Microsoft recently unveiled Asia Pacific findings from the latest edition of its
Security Endpoint Threat Report 2019 [1], which found that Sri Lanka experienced the highest cryptocurrency mining encounters across the region in the last year. Findings were derived from an analysis of diverse Microsoft data sources, including 8 trillion threat signals received and analyzed by Microsoft every day, covering a 12-month period, from January to December 2019.
“As security defenses evolve and attackers rely on new techniques, Microsoft’s unique access to billions of threat signals every day enables us to gather data and insights to inform our response to cyberattacks,” said Mary Jo Schrade, Assistant General Counsel, Microsoft Digital Crimes Unit, Microsoft Asia. “The Microsoft Security Endpoint Threat report aims to create a better understanding of the evolving threat landscape and help organizations improve their cybersecurity posture by mitigating the effects of increasingly sophisticated attacks.”
According to the report, Asia Pacific continued to experience a higher-than-average encounter rate for malware and ransomware attacks – 1.6 and 1.7 times higher than the rest of the world, respectively. Sri Lanka recorded the 2nd highest malware encounter rate at 9.07 percent in 2019. Despite a 14 percent decrease, this was 1.7 times higher than the regional average.
According to the report, Sri Lanka recorded the highest cryptocurrency mining encounter rate across the region. While a 45 percent decrease was recorded, from 0.46 in 2018 to 0.25 in 2019, this remained 5 times higher than the regional and global average. During such attacks, victims’ computers are infected with cryptocurrency mining malware, allowing criminals to leverage the computing power of their computers without their knowledge.
“While recent fluctuations in cryptocurrency value and the increased time required to generate cryptocurrency have resulted in attackers refocusing their efforts, they continue to exploit markets with low cyber awareness and low adoption of cyber hygiene practices,” explained Hasitha Abeywardena, Country Manager, Microsoft Sri Lanka and Maldives.
Businesses and individuals have a crucial role to play in navigating cyberspace securely and are encouraged to take the following steps:
• Have strong tools to safeguard employees and infrastructure. This means looking into multi-layered defense systems and turning on multi-factor authentication (MFA) as employees work from home. Additionally, enable endpoint protection and protect against shadow IT and unsanctioned app usage with solutions like Microsoft Cloud App Security
• Ensure employee guidelines are communicated clearly to employees. This includes information on how to identify phishing attempts, distinguishing between official communications and suspicious messages that violate company policy, and where these can be reported internally
• Choose a trusted application for audio/video calling and file sharing that ensures end-to-end encryption
Guidance for individuals:
• Update all devices with the latest security updates and use an antivirus or anti-malware service. For Windows 10 devices, Microsoft Defender Antivirus is a free built-in service enabled through settings
• Be alert to links and attachments, especially from unknown senders
• Use multi-factor authentication (MFA) on all accounts. Now, most online services provide a way to use your mobile device or other methods to protect your accounts in this way
• Get educated on how to recognize phishing attempts and report suspected encounters, including watching out for spelling and bad grammar, and suspicious links and attachments from people you do not know
[1] Research covered a total of 15 markets, which include China, India, Indonesia, Malaysia, Philippines, Sri Lanka, Thailand and Vietnam, Taiwan, Singapore, New Zealand, Korea, Japan, Hong Kong, and Australia.