India saw 2nd highest drive-by download attack volume in APAC in 2019, says Microsoft report
India ranked second, behind Singapore, in terms of 'drive-by download' attack volume in the Asia-Pacific region in 2019, according to a report by Microsoft.
'Drive-by download' attacks involve downloading malicious code onto an unsuspecting user's computer when they visit a website or fill up a form. The malicious code that is downloaded is then used by the attacker to steal passwords or financial information.
While the volume of such attacks in the Asia-Pacific region declined 27 per cent from 2018, India moved from the 11th position to the second spot (with 140 per cent increase), the report titled 'Microsoft Security Endpoint Report 2019' said.
It added that cybercriminals remain focused on stealing financial information or intellectual property.
Together with key financial hubs, Singapore and Hong Kong, India experienced an attack volume that was three times higher than the regional and global average, it said.
"Cybercriminals capitalise on drive-by download technique to target the organisations and end-users with the objective to steal valuable financial information or intellectual property," Microsoft India Group Head and Assistant General Counsel (Corporate, External and Legal Affairs) Keshav Dhakad said in a virtual briefing.
He added that this is a likely reason for regional business hubs recording the highest volume of these threats.
Dhakad also said the high encounter rate does not necessarily translate into a high infection rate as the level of cyber hygiene and usage of genuine software prevent the systems from getting compromised.
The findings of the report are derived from an analysis of diverse Microsoft data sources, including eight trillion threat signals received and analysed by the company every day, covering a 12-month period, from January to December 2019.
According to the report, Asia-Pacific (APAC) continued to experience a higher-than-average encounter rate for malware and ransomware attacks — 1.6 and 1.7 times higher than the rest of the world, respectively.
"India registered the 7th highest malware encounter rate across the region, at 5.89 per cent in the past year. This was 1.1 times higher than the regional average," it said.
The report added that India recorded the third-highest ransomware encounter rate across the region, which was two times higher than the regional average.
This was despite a 35 per cent and 29 per cent decrease in malware and ransomware encounters, respectively, over the past year, it added.
Besides, India also recorded the second-highest cryptocurrency mining encounter rate in Asia-Pacific after Sri Lanka, even though the encounter rate declined 35 per cent from 2018, the report said.
During such attacks, victims' computers are infected with cryptocurrency mining malware, allowing criminals to leverage the computing power of their computers without their knowledge.
Dhakad said while overall cyber hygiene in India has improved, there is more to be done.
"Typically, high malware encounters are a result of excessive usage of unlicensed and/or pirated software, and proliferation of sites that illegitimately offer free software or content, such as video streaming," he added.
Dhakad also said consumer education is important and users should regularly patch and update programs and devices and be able to identify unsafe websites and illegitimate software.
Talking about trends around COVID-19, Dhakad said that of the millions of targeted phishing messages seen globally each day, roughly 60,000 include COVID-19-related malicious attachments or malicious uniform resource locators (URLs).
Attackers are impersonating established entities like the World Health Organization (WHO), Centers for Disease Control and Prevention (CDC), and the Department of Health to get into inboxes.
"We found that COVID-19-themed threats are mostly retreads of existing attacks that have been slightly altered to tie to the pandemic. This means that attackers have been pivoting their existing infrastructure, like ransomware and phishing, to include COVID-19 keywords, to capitalise on people's fear," he said.
Once users click on these malicious links, attackers can infiltrate networks, steal information and monetise their attacks, he added.
He suggested that businesses should have strong tools to safeguard employees and infrastructure and ensure employee guidelines are communicated clearly to the staff.
Also, they should choose a trusted and unified communication and collaboration application for audio/video calling, team collaboration, and file sharing that ensures end-to-end encryption, he added.
Dhakad said individuals should update all devices with the latest security updates and use an antivirus or anti-malware service and should stay alert about the links and attachments in all forms of communication, e-mail, social media or chats, especially from unknown senders.
They should also use multi-factor authentication on all accounts and be educated on how to recognise phishing attempts and report suspected encounters, including watching out for spelling and bad grammar, and suspicious links and attachments from people they do not know, he added.