By Mary Jo Schrade, Assistant General Counsel & Regional Director, Digital Crimes Unit, Microsoft Asia
Prevention is better than cure – finding a problem early on means it can be addressed quickly.
That’s why we visit a doctor for regular checkups, even when we feel well, and why we see a dentist every six months or so, not just when we get a toothache. Good habits mean good health. It’s true for our bodies and it’s also vital for the security of our data and devices.
Cyber breaches, like physical ailments, can take hold without any obvious symptoms. So, like doctors or dentists, cybersecurity experts advise companies to have regular IT “checkups”. However, a new Microsoft-commissioned report Understanding the Cybersecurity Landscape in Asia Pacific, makes it clear that this message hasn’t reached many businesses in our region.
Analysts at Frost & Sullivan found that, in some Asian countries, many companies do not routinely conduct cybersecurity assessments or reviews to find out whether they have been victims of cyber security breaches. If IT departments are not even checking to see if their systems have been infiltrated, then they are putting their companies at a great disadvantage.
Knowing that your systems have been breached allows you to assess what weaknesses were exploited, fix any known weaknesses and evaluate any resulting damage. But if you aren’t even checking to see if there has been an attack, then your level of vulnerability is more than likely off the charts.
I’m not trying to be alarmist. We at Microsoft are committed to the security of our customers and we leverage our extensive platform to address security threats and to protect our customers. We see many attacks launched every day all over the world. The fact is that cybercriminals have never been more organized, smart, and potent. Collectively, cyberattacks have become a major industry worth trillions of dollars worldwide.
The Frost & Sullivan report puts the potential economic loss due to cybersecurity breaches across organizations in Asia Pacific at a staggering US$1.745 trillion — more than 7% of the region’s total GDP of US$24.33 trillion. With numbers like this, vigilance is key.
In our latest Security Intelligence Report we identify three key themes of what is an ever-evolving threat landscape:
Botnets impact millions of computers globally: Cybercriminals infect computers and use botnets to mine for sensitive data and to make money through threats like ransomware. Late last year, Microsoft disrupted the command-and-control infrastructure of a massive malware operation – the Gamarue botnet. We analyzed more than 4,000 malware samples and found that Gamarue distributed over 80 different malware families. The top three of these were ransomware, trojans, and backdoors. The disruption of this one botnet resulted in a 30% drop in infected devices in just a three-month period.
Ransomware remains a force to be reckoned with: Money is ultimately what drives cybercriminals. So, extorting cryptocurrency and other payments by threatening potential victims with the loss of their data remains an attractive strategy. In 2017, three global ransomware outbreaks—WannaCrypt, Petya/NotPetya, and BadRabbit—affected corporate networks and impacted hospitals, transportation, and traffic systems. We found that Asia was the region with the greatest number of ransomware encounters. The ransomware attacks observed last year were very destructive and moved at an incredibly rapid pace. Because of the automated propagation techniques, they infected computers faster than any human could respond and they left most victims without access to their files indefinitely.
Phishing attacks are on the increase: Nowadays most genuine software products have strong security measures built in. So many hackers are now focusing an easier route. They simply trick users into clicking a malicious link or opening a phishing email to get at valuable credentials and other sensitive information. Phishing was the top threat vector for Office 365-based email threats during the second half of 2017.
The above three threat categories represent real and ever-present dangers. So, what can we do about them? I’ve already talked about the need for regular IT check-ups. Here are a couple more measures companies should focus on to strengthen their defenses:
Ensure strong fundamentals: Use only genuine, current and updated software. Relying on IT assets which are old, unprotected, or are not genuine, substantially increases the vulnerabilities to cyberattacks. Pirated and counterfeit software are frequently known to have malware embedded in them. This is a big problem across our part of the world. Too many users download pirated software thinking they are getting a cheap bargain with no thought given to the massive costs that will come should malware take hold. Even more insidious is how some dealers load counterfeit software onto new devices as free “extras”, sometimes without the knowledge of the buyer. Last year we asked a team of postgraduate students at the National University of Singapore to survey the problem. They were staggered by the pervasiveness of malware in the pirated software they examined.
Focus on cyber hygiene: Negligent employee behavior, or weak credentials/password protection within an organization, add a high degree of vulnerability for system compromise. Employees should be regularly trained and reminded to watch out for traps, like phishing emails.
Update your software and install the latest patches: Microsoft’s security teams identify and address cyber threats all the time. And, we provide patches to address any vulnerabilities discovered. It is critical for users to install these patches as soon as possible. Once the patches are released, cyber criminals realize what vulnerabilities are being patched and they quickly try to take advantage of those vulnerabilities in the hope that most businesses will delay implementing the patches. Not acting quickly to patch makes companies immediately vulnerable. And, the longer it takes to patch that vulnerability, the more criminals can take advantage of it. There was one botnet that Microsoft worked with authorities to takedown (and issued a patch even before the take down of the botnet) back in 2010. Yet we still see thousands of computers that remain infected with that defunct botnet’s malware. This means some users have not patched their system to remedy this vulnerability in the eight years since that patch was issued.
Finally, my best advice is that if you are not going to take cybersecurity action yourself, then leave it to somebody else to do it for you. For most users that is easy. Just subscribe to products that offer regularly updated security protection, such as Microsoft 365.
Remember, once devices or systems are made vulnerable by one breach, a door is open to a whole host of other threats. Cybercrime is now a big global business and the danger it poses is not going away. We can manage these threats, but it is up to all of us to do our part.