One obvious effect of the coronavirus outbreak has been the accelerated growth of online services and working from home. But that change in habits has also highlighted the need for organisations and individuals to exercise greater vigilance to ensure sensitive data doesn't fall into the wrong hands.
“Cybercriminals do not stand still,” says Fred Sheu, national technology officer for Microsoft Hong Kong, who keeps a watchful eye on such developments, “We are witnessing attackers pivoting away from conventional methods and shifting towards customised campaigns targeted at specific geographies, industries and businesses.”
To bolster their security, companies therefore need to devise a comprehensive cyber resilience strategy. This should include effective use of cloud technology, a focus on cyber hygiene, and close attention to any reports of malware encounters or “drive-by download attacks”.
“Regular patching and updating of software can decrease the likelihood of malware and ransomware infections,” says Sheu, while also warning that cybercriminals are looking to take advantage of coronavirus concerns by adapting and refining their methods.
“According to our data, Covid-19 themed threats are mostly retreads of existing attacks that have been slightly altered to tie in to the pandemic,” he says. “Attackers have been pivoting their existing infrastructure - things like ransomware, phishing and other malware delivery tools - to include Covid-19 keywords in order to capitalise on people’s fears. Once users click on these malicious links, [the criminals] can infiltrate networks, steal information and monetise their attacks.”
Much of the basic data Sheu refers to comes from Microsoft’s recently released “Security Endpoint Threat Report 2019”. Its findings are derived from an analysis of diverse data sources available to the company. These include threat signals received between January and December last year, download attacks across the Asia-Pacific region, malware encounters and piracy rates.
“The report aims to create a better understanding of the evolving threat landscape and help organisations improve their cybersecurity posture by mitigating the effects of increasingly sophisticated attacks,” says Mary Jo Schrade, assistant general counsel for the Microsoft Digital Crimes Unit in Asia. “As security defences evolve and attackers rely on new techniques, our unique access to billions of threat signals every day enables us to gather data and insights to inform our response.”
For Hong Kong specifically, the report contains mixed news. On the one hand, it shows that last year the territory registered the region’s 11th highest malware encounter rate (at 2.28 percent), which represents a 34 per cent decrease over the 12-month period. The figure was 2.3 times lower than the regional average. And the city’s ransomware encounter rate, at 0.02 per cent, was ninth in the region, showing a 71 per cent year-on-year decline and coming in 2.5 times lower than the regional average.
On the other hand, though, the report reveals that last year Hong Kong had a 60 per cent increase in drive-by download attack volume (to 0.24 per cent), putting the city third highest in the Asia-Pacific region in this category, behind only Singapore and India.
Such attacks essentially involve downloading malicious code on to an unsuspecting user’s computer when they visit a website or fill out an online form. The attacker is then able to steal passwords or financial data. The study found these activities increasing in regional business hubs despite a general decline elsewhere.
“Cybercriminals capitalise on drive-by download techniques to target organisations and end-users with the objective of stealing valuable financial information or intellectual property,” Sheu says. “But we’d like to emphasise that a high encounter rate does not necessarily translate into a high infection rate. The right level of cyber hygiene and the use of genuine software can prevent systems from getting compromised.”
He notes, though, that according to a separate HKCERT Hong Kong Security Watch report for the first quarter of 2020, the total number of security events has seen an upward trend. The increase was mainly caused by more malware hosting events (up 3.5 times to 5,445) and a rise of over 50 per cent in phishing events in the quarter.
In view of the existing and evolving threats, Sheu encourages all businesses and end-users to remain vigilant. This applies especially when dealing in perhaps less familiar areas like cryptocurrency, even though Hong Kong’s cryptocurrency mining encounter rate stood at 0.02 per cent in 2019, which marked a 71 per cent decrease from the prior year.
“In such cases, the victims’ computers are infected with malware, which allows criminals to leverage computing power without their knowledge,” Sheu says. “However, cybercriminals are usually incentivised by quick financial gains. We believe that the recent fluctuations in the value of cryptocurrency, and the increased time required to generate it, has perhaps led to them focusing on other forms of cybercrime.”
In general, he adds, businesses and individuals all have a part to play in minimising threats and ensuring a secure digital environment. For instance, the former have a duty to provide strong tools, as well as to look into multi-layer defence systems and multi-factor authentication (MFA) if employees are working from home. They should also have protection against shadow IT and unsanctioned app usage plus end-to-end encryption for file sharing.
“Individuals should update all devices with the latest security features and use an anti-virus or anti-malware service,” Sheu says. “Also, they should be alert to links and attachments, especially from unknown