Malaysia is bucking the trend across key cyber security metrics in Asia, and not in a positive way.
That's according to findings from Microsoft’s Security Intelligence Report (SIR), drawing on data received between January to December 2018 from multiple sources that included 6.5 trillion threat signals that go through the the vendor's cloud every day.
“Undoubtedly, cyber security is one of the most pressing issues for organisations today,” said Dr Dzahar Mansor, national technology officer of Microsoft Malaysia. “As cyber attacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.
"The SIRv24 aims to keep pace with the ever evolving cyber threat landscape by highlighting the techniques and tradecraft of cyber criminals and offering insights to improve cyber resilience and overall cyber security health of an organisation."
Cryptocurrency mining malware
The first trend that impacting the country is the rise in crypto-currency mining malware, with organisations based in Malaysia reporting an encounter rate that is nearly 33 per cent higher than the global average.
The report also found that the encounter rate increased or decreased with the rise or fall in the value of cryptocurrency.
Furthermore, cyber criminals are increasingly using victims’ computers to mine crypto-currency coins, enabling them to make a profit by harnessing the collective power of hundreds of thousands of computers.
Even when a minor infection is discovered, the anonymous nature of crypto-currency complicates efforts to track down the responsible parties, according to findings.
There are many factors contributing to this trend, including the availability of “off the shelf” products for covert mining of many crypto-currencies as well as the fact that crypto-currency mining does not require user input, working in the background while the user is performing other tasks.
As a result, users are less likely to take any action to remove the threat, and it might continue mining for the benefit of the attacker for an extended period of time.
In addition, the barrier to entry is low because of the wide availability of coin mining software, which cyber criminals repackage as malware to deliver to unsuspecting users’ computers.
The weaponised miners are then distributed to victims using many of the same techniques that attackers use to deliver other threats, such as social engineering, exploits, and drive-by downloads.
Rise of ransomware
While the report found that ransomware encounters globally have decreased by as much as 73 per cent, in Malaysia the encounter rate was found to be 100 per cent more than the global average.
On the whole, ransomware attacks have fallen primarily due to organisations and individuals becoming more aware of and dealing more intelligently with ransomware threats. This may include exerting greater caution and backing up important files so they can be restored if encrypted by ransomware.
Furthermore, while the volume of ransomware attacks may have fallen, the report cautions that this does not mean that the severity of attacks has declined.
It is still capable of making real-world impact by affecting corporate networks and crippling critical services such as hospitals, transportation, and traffic systems.
Drive-by download pages
Globally, drive drive-by download encounters has decreased by 22 per cent, however, in Malaysia, organisations experienced drive-by download attacks by an alarming 544 per cent more than the global average.
Across Asia Pacific, the highest concentration of drive-by download pages were in Malaysia, Indonesia, and Taiwan.
A drive-by download is an unintentional download of malicious code to an unsuspecting user’s computer when they visit a web site as the report defined.
The malicious code could be used to exploit vulnerabilities in web browsers, browser add-ons, applications, and the operating system.
Users can be infected with malware simply by visiting a website, even without attempting to download anything. More advanced drive-by download campaigns can also install ransomware or even cryptocurrency mining software on a victim machine.
“As the digital world progresses, it also continues to make us more vulnerable to more sophisticated cyber threats,” added Dato’ Ts. Dr Haji Amirudin Bin Abdul Wahab, CEO of CyberSecurity Malaysia. “The findings of this study show that we continue to be exposed to threats like ransomware and crypto-currency mining.
"As cyber security specialists, we have been stepping up efforts to spread awareness on the importance of cyber security and creating strong safeguard for our cyber space so that Malaysian businesses and the economy at large can operate seamlessly."