Reader Advisory

Some articles posted in The SlickMaster's Files may contain themes, languages, and content which may neither appropriate nor appealing to certain readers. READER DISCRETION is advised.

Thursday, March 11, 2021

PH places 6th in 2020 global web threat detections

02/28/2021 02:11:20 PM

KSN 2020 Top 10 global list with web threats detections 

The Philippines slipped down two spots in the latest top 10 global list of countries with the most web-borne threats based on a report from Kaspersky

The 2020 edition of Kaspersky Security Network said that their solutions were able to detect 44,420,695 different Internet-borne threats from their Filipino PC users last year, with 42.2 percent of online users almost infected with web threats in 2020, putting the country at 6th place globally. 

The recent numbers detected by this global cybersecurity brand are 37.19% more in 2020 compared to 27,899,906 web threats (44.4%) detected in 2019, placing the country 4th overall in that year.  

Web threats are attacks via browsers which is the basic method for cybercriminals to spread their malicious programs.

Kaspersky experts observed two noticeable trends behind the change of percentage of users attacked by web threats, not just in the Philippines, but for countries all over the world:

1. The number of users that encounter web miners has been reduced by one and a half times. A Trojan miner likes Trojan.Script.Miner.gen is an example of web-mining malware that is used by cybercriminals to secretly mine cryptocurrencies using someone’s computing power and electricity. 
2. The number of users that encounter web skimmers has increased by about 20%. Web skimmers (sometimes referred to as sniffers) where scripts are embedded by attackers in online stores to steal credit card data of customers from websites. 

There are top five sources of web threats in the Philippines as well as in other countries in the region and elsewhere in the world, according to Kaspersky. 

1. Internet browsing. In the vast majority of cases, malware in web traffic is found during browsing scenarios—when an internet user visits an infected site or an online advertisement performs an unfair action.
2. Unintentional downloads of certain programs (or files) from the internet
3. Email attachments. Downloading of malicious attachments from online email services
4. Browser extensions activity. A browser extension is a plugin for a web browser that adds certain functions and features to it used for productivity, customization, shopping, games, etc. Examples of extensions are those that block ads on web pages, translate text between languages, or add pages to a third-party bookmark service. Extensions can be malicious or dangerous because these come from third-party websites which collect data to sell to other entities later. 
5. Downloads of malicious components or communications with control and command (C&C) servers performed by other malware. A C&C server helps a fraudster to control a botnet (a network of hijacked computer devices used to carry out various scams and cyberattacks) and sends malicious commands to its members, regulate spyware, send payload, etc.

Globally-speaking, the Philippines' 2020 ranking in local threat detections also went one notch down from 2019. With 44,541,812 local incidents blocked on computers of Kaspersky users in the Philippines, it is currently at 62nd place from its 61st place in 2019 when it had 47,443,112 incidents.  Statistics from this report also showed that more than four-in-10 (47.4%) of Filipino internet users were attempted to be attacked with local threats in 2020 compared to almost six-in-10 (56.90%) users who were affected in 2019. These local threats are basically local infections where users are attacked by malware spread through “offline” methods such as removable USB drives, CDs, and DVDs. 
“One thing that all of us would remember very well about 2020 other than COVID-19 was the shift of major tasks online—mostly within the confines of our homes. It is now a common scenario to see working parents juggle work and assisting kids with their online classes. The stress of finding balance has understandably affected each of us emotionally and psychologically, which created the best scenario for cybercriminals to exploit the situation,” said  Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky. 
“Last year, we saw several incidents of scams and social engineering tactics aimed at tricking the human mind to steal money or information, using buzzwords related to COVID-19. Avoiding such requires a lot of calmness and vigilance, which is a tough one to have amidst the chaos that is the pandemic,” Tiong added. 
“The pandemic has blurred the lines between corporate defenses and home security. Remote work, online classes, digitalization across all sectors will continue, at least for 2021. It is high time for enterprises of all shapes and sizes to understand that online threats against individuals should now be considered as risks against companies. We need to remember that cyber criminals never sleep. Hence, our security solutions should be automated, intelligence-based, and proactive,” Yeo further said. 
Kaspersky experts have the following tips for remote work-based companies to help employers and businesses stay on top of any potential IT security issues and remain productive while the staff is working from home: 
  • Ensure your employees have all they need to securely work from home and know who to contact if they face an IT or security issue. 
  • Schedule basic security awareness training for your employees. This can be done online and cover essential practices, such as account and password management, email security, endpoint security, and web browsing. 
  • Take key data protection measures including switching on password protection, encrypting work devices, and ensuring data are backed up. 
  • Ensure devices, software, applications, and services are kept updated with the latest patches. 
  • Install proven protection software on all endpoints, including mobile devices, and switch on firewalls. Small and midrange enterprises can also opt to use a Kaspersky Endpoint Detection and Response Optimum to boost their defenses against complex threats. 
  • Ensure you have access to the latest threat intelligence to bolster your protection solution. For example, Kaspersky offers a free COVID-19-related threat data feed. 
  • Double-check the protection available on mobile devices. It should enable anti-theft capabilities such as remote device location, locking and wiping of data, screen locking, passwords and biometric security features like Face ID or Touch ID, as well as enable application controls to ensure only approved applications are used by employees. 
  • In addition to physical endpoints, it is important to protect cloud workloads and virtual desktop infrastructure. 
Meanwhile, here the top online security tips for home and home-based learning users:
  • Ensure your router supports and works smoothly when transmitting WIFI to several devices simultaneously, even when multiple workers are online and there is heavy traffic (as is the case when using video conferencing)
  • Regularly update your router to avoid potential security issues. 
  • Set up strong passwords for your router and WIFI network. 
  • If you can, only do work on devices provided by your employer. Putting corporate information on your personal devices could lead to potential security and confidentiality issues. 
  • Do not share your work account details with anybody else, even if it seems a good idea at the time. 
  • Always feel able to speak to your employer’s IT or IT security team if you have any concerns or issues while working from home.
  • Follow the rules of cyber-hygiene: use strong passwords for all accounts, do not open suspicious links from emails and IMs, never install software from third-party markets, be alert, and use a reliable security solution.  
Author: slickmaster | © 2021 The SlickMaster's Files

No comments:

Post a Comment

Feel free to make a comment as long as it is within the bounds of the issue, and as long as you do it with decency. Thanks!