Hong Kong Recorded All-Time Low Malware and Ransomware Encounters: Microsoft Security Endpoint Threat Report 2019

 |   Rita Ngai

cybersecurity
  • Drive-by download remained a significant cybersecurity challenge for Hong Kong, with a 60 percent increase in attacks recorded in the 2019, ranked third highest in Asia Pacific
  • Microsoft Threat Protection Intelligence teams warns of cybercriminals taking advantage of COVID-19 concerns, adapting, and updating attack methods

HONG KONG, June 17 2020 – Microsoft today unveiled Asia Pacific findings from the latest edition of its Security Endpoint Threat Report 2019[1], which revealed that Hong Kong had the 3rd highest drive-by download attack volume across Asia Pacific, after Singapore and India, in the last year.

Findings were derived from an analysis of diverse Microsoft data sources, including 8 trillion threat signals received and analyzed by Microsoft every day, covering a 12-month period, from January to December 2019.

“As security defenses evolve and attackers rely on new techniques, Microsoft’s unique access to billions of threat signals every day enables us to gather data and insights to inform our response to cyberattacks,” said Mary Jo Schrade, Assistant General Counsel, Microsoft Digital Crimes Unit, Microsoft Asia.

“The Microsoft Security Endpoint Threat report aims to create a better understanding of the evolving threat landscape and help organizations improve their cybersecurity posture by mitigating the effects of increasingly sophisticated attacks.”

Hong Kong registered all-time low malware and ransomware encounters

Asia Pacific continued to experience a higher average encounter rate for malware and ransomware attacks – 1.6 and 1.7 times higher respectively than the rest of the world.

Hong Kong registered the 11th highest malware encounter rate at 2.28 percent, following a 34 percent decrease in the past year. This was 2.3 times lower than the regional average.

Its ransomware encounter rate was the 9th highest across the region at 0.02 percent, recording a steep 71 percent decrease YoY. This was 2.5 times lower than the regional average.

“Often, high malware encounters correlate with both piracy rates and overall cyber hygiene, that includes regular patching and updating of software.  Countries that have higher piracy rates and lower cyber hygiene tend to be more severely impacted by cyberthreats. Patching, using legitimate software, and keeping it updated can decrease the likelihood of malware and ransomware infections,” explained Fred Sheu, National Technology Officer, Microsoft Hong Kong.

Despite the lower threat encounters observed, Sheu encouraged all businesses to remain vigilant. “Cybercriminals do not stand still. We are witnessing attackers pivoting away from conventional methods, and shifting towards customized campaigns, targeted at specific geographies, industries, and businesses. By relying on cloud technology and developing a comprehensive cyber resilience strategy, organizations can effectively bolster their cybersecurity strategies.”

Hong Kong’s cryptocurrency mining encounter rate was 2.5 times lower than the regional average

Hong Kong’s cryptocurrency mining encounter rate stood at 0.02 percent in 2019, following a 71 percent decrease from 2018. According to the report, this was 2.5 times lower than the global and regional average and was the 10th highest encounter rate across the region.

During such attacks, victims’ computers are infected with cryptocurrency mining malware, allowing criminals to leverage the computing power of their computers without their knowledge.

On the declining encounter rate recorded, Sheu elaborated, “Cybercriminals are usually incentivized by quick financial gains. We believe that the recent fluctuations in the value of cryptocurrency and the increased time required to generate it, has perhaps led to them focusing on other forms of cybercrime.”  (quote to be attributed to local spokesperson)

SEPR picture 1 EN

Hong Kong recorded the third highest drive-by download attack volume in the region

The drive-by download attack volume[2] in Asia Pacific has converged with the rest of the world at 0.08, following a 27 percent decline from 2018.

These attacks involve downloading malicious code onto an unsuspecting user’s computer when they visit a website or fill up a form. The malicious code that is downloaded is then used by an attacker to steal passwords or financial information.

Despite the general decline in drive-by download attacks across the region, the study found that regional business hubs, Singapore, and Hong Kong, recorded the highest attack volume in 2019, over 3 times the regional and global average. Hong Kong’s attack volume rose by 60 percent in the past year, to 0.24 in 2019.

SENR picture 2 EN

“Cybercriminals capitalize on drive-by download technique to target the organizations and end-users with the objective to steal valuable financial information or intellectual property. This is a likely reason for regional business hubs recording the highest volume of these threats,” explained Sheu. “We’d like to emphasize that the high encounter rate does not necessarily translate into a high infection rate as the level of cyber hygiene and usage of genuine software prevents the systems from getting compromised.”

Cybersecurity in the age of COVID-19

With the turn of the new year, COVID-19 has changed the landscape and remains the top-of-mind concern for individuals, organizations, and governments around the world.

Since the outbreak, Microsoft’s data has shown that every country in the world has seen at least one COVID-19 themed attack, and the volume of successful attacks in outbreak-hit countries seems to be increasing, as fear and the desire for information grows.

Of the millions of targeted phishing messages seen globally each day, roughly 60,000 include COVID-19 related malicious attachments or malicious URLs. Attackers are impersonating established entities like the World Health Organization (WHO), Centers for Disease Control and Prevention (CDC), and the Department of Health to get into inboxes.

Sheu further explained, “According to our data, we found that COVID-19 themed threats are mostly rethreads of existing attacks that have been slightly altered to tie to the pandemic. This means that attackers have been pivoting their existing infrastructure, like ransomware, phishing, and other malware delivery tools, to include COVID-19 keywords, to capitalize on people’s fear. Once users click on these malicious links, attackers can infiltrate networks, steal information and monetize their attacks.”

Businesses and individuals have a crucial role to play in navigating digital activity securely and are encouraged to take the following steps for cybersecurity.

Guidance for businesses:

  • Have strong tools to safeguard employees and infrastructure. This means looking into multi-layered defense systems and turning on multi-factor authentication (MFA) as employees work from home. Additionally, enable endpoint protection and protect against shadow IT and unsanctioned app usage with solutions like Microsoft Cloud App Security.
  • Ensure employee guidelines are communicated clearly to employees. This includes information on how to identify phishing attempts, distinguishing between official communications and suspicious messages that violate company policy, and where these can be reported internally.
  • Choose a trusted application for audio/video calling and file sharing that ensures end-to-end encryption.

Guidance for individuals:

  • Update all devices with the latest security updates and use an antivirus or anti-malware service. For Windows 10 devices, Microsoft Defender Antivirus is a free built-in service enabled through settings.
  • Be alert to links and attachments, especially from unknown senders.
  • Use multi-factor authentication (MFA) on all accounts. Now, most online services now provide a way to use your mobile device or other methods to protect your accounts in this way.
  • Get educated on how to recognize phishing attempts and report suspected encounters, including watching out for spelling and bad grammar, and suspicious links and attachments from people you do not know.

For more information on the findings published on the Microsoft Security Intelligence website, please visit: https://www.microsoft.com/securityinsights

# # #

About Microsoft

Microsoft (Nasdaq “MSFT” @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more.

[1] Research covered a total of 15 markets – Developing markets: China, India, Indonesia, Malaysia, Philippines, Sri Lanka, Thailand and Vietnam; developed markets: Taiwan, Singapore, New Zealand, Korea, Japan, Hong Kong, Australia; Source on market categorization: International Monetary Fund’s World Economic Database, October 2018

[2] The Security Endpoint Threat Report records the average volume of drive-by download pages detected for every 1,000 pages indexed by Bing.