India vulnerable to malware, drive-by download attacks: Microsoft report

India is among the countries with the highest cryptocurrency mining encounters and drive-by download attacks in the last year, according to Microsoft’s latest Security Endpoint Threat Report 2019.

India recorded a cryptocurrency mining encounter rate that was 4.6 times higher than the regional and global average. The country recorded the second-highest encounter rate in the Asia Pacific after Sri Lanka, according to the report.

During such attacks, victims’ computers are infected with cryptocurrency mining malware, allowing criminals to leverage the computing power of their computers without their knowledge.

“While recent fluctuations in cryptocurrency value and the increased time required to generate cryptocurrency have resulted in attackers refocusing their efforts, they continue to exploit markets with low cyber awareness,” said Keshav Dhakad, group head and assistant general counsel – corporate, external and legal affairs, Microsoft India.

India, together with Hong Kong and Singapore, also continued to face high drive-by download attack volume. These attacks involve downloading malicious code onto an unsuspecting user’s computer when they visit a website or fill up a form. The malicious code that is downloaded is then used by an attacker to steal passwords or financial information.

Despite the general decline across the region, the report found that India recorded a 140 per cent increase in attack volume. Together with key financial hubs, Singapore and Hong Kong, India experienced an attack volume that was three times higher than the regional and global average.

“Cybercriminals capitalise on drive-by download techniques to target the organizations and end-users with the objective to steal valuable financial information or intellectual property,” explained Dhakad.

According to the report, Asia Pacific continued to experience a higher-than-average encounter rate for malware and ransomware attacks – 1.6 and 1.7 times higher than the rest of the world, respectively.

India registered the highest malware encounter rate across the region, at 5.89 per cent in the past year. This was 1.1 times higher than the regional average. 

The report also found that India recorded the third highest ransomware encounter rate across the region, which was two times higher than the regional average.

This was despite a 35 per cent and 29 per cent decrease in malware and ransomware encounters respectively over the past year.

“Typically, high malware encounters are a result of excessive usage of unlicensed or pirated software, and proliferation of sites that illegitimately offer free software or content, such as video streaming,” said Dhakad. “Consumer education is important – users should regularly patch and update programs and devices and be able to identify unsafe websites and illegitimate software,” he said.

Findings were derived from an analysis of diverse Microsoft data sources, including 8 trillion threat signals received and analyzed by Microsoft every day, covering a 12-month period, from January to December 2019.

Microsoft Threat Protection Intelligence teams also warned that cybercriminals are now taking advantage of Covid-19 concerns, adapting, and updating attack methods. The volume of successful attacks in the outbreak- hit countries seems to be increasing, as fear and the desire for information grows.

Of the millions of targeted phishing messages seen globally each day, roughly 60,000 include Covid-19 related malicious attachments or malicious URLs. Attackers are impersonating established entities like the World Health Organization (WHO), Centers for Disease Control and Prevention (CDC), and the Department of Health to get into inboxes.

“We found that Covid-19 themed threats are mostly retreads of existing attacks that have been slightly altered to tie to the pandemic. This means that attackers have been pivoting their existing infrastructure, like ransomware, phishing, and other malware delivery tools, to include Covid-19 keywords, to capitalize on people’s fear,” said Dhakad. “Once users click on these malicious links, attackers can infiltrate networks, steal information and monetize their attacks,” he said.