Cyber Threat Landscapein Thailand & APAC
Anup B KumarSr Regional Investigator - AsiaMicrosoft Digital Crimes Unit, Asia
Microsoft Intelligent Security GraphUnique insights, informed by trillions of signals
• Diverse sources: 6.5 trillion threat signals that go
through the Microsoft cloud daily.
• The SEA insights were derived from analyzing
data from the region including Thailand
Key Insights
• Ransomware attacks are on the decline
• Cryptocurrency mining is prevalent
• Software supply chains are at risk
• Phishing remains a preferred attack method
Global Malware Encounter RateMicrosoft Security Intelligence Report (SIR), 2016
Global Malware Encounter Rate**Microsoft Security Intelligence Report (SIR), 2018
**Encounter rate – is the % of computers running Windows Defender Antuvirus that reported encountering malware including infection attempts that Defender blocked.
Top four cyber threats
in Asia Pacific
1. Malware – Encounter rates for the region
Markets with highest encounter rates
1. Myanmar 2. Indonesia 3. Cambodia
Markets with lowest encounter rates
1. Singapore 2. Malaysia 3. Thailand
Malware
• Severe impact: Malware poses risks in the form of impaired usability, data loss, intellectual property theft,
and monetary loss.
• Decline in malware infection: Global malware encounter rate has decreased but malware encounter inAsia Pacific continues to be the highest.
• Developing markets: Poor cybersecurity hygiene and low user security awareness in these marketsleading to higher malware infection.
• Developed markets: Mature and comprehensive cybersecurity infrastructures, practices and educationprograms in these markets have led to lower malware encounter rates
2. Cryptocurrency mining malware
• Profit-driven: With the rise in cryptocurrency value,cybercriminals have turned to malware that lets them useinfected computers to mine cryptocurrency coins.
• Opportunistic: Cryptocurrency mining malware encounterrate corresponds with the rise or fall in the value ofcryptocurrency.
• Low barrier to entry: Cybercriminals are leveraging thewide availability of mining software and repacking theminto malware.
• Stealthy: As these types of malware works in thebackground, victims may not know they are infected unlessit degrades the computer’s performance sufficiently.
Markets with highest encounter rates
1. India 2. Sri Lanka 3. Indonesia
Markets with lowest encounter rates
1. China 2. Japan 3. Australia
17%Higher than the
Global average
Asia Pacific encounter rate
3. Ransomware encounter rates – declines
Ransomware
• Decline in frequency: Ransomware encounters have
decreased by 73% globally.
• Greater awareness: Organizations and individuals have
become more aware of and more intelligent in dealing with
ransomware.
• Still a threat in the region: Asia Pacific encounter rate was
40% more than the global average.
• Severe consequences: Severity of ransomware attacks have
not declined and it is still capable of disrupting
organizations’ operations and crippling critical services.
Markets with highest encounter rates
1. Indonesia 2. Vietnam 3. India
Markets with lowest encounter rates
1. Japan 2. Australia 3. New Zealand
40%Higher than the
Global average
Asia Pacific encounter rate
4. Risks due to software supply chain
Study
Overview:
Testing New
PCs with
Pirated
Software
166 new PCs were bought from 9 markets
across Asia Pacific
India
Indonesia
South Korea
Malaysia
Philippines
Singapore
Taiwan
Thailand
Vietnam
Risks due to software supply chain
More than four in five (84%) of the PCs that were loaded with
pirated software were infected with malware
Market PCs with Pirated
Software
Infected by
malware
Percentage
India 20 17 85%
Indonesia 9 8 89%
Korea 30 26 87%
Malaysia 17 15 88%
Philippines 13 10 77%
Singapore 6 2 33%
Taiwan 11 8 73%
Thailand 21 20 95%
Vietnam 10 9 90%
Asia Pacific (All-up) 137 115 84%
Defense is important
Deterrence is equally important
Day of TakedownInfected devices entering the Microsoft CTIP sinkhole
How DCU works with the LEs
Malware encounter rates – overall decrease
Reasons for overall
decline in 2018
Growth in adoption of
Windows 10, and
increased use of
Windows Defender for
protection
Last 30 Days Cyber Threat Infections - Thailand
Thailand – Top cities by infected IPs**
706577
57502 54714 32273 28992 25034 2327123125 21211 20064 19342 19332 17897 17581 15791
**La
st 3
0 D
ays
Thailand – Count of IPs with type of Malware**
0
50000
100000
150000
200000
250000
300000
350000
400000362554
288029
2585116607
7777 2926 1171 928 452 196 38 26 22
**La
st 3
0 D
ays
Malware Spreader & Privacy Invasion w/webcam control
Botnet Worm
Financial Fraud/Identity Theft
Advertising Click Fraud
Thailand – Top Malware type**
**Based on Microsoft’s DCU Sinkhole Data Last 30 Days
ADVERTISING PRODUCT PRICINGUSER REVIEWS
“As a member of the bot development team, I’m proud to
present you…”
“…system wide injection and hooking engine…”
“…designed to install silently and successfully…”
+ $400 – FULL PACKAGE [All Modules – Best Deal!]
+ $150 – À la carte [No modules, pick and choose what you want]
+ $60 Firefox + IE + POP3 + FTP Login Grabbers [Best Deal]
Dorkbot Customer Review
“…very happy with it… truly Amazing !”
“…extremely stable…tested on about ~10k bots…”
“the bot is using unique , awesome and professional techniques as on
modern malwares…”
“…running stealth on the OS….rootkit to hide file on disk and registry keys…”
[GEOIP SUPPORT]
The new kid on the block....
Top Cybercrime Priority
in 2019
BEC attacks are
constantly evolving
as scammers become
more sophisticated. 150COUNTRIES
$13.3B+EXPOSED
LOSSES
63,000+COMPLAINTS
US FBI REPORT | APRIL 2019
136%Increase in global
exposed losses
Cybersecurity best practices
Cybersecurity best practices - Organizations
1. Prevention: Preventive controls increase the cost of attacks for cybercriminals and prevent cheap,
effective cyberattack techniques.
• Cloud backup: Use cloud storage services to automatically backup important data.
• Access control: Implement network segmentation and exert caution when granting application
permissions.
• Cybersecurity education: Educate employees on safe cyber practices and maintain robust IT
policies.
2. Detection and response: Leverage cloud technology to limit attackers’ access to data and help
security operations better respond to attacks.
Cybersecurity best practices - Individuals
1. Cyber hygiene: Use anti-virus solution and keep software and operating systems updated.
2. Genuine software: Avoid using pirated software and only use software from trusted sources.
3. Password management: Use a strong password for each account and change them regularly.
4. Backup personal files: Backup photos and other important personal data on a trusted cloud storage
platform.
5. Stay vigilant: Activities where personal information will be transmitted should only be done on the
users’ own devices, on a trusted network.
THANK YOU!
https://www.microsoft.com/sir
Microsoft Digital Crimes Unit