Microsoft warns of spike in drive-by download attacks here

S'pore had more such attacks than any other country in Asia-Pacific last year: Report

Microsoft has warned that Singapore suffered from more drive-by download attacks than any other country in the Asia-Pacific region last year.

In these attacks, hackers install malware on their unsuspecting victims' computers.

The tech giant released its annual security threat report yesterday.

It said that although the region saw a 27 per cent decline in these drive-by download attacks - in which malware is unwittingly downloaded when a user visits a website or fills in a form - Singapore recorded a more than twofold increase of such attacks last year.

Compared with 2018, Singapore experienced a 138.5 per cent rise in these attacks, through which hackers steal passwords or financial information from their victims.

Microsoft's assistant general counsel of its digital crimes unit in Asia, Miss Mary Jo Schrade, said Singapore is an attractive target for these criminals due to its excellent financial standing in the region.

"We usually see cyber criminals launch such attacks to steal financial information or intellectual property, and this is a key reason why regional financial hubs, such as Singapore and Hong Kong, recorded the highest volume of such threats," said Miss Schrade, who is also the unit's regional lead.

These drive-by downloads take place when an unsuspecting user visits - or "drives by" - a website infected with malicious code.

Cyber criminals take advantage of vulnerable or outdated apps, browsers, or even operating systems. Even without the user attempting to click or download anything, the malicious code can get downloaded into the user's device.

Said Miss Schrade: "This unintentional download of the malicious code can result in the exploitation of vulnerabilities in Web browsers, applications or even in the device's operating system. This can be hosted on legitimate websites and it can be difficult for even an experienced user to identify a compromised site from a list of search results."

While such attacks can be hard to detect, users can take several precautions to protect themselves.

Experts advise users to make sure that they install an antivirus program and the latest security updates on their computers, mobile phones, tablets and other similar devices.

TARGETING VULNERABILITIES

This unintentional download of the malicious code can result in the exploitation of vulnerabilities in Web browsers, applications or even in the device's operating system.

MISS MARY JO SCHRADE, Microsoft's assistant general counsel of its digital crimes unit in Asia, on drive-by downloads.

They should also uninstall software and any add-ons to their applications that are neither necessary nor used.

This digital clean-up will simplify the amount of software to be updated on their systems and minimise potential hacking.

"Users should also stay vigilant and watch out for malicious or compromised websites and avoid pirated content," added Miss Schrade.

A version of this article appeared in the print edition of The Straits Times on June 18, 2020, with the headline 'Microsoft warns of spike in drive-by download attacks here'. Print Edition | Subscribe