Microsoft study pinpoints cyber threats

Paid Post:Microsoft

Reading Time:3 minutes

Published: 12:40pm, 2 Jul 2020Updated: 12:40pm, 2 Jul 2020

[Sponsored Article]

One obvious effect of the coronavirus outbreak has been the accelerated growth of online services and working from home. But that change in habits has also highlighted the need for organisations and individuals to exercise greater vigilance to ensure sensitive data doesn't fall into the wrong hands.

“Cybercriminals do not stand still,” says Fred Sheu, national technology officer for Microsoft Hong Kong, who keeps a watchful eye on such developments, “We are witnessing attackers pivoting away from conventional methods and shifting towards customised campaigns targeted at specific geographies, industries and businesses.”

To bolster their security, companies therefore need to devise a comprehensive cyber resilience strategy. This should include effective use of cloud technology, a focus on cyber hygiene, and close attention to any reports of malware encounters or “drive-by download attacks”.

“Regular patching and updating of software can decrease the likelihood of malware and ransomware infections,” says Sheu, while also warning that cybercriminals are looking to take advantage of coronavirus concerns by adapting and refining their methods.

“According to our data, Covid-19 themed threats are mostly retreads of existing attacks that have been slightly altered to tie in to the pandemic,” he says. “Attackers have been pivoting their existing infrastructure - things like ransomware, phishing and other malware delivery tools - to include Covid-19 keywords in order to capitalise on people’s fears. Once users click on these malicious links, [the criminals] can infiltrate networks, steal information and monetise their attacks.”

Much of the basic data Sheu refers to comes from Microsoft’s recently released “Security Endpoint Threat Report 2019”. Its findings are derived from an analysis of diverse data sources available to the company. These include threat signals received between January and December last year, download attacks across the Asia-Pacific region, malware encounters and piracy rates.