Kaspersky report: PH web threats increased 37 percent
More cyber threats were detected in the Philippines last year compared to 2019. The 2020 Kaspersky Security Network (KSN) report revealed a 37 percent increase in attacks dropping the country to 6th place from 4th in 2019.
The main reason for the increase in threats detected and thwarted is the remote working and studying environment created by the pandemic, exploited in full by cybercriminals.
“One thing that all of us would remember very well about 2020 other than COVID-19 was the shift of major tasks online — mostly within the confines of our homes. It is now a common scenario to see working parents juggle work and assisting kids with their online classes. The stress of finding balance has understandably affected each of us emotionally and psychologically, which created the best scenario for cybercriminals to exploit the situation,” Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky said.
Another reason is the lack of immediate security measures implemented at the onset of the lockdowns because companies were forced to operate intensively with a BYOD set-up or with employees taking home company computers and with the office network not yet set-up for this arrangement.
Globally, the Philippines’ 2020 ranking in local threat detections also went down by one mark from 2019. With 44,541,812 local incidents blocked on computers of Kaspersky users in the Philippines, it is currently at 62nd place from its 61st place in 2019 when it had 47,443,112 incidents.
Statistics from the report also showed that more than four-in-10 (47.4 percent) of Filipino internet users were attempted to be attacked with local threats in 2020 compared to almost six-in-10 (56.90 percent) users who were affected in 2019.
Remote working threats
On one hand, companies already in remote working mode adapted faster. Tori G. is a customer service supervisor for a U.S.-based Internet-hosting service and she said right from the start their network was build to resist external attacks even when working from home. She lives in Calamba and the head office is in Texas. Using a VPN and endpoint protection systems allows her to operate with a team of 25 people from other countries including India and Singapore. Nevertheless, company detection systems have halted, on average, about 4 to 5 intrusion attempts a day.
John B. on the other hand is an English teacher based in Iloilo. He teaches online English classes to an international class using Zoom. Using only simple security solutions noticed that he has been the subject of mostly phishing and social engineering attacks, oftentimes spamming email inboxes and attacking his teaching website which he runs from a Managed WordPress platform. He started to use a Kaspersky Internet Security solution recommended by a tech writer friend. Immediately malware and mining attempts were detected, quarantined, and removed.
“The pandemic has blurred the lines between corporate defenses and home security. Remote work, online classes, digitalization across all sectors will continue, at least for 2021. It is high time for enterprises of all shapes and sizes to understand that online threats against individuals should now be considered as risks against companies. We need to remember that cybercriminals never sleep. Hence, our security solutions should be automated, intelligence-based, and proactive,” Yeo adds.
Top 10 global list
The number of web threats in the country is about 37.19 percent more in 2020 compared to 27,899,906 web threats (44.4 percent) detected in 2019, placing the country 4th overall in that year.
Web threats are attacks via browsers which is the basic method for cybercriminals to spread their malicious programs.
Kaspersky experts observed two noticeable trends behind the change of percentage users attacked by web threats, not just in the Philippines, but for countries all over the world:
- The number of users that encounter web miners has been reduced by one and a half times.A Trojan miner like Trojan.Script.Miner.gen is an example of a web-mining malware that is used by cybercriminals to secretly mine cryptocurrencies using someone’s computing power and electricity.
- The number of users that encounter web skimmers has increased by about 20%. Web skimmers (sometimes referred to as sniffers) where scripts are embedded by attackers in online stores to steal credit card data of customers from websites.
Sources of threats
According to Kaspersky, the top five sources of web threats in the Philippines as well as in other countries in the region and elsewhere in the world are the following:
- Internet browsing. In the vast majority of cases, malware in web traffic is found during browsing scenarios — when an internet user visits an infected site or an online advertisement performs an unfair action.
- Unintentional downloads of certain programs (or files) from the internet
- Email attachments. Downloading of malicious attachments from online email services
- Browser extensions activity. A browser extension is a plugin for a web browser that adds certain functions and features to it used for productivity, customization, shopping, games, etc. Examples of extensions are those that block ads on web pages, translate text between languages or add pages to a third-party bookmark service. Extensions can be malicious or dangerous because these come from third-party websites which collect data to sell to other entities later.
- Downloads of malicious components or communications with control and command (C&C) servers performed by other malware. A C&C server helps a fraudster to control a botnet (a network of hijacked computer devices used to carry out various scams and cyberattacks) and sends malicious commands to its members, regulate spyware, send payload, etc.
Local threats are basically local infections where users are attacked by malware spread through “offline” methods such as removable USB drives, CDs, and DVDs.
“Last year, we saw several incidents of scams and social engineering tactics aimed at tricking the human mind to steal money or information, using buzzwords related to COVID-19. Avoiding such requires a lot of calmness and vigilance, which is a tough one to have amidst the chaos that is the pandemic,” Yeo explains.
Tips on thwarting attacks
For companies observing remote work, Kaspersky experts have the following tips to help employers and businesses stay on top of any potential IT security issues and remain productive while staff are working from home:
- Ensure employees have all they need to securely work from home and know who to contact if they face an IT or security issue.
- Schedule basic security awareness training for employees. This can be done online and cover essential practices, such as account and password management, email security, endpoint security and web browsing.
- Take key data protection measures including switching on password protection, encrypting work devices and ensuring data is backed up.
- Ensure devices, software, applications, and services are kept updated with the latest patches.
- Install proven protection software on all endpoints, including mobile devices, and switch on firewalls. Small and midrange enterprises can also opt to use a Kaspersky Endpoint Detection and Response Optimum to boost their defences against complex threats.
- Ensure there is access to the latest threat intelligence to bolster your protection solution. For example, Kaspersky offers a free COVID-19-related threat data feed.
- Double-check the protection available on mobile devices. It should enable anti-theft capabilities such as remote device location, locking and wiping of data, screen locking, passwords and biometric security features like Face ID or Touch ID, as well as enable application controls to ensure only approved applications are used by employees.
- In addition to physical endpoints, it is important to protect Cloud workloads and virtual desktop infrastructure.
For users, here the top online security tips for home and home-based learning:
- Ensure the router supports and works smoothly when transmitting WIFI to several devices simultaneously, even when multiple workers are online and there is heavy traffic (as is the case when using video conferencing)
- Regularly update router firmware or the actual physical router to avoid potential security issues.
- Set up strong passwords for the router and WIFI network.
- If you can, only do work on devices provided by your employer. Putting corporate information on your personal devices could lead to potential security and confidentiality issues.
- Do not share work account details, even if it seems a good idea at the time.
- Always feel able to speak to the employer’s IT or IT security team if you have any concerns or issues while working from home.
- Follow the rules of cyber hygiene: use strong passwords for all accounts, do not open suspicious links from emails and IMs, never install software from third-party markets, be alert, and use a reliable security solution.