Cyber attacks via email common in Asia

Microsoft had thwarted 30b email threats last year and is currently tracking more than 40 active nation-state actors over 140 threat groups


A MAJORITY of the cyber security attacks in Asia are sent via emails that touch on specific rising events that the public is anxious about, like the pandemic.

Microsoft Corp’s Digital Crimes Unit assistant general counsel and regional lead Mary-Jo Schrade said cyber attackers have become very sophisticated in that they include links in the email that would direct victims to download malware, thus providing attackers a way into their cyber environment.

“Some of the things that we have seen include lures over time that are specific to an ongoing event, for example, Covid-19.

“The email may contain things like the World Health Organisation announcing something, and people would want to know what it is, so they click on that link. We see criminals take advantage of that,” she said during Microsoft’s virtual security media briefing yesterday.

There have been large-scale cyber security attacks in the past years where at an average, there were 579 password attacks in a second, leading to an average of 50 million password attempts in a day.

Microsoft had thwarted 30 billion email threats last year and is currently tracking more than 40 active nation-state actors over 140 threat groups from 20 countries.

Schrade said another common problem in Asia is the low uptake of software updates or patching, which make users vulnerable in cyberspace.

She said cyber criminals have the ability to scan across the Internet and see those who are vulnerable, enabling them to take advantage of the individuals who are not engaging in timely patching.

The prevalence of counterfeit softwares in Asia is also posing threats to users as they are being exposed to malware when they download the counterfeit softwares onto their devices.

She urged users to adopt multi-factor authentication (MFA) as a defence software against cyber attacks as MFA is able to prevent 99.9% of threats that come through.

“One of the things we are seeing is a low update of MFA in Asia, as well as patching. We keep coming back to those fundamental things.

“If you practise these, you really are going a long way in your safety journey,” she added.

Microsoft corporate VP for security, compliance and identity Vasu Jakkal suggested users use the basic tools that are already provided in their software like MFA and cloud identity protection.

She highlighted that only 18% of Microsoft’s customers use MFA.

The security expert added that a hybrid work environment also leads to a new set of cyber threats which users have to be aware of since the pandemic shifted the way an organisation operates.

According to a survey done by Microsoft, 53% of those surveyed in Asia are planning to move because now they can work remotely, while globally, 46% of the population are opting for a remote working environment.

“We will have to think about home and work networks and operating this perimeter-less world which is going to pose interesting challenges as well as opportunities for us from a security standpoint,” she said.

Meanwhile, Schrade added that a hybrid work environment has led many small and medium enterprises in Asia to ramp up cyber security efforts by practising regular patching and other measures to secure their operations.

She said while working from home, even a router could pose cyber threats if the password used on the router is the default password it came with when it was first installed in one’s premises.

“There are threats in routers if people do not patch or change the password that it came with. That brings a lot of threats right to your doorstep when you work from home.

“You may not think about it, but your router is something you should look at,” she said.