cyber threat landscape - etda · 2019-06-21 · top four cyber threats ... ransomware. • still a...

Cyber Threat Landscapein Thailand & APAC

Anup B KumarSr Regional Investigator - AsiaMicrosoft Digital Crimes Unit, Asia

Microsoft Intelligent Security GraphUnique insights, informed by trillions of signals

• Diverse sources: 6.5 trillion threat signals that go

through the Microsoft cloud daily.

• The SEA insights were derived from analyzing

data from the region including Thailand

Key Insights

• Ransomware attacks are on the decline

• Cryptocurrency mining is prevalent

• Software supply chains are at risk

• Phishing remains a preferred attack method

Global Malware Encounter RateMicrosoft Security Intelligence Report (SIR), 2016

Global Malware Encounter Rate**Microsoft Security Intelligence Report (SIR), 2018

**Encounter rate – is the % of computers running Windows Defender Antuvirus that reported encountering malware including infection attempts that Defender blocked.

Top four cyber threats

in Asia Pacific

1. Malware – Encounter rates for the region

Markets with highest encounter rates

1. Myanmar 2. Indonesia 3. Cambodia

Markets with lowest encounter rates

1. Singapore 2. Malaysia 3. Thailand

Malware

• Severe impact: Malware poses risks in the form of impaired usability, data loss, intellectual property theft,

and monetary loss.

• Decline in malware infection: Global malware encounter rate has decreased but malware encounter inAsia Pacific continues to be the highest.

• Developing markets: Poor cybersecurity hygiene and low user security awareness in these marketsleading to higher malware infection.

• Developed markets: Mature and comprehensive cybersecurity infrastructures, practices and educationprograms in these markets have led to lower malware encounter rates

2. Cryptocurrency mining malware

• Profit-driven: With the rise in cryptocurrency value,cybercriminals have turned to malware that lets them useinfected computers to mine cryptocurrency coins.

• Opportunistic: Cryptocurrency mining malware encounterrate corresponds with the rise or fall in the value ofcryptocurrency.

• Low barrier to entry: Cybercriminals are leveraging thewide availability of mining software and repacking theminto malware.

• Stealthy: As these types of malware works in thebackground, victims may not know they are infected unlessit degrades the computer’s performance sufficiently.

Markets with highest encounter rates

1. India 2. Sri Lanka 3. Indonesia

Markets with lowest encounter rates

1. China 2. Japan 3. Australia

17%Higher than the

Global average

Asia Pacific encounter rate

3. Ransomware encounter rates – declines

Ransomware

• Decline in frequency: Ransomware encounters have

decreased by 73% globally.

• Greater awareness: Organizations and individuals have

become more aware of and more intelligent in dealing with

ransomware.

• Still a threat in the region: Asia Pacific encounter rate was

40% more than the global average.

• Severe consequences: Severity of ransomware attacks have

not declined and it is still capable of disrupting

organizations’ operations and crippling critical services.

Markets with highest encounter rates

1. Indonesia 2. Vietnam 3. India

Markets with lowest encounter rates

1. Japan 2. Australia 3. New Zealand

40%Higher than the

Global average

Asia Pacific encounter rate

4. Risks due to software supply chain

Study

Overview:

Testing New

PCs with

Pirated

Software

166 new PCs were bought from 9 markets

across Asia Pacific

India

Indonesia

South Korea

Malaysia

Philippines

Singapore

Taiwan

Thailand

Vietnam

Risks due to software supply chain

More than four in five (84%) of the PCs that were loaded with

pirated software were infected with malware

Market PCs with Pirated

Software

Infected by

malware

Percentage

India 20 17 85%

Indonesia 9 8 89%

Korea 30 26 87%

Malaysia 17 15 88%

Philippines 13 10 77%

Singapore 6 2 33%

Taiwan 11 8 73%

Thailand 21 20 95%

Vietnam 10 9 90%

Asia Pacific (All-up) 137 115 84%

Defense is important

Deterrence is equally important

Day of TakedownInfected devices entering the Microsoft CTIP sinkhole

How DCU works with the LEs

Malware encounter rates – overall decrease

Reasons for overall

decline in 2018

Growth in adoption of

Windows 10, and

increased use of

Windows Defender for

protection

Last 30 Days Cyber Threat Infections - Thailand

Thailand – Top cities by infected IPs**

706577

57502 54714 32273 28992 25034 2327123125 21211 20064 19342 19332 17897 17581 15791

**La

st 3

0 D

ays

Thailand – Count of IPs with type of Malware**

0

50000

100000

150000

200000

250000

300000

350000

400000362554

288029

2585116607

7777 2926 1171 928 452 196 38 26 22

**La

st 3

0 D

ays

Malware Spreader & Privacy Invasion w/webcam control

Botnet Worm

Financial Fraud/Identity Theft

Advertising Click Fraud

Thailand – Top Malware type**

**Based on Microsoft’s DCU Sinkhole Data Last 30 Days

ADVERTISING PRODUCT PRICINGUSER REVIEWS

“As a member of the bot development team, I’m proud to

present you…”

“…system wide injection and hooking engine…”

“…designed to install silently and successfully…”

+ $400 – FULL PACKAGE [All Modules – Best Deal!]

+ $150 – À la carte [No modules, pick and choose what you want]

+ $60 Firefox + IE + POP3 + FTP Login Grabbers [Best Deal]

Dorkbot Customer Review

“…very happy with it… truly Amazing !”

“…extremely stable…tested on about ~10k bots…”

“the bot is using unique , awesome and professional techniques as on

modern malwares…”

“…running stealth on the OS….rootkit to hide file on disk and registry keys…”

[GEOIP SUPPORT]

The new kid on the block....

Top Cybercrime Priority

in 2019

BEC attacks are

constantly evolving

as scammers become

more sophisticated. 150COUNTRIES

$13.3B+EXPOSED

LOSSES

63,000+COMPLAINTS

US FBI REPORT | APRIL 2019

136%Increase in global

exposed losses

Cybersecurity best practices

Cybersecurity best practices - Organizations

1. Prevention: Preventive controls increase the cost of attacks for cybercriminals and prevent cheap,

effective cyberattack techniques.

• Cloud backup: Use cloud storage services to automatically backup important data.

• Access control: Implement network segmentation and exert caution when granting application

permissions.

• Cybersecurity education: Educate employees on safe cyber practices and maintain robust IT

policies.

2. Detection and response: Leverage cloud technology to limit attackers’ access to data and help

security operations better respond to attacks.

Cybersecurity best practices - Individuals

1. Cyber hygiene: Use anti-virus solution and keep software and operating systems updated.

2. Genuine software: Avoid using pirated software and only use software from trusted sources.

3. Password management: Use a strong password for each account and change them regularly.

4. Backup personal files: Backup photos and other important personal data on a trusted cloud storage

platform.

5. Stay vigilant: Activities where personal information will be transmitted should only be done on the

users’ own devices, on a trusted network.

THANK YOU!

https://www.microsoft.com/sir

Microsoft Digital Crimes Unit