Malware, ransomware and drive-by download attacks pose biggest cyberthreat challenge in India: Microsoft Security Endpoint Threat Report 2019

Illustration of a person using a tablet device.
  • India recorded a cryptocurrency mining encounter rate that was 4.6 times higher and drive-by download attack volume that was three times higher than the regional and global average
  • Microsoft Threat Protection Intelligence teams warn that cybercriminals are taking advantage of COVID-19 concerns, adapting, and updating attack methods

New Delhi, July 29, 2020 – Microsoft today unveiled India findings from the latest edition of its Security Endpoint Threat Report 2019[1], which placed India among the countries with the highest cryptocurrency mining encounters and drive-by download attacks in the last year.

Findings were derived from an analysis of diverse Microsoft data sources, including eight trillion threat signals received and analyzed by Microsoft every day, covering a 12-month period, from January to December 2019.

“As security defenses evolve and attackers rely on new techniques, Microsoft’s unique access to billions of threat signals every day enables us to gather data and insights to inform our response to cyberattacks,” said Mary Jo Schrade, Assistant General Counsel, Microsoft Digital Crimes Unit, Microsoft Asia.

“The Microsoft Security Endpoint Threat report aims to create a better understanding of the evolving threat landscape and help organizations improve their cybersecurity posture by mitigating the effects of increasingly sophisticated attacks.”

Malware and ransomware encounters remained high in India

According to the report, Asia Pacific continued to experience a higher-than-average encounter rate for malware and ransomware attacks – 1.6 and 1.7 times higher than the rest of the world, respectively.

India registered the seventh highest malware encounter rate across the region, at 5.89 percent in the past year. This was 1.1 times higher than the regional average. The report also found that India recorded the third highest ransomware encounter rate across the region, which was two times higher than the regional average.

This was despite a 35 percent and 29 percent decrease in malware and ransomware encounters respectively over the past year.

Keshav Dhakad, Group Head & Assistant General Counsel-Corporate, External & Legal Affairs, Microsoft India, said, “While overall cyber hygiene in India has improved, we believe there is more to be done. Typically, high malware encounters are a result of excessive usage of unlicensed or pirated software, and proliferation of sites that illegitimately offer free software or content, such as video streaming. Consumer education is important – users should regularly patch and update programs and devices and be able to identify unsafe websites and illegitimate software.”

Heatmap or malware and ransomware encounters across Asia Pacific in 2019

India records the second highest cryptocurrency mining encounter rate in Asia Pacific

India’s cryptocurrency mining encounter rate showed a 35 percent decrease from 2018 but was still 4.6 times higher than the regional and global average, and India recorded the second highest encounter rate in Asia Pacific after Sri Lanka, according to the report.

During such attacks, victims’ computers are infected with cryptocurrency mining malware, allowing criminals to leverage the computing power of their computers without their knowledge.

“While recent fluctuations in cryptocurrency value and the increased time required to generate cryptocurrency have resulted in attackers refocusing their efforts, they continue to exploit markets with low cyber awareness,” explained Dhakad.

India, together with Hong Kong and Singapore, continued to face high drive-by download attack volume

The drive-by download attack volume[2] in Asia Pacific declined 27 percent from 2018.

These attacks involve downloading malicious code onto an unsuspecting user’s computer when they visit a website or fill up a form. The malicious code that is downloaded is then used by an attacker to steal passwords or financial information.

Despite the general decline across the region, the report found that India recorded a 140 percent increase in attack volume. Together with key financial hubs, Singapore and Hong Kong, India experienced an attack volume that was three times higher than the regional and global average.

“Cybercriminals capitalize on drive-by download technique to target the organizations and end-users with the objective to steal valuable financial information or intellectual property. This is a likely reason for regional business hubs recording the highest volume of these threats,” explained Dhakad. “We’d like to emphasize that the high encounter rate does not necessarily translate into a high infection rate as the level of cyber hygiene and usage of genuine software prevents the systems from getting compromised.”

Cybersecurity in the age of COVID-19

With the turn of the new year, COVID-19 has changed the landscape and remains the top-of-mind concern for individuals, organizations, and governments around the world.

Since the outbreak, Microsoft Intelligence Protection team’s data has shown that every country in the world has seen at least one COVID-19 themed attack, and the volume of successful attacks in outbreak-hit countries seems to be increasing, as fear and the desire for information grows.

Of the millions of targeted phishing messages seen globally each day, roughly 60,000 include COVID-19 related malicious attachments or malicious URLs. Attackers are impersonating established entities like the World Health Organization (WHO), Centers for Disease Control and Prevention (CDC), and the Department of Health to get into inboxes.

Dhakad further explained, “According to our data, we found that COVID-19 themed threats are mostly retreads of existing attacks that have been slightly altered to tie to the pandemic. This means that attackers have been pivoting their existing infrastructure, like ransomware, phishing, and other malware delivery tools, to include COVID-19 keywords, to capitalize on people’s fear. Once users click on these malicious links, attackers can infiltrate networks, steal information and monetize their attacks.”

A snippet from Microsoft India - Security endpoint threat report
Download the infographic.

Businesses and individuals have a crucial role to play in navigating cyberspace securely and are encouraged to take the following steps:

Guidance for businesses:

  • Have strong tools to safeguard employees and infrastructure. This means looking into much-layered defense systems and turning on multi-factor authentication (MFA) as employees work from home. Additionally, enable endpoint protection and protect against shadow IT and unsanctioned app usage with solutions like Microsoft Cloud App Security
  • Ensure employee guidelines are communicated clearly to employees. This includes information on how to identify phishing attempts, distinguishing between official communications and suspicious messages that violate company policy, and where these can be reported internally
  • Choose a trusted and a unified communication and collaboration application for audio/video calling, team collaboration, and file sharing that ensures end-to-end encryption

Guidance for individuals:

  • Update all devices with the latest security updates and use an antivirus or anti-malware service. For Windows 10 devices, Microsoft Defender Antivirus is a free built-in service enabled through settings
  • Stay alert about the links and attachments in all forms of communication, email, social media, or chats, especially from unknown senders
  • Use multi-factor authentication (MFA) on all accounts. Now, most online services provide a way to use your mobile device or other authentication methods to protect your accounts effectively
  • Be deliberate about creating highly secure passwords for accounts, including securing your home WiFi from being hijacked or misused
  • Get educated on how to recognize phishing attempts and report suspected encounters, including watching out for spelling and bad grammar, and suspicious links and attachments from people you do not know

For more information on the findings published on the Microsoft Security Intelligence website, please visit:

Download the Microsoft Security Endpoint Threat Report 2019 – India

About Microsoft

Microsoft (Nasdaq “MSFT” @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more. Microsoft set up its India operations in 1990. Today, Microsoft entities in India have over 11,000 employees, engaged in sales and marketing, research, development and customer services and support, across 11 Indian cities – Ahmedabad, Bengaluru, Chennai, New Delhi, Gurugram, Noida, Hyderabad, Kochi, Kolkata, Mumbai and Pune. Microsoft offers its global cloud services from local data centers to accelerate digital transformation across Indian startups, businesses, and government organizations.

[1] Research covered a total of 15 markets, which include China, India, Indonesia, Malaysia, Philippines, Sri Lanka, Thailand and Vietnam, Taiwan, Singapore, New Zealand, Korea, Japan, Hong Kong, and Australia.

[2] The Security Endpoint Threat Report records the average volume of drive-by download pages detected for every 1,000 pages indexed by Bing.

Related Posts