiring the victim to pay a ransom to release encrypted or restricted resources.
- Ensure strong fundamentals: Use only genuine, current and updated software. The usage of IT assets which are old, unprotected, or are non-genuine in nature, substantially increase the chances for a cyberattack. For example, pirated and counterfeit software are known to come with embedded malware infections.
- Focus on cyber hygiene: Poor cyber hygiene of IT users, negligent employee behaviour or weak credentials/password protection within an organisation, adds a high degree of vulnerability for system compromise. With more and more personal devices being used at the workplace, the higher the chance they are infected.
- Have a data culture: Develop a big data analytics culture involving data classification, multifactor authentication, encryption, rights management, machine learning for behavioural analytics and log analytics to spot user anomalies and irregular or suspicious patterns, which could provide potential clues in advance to prevent impending or ongoing security breaches.
- Invest in a robust cyber defence ecosystem and monitor all systems in real time: Invest in trusted security solutions and modern threat protection technologies to monitor, detect and remove common and advanced cyber threats in real time, while developing in-house expertise to undertake threat analytics.
- Regular assessment, review and audit: Be comprehensive on all aspects of cybersecurity, not just technology. Have a IT trusted supply chain across cloud, software, hardware, Internet of Things, BYOD (bring your own device) and regularly review and assess cybersecurity investments and performance of both software and hardware deployment, including customer and vendor access to the corporate network.