A Pakistani Internet user surfs the YouTube Web site at a local Internet cafe in Islamabad, Pakistan. Pic: AP.

Bangladesh and Pakistan are the most vulnerable to cyberattacks in Asia

MICROSOFT’S most recent Security Intelligence Report (SIR) shows Bangladesh and Pakistan to be most at risk of malicious software attacks.

The bi-annual global report from the first quarter of 2017 reveals the most vulnerable nations prone to cyberattacks. The in-depth study gives insights into the global threat landscape, with individuals sometimes finding themselves having to pay huge amounts to cybercriminals just to access their own devices.

The other at-risk countries ranking behind Bangladesh and Pakistan are Cambodia and Indonesia. An approximate one in four computers running Microsoft real-time security products in these countries reported a malware encounter in Q1 2017.

“Malicious software is evolving rapidly, fuelled by the growing market for exploits being sold in the dark web,” said Nithin Thomas, CEO of cyber security technology company, SQR Systems, told Tech Wire Asia.

Dr Dzahar Mansor, National Technology Officer, Microsoft Malaysia, discusses the findings of Microsoft Security Intelligence Report (SIR) in Kuala Lumpur on Oct 23. Source: Microsoft

“The fragmented nature of networks being used in the Internet of Things, presents an even greater challenge due to the difficulty in tracking the potential risks to the networks.”

Japan sees the least amount of cyberattacks in the region, reporting only 2 percent of computers as having malicious program incidents.

Findings revealed an approximate average of 12.9 percent of computers (running Microsoft real-time security products) in Malaysia reporting a malware encounter in the first quarter of 2017. This put Malaysia’s rate of cyberattacks higher than the global average of just 9 percent.

However, the report boasted positive data, showing that Malaysia’s malware occurrences, compared to Q1 2016, had decreased by 16.7 percent

Cloud threat intelligence

The various types of malicious software make it almost impossible for cybersecurity to be 100 percent effective all the time.

Cloud-based computing, for example, is a key resource used by many organizations. Whilst it’s a central and mostly safe data hub, it is of course still at risk of attack. However, the majority of companies that face cloud-based cyber-attacks, simply need to strengthen password management to ensure targeted phishing attacks and breaches of third-party services are avoided.

Ransomware attacks

Ransomware is as mean as it sounds.  It exercises its malice by holding victims to ransom until they pay a fee for their devices to be usable again. Ransomware often makes the headlines, and earlier this year the WannaCry and NotPetya viruses infected systems which were running outdated Windows operating systems. The malware rendered thousands of devices unusable and had detrimental effects on enterprise.

Malware includes worms, Trojan horses, rootkits, and spyware, which all cause users to suffer intellectual property loss, with devastating effects.

“Most Asian countries have not focused on cyber security in large part because hackers did not target them the way they targeted the US,” E.J Hilbert, ex FBI cyber and counterterror agent, and VP at GDBA, told Tech Wire Asia.

“Hacking for profit targeted large consumer opportunities, that’s why the US was the initial target now Asia represents that market.”

Impact of cyber-attacks on enterprise

Targeted cyberattacks impact enterprise and almost always have a detrimental knock-on effect to the customer too.

Dato’ Dr. Haji Amirudin Bin Abdul Wahab, CEO, CyberSecurity Malaysia discussing the cyber threat landscape at launch of Microsoft Security Intelligence Report (SIR) in Kuala Lumpur, Oct 23: Source Microsoft

“Our personal data increasingly has tangible value, and this means that we are all vulnerable to the threat from malware,” said Thomas.

“Enterprises that have a large amount of legacy IT infrastructure and handle significant amounts of data are particularly vulnerable due to the difficulty in effectively protecting the legacy systems.”

Twice this year, StarHub, a Singaporean telecommunications provider, has been hit by distributed denial of service (DDoS) attacks, causing its servers to crash and leave customers stranded.

“These two recent attacks that we experienced were unprecedented in scale, nature and complexity,” the company said in a statement.

Attacks like these cause a loss financially but also in reputation and customer loyalty for the business. For the customer, the stolen information stolen by malware could lead to identity theft, blackmail, and financial loss.

Projections for the future of Asia’s cyber safety don’t appear to be gleaming. Jeffrey Kok, director of presales at CyberArk explained in a post that even though companies are working to use artificial intelligence (AI) to combat cyber-attacks, online security breaches of 2016 and Q1 2017 show that new technologies might not work entirely in an enterprises favour.

wannacry ransomeware screenshot

A screenshot shows a WannaCry ransomware demand, provided by cyber security firm Symantec. Pic: Reuters

“We can expect cyberattackers to take advantage of AI in a similar way as businesses,” said Kok.

“Much like 2016 saw the first massive IoT-driven botnet unleashed on the Internet, 2017 will be characterized by the first AI-driven cyberattack.”

Is it preventable?

In the same way that enterprise works to increase revenue and become leaders in the market, cyberattackers do the same.

However, there are preventative measures employed by operating system and app developers like Microsoft, to keep your information safe.

It is essential to always practice caution when you are connected to a public Internet network. Just like the man pretending to read a newspaper in the corner while sneakily eavesdropping on your conversation, hackers can access your online data easily if your passwords aren’t protected and communications aren’t encrypted.

Another way to keep up your cyber-hygiene and avoid ransomware attacks is by always updating operating systems and other software programs. This reduces risk of vulnerability.

Organisations have to take a holistic approach to cybersecurity. “Investing in good technology is a good start but does not provide the full solution,” Thomas said.

“Protection measures have to be deployed across the entire network along with training user behavior to follow best practices”.