Microsoft warns of spike in drive-by download attacks in Singapore

Most users do not know they have malware installed in their computers.
Most users do not know they have malware installed in their computers.PHOTO: THE NEW PAPER

SINGAPORE - Microsoft has warned that Singapore has suffered from more drive-by download attacks than any other country in the Asia Pacific region in 2019.

In these attacks, hackers install malware on their unsuspecting victims' computers.

The tech giant released its annual security threat report on Wednesday (June 17). It said that though the region saw a 27 per cent decline in these drive-by download attacks - in which malware is unwittingly downloaded when a user visits a website or fills in a form - Singapore recorded a more than twofold increase of them last year.

Compared to 2018, Singapore experienced a 138.5 per cent rise in these attacks, through which hackers steal passwords or financial information from their victims.

Mary Jo Schrade, Microsoft's assistant general counsel of its digital crimes unit in Asia, said that Singapore is an attractive target for these criminals due to its excellent financial standing in the region.

"We usually see cybercriminals launch such attacks to steal financial information or intellectual property, and this is a key reason why regional financial hubs, such as Singapore and Hong Kong, recorded the highest volume of such threats," said Miss Schrade, who is also the unit's regional lead.

These drive-by downloads take place when an unsuspecting user visits -or 'drives by'- a website infected with malicious code. Cybercriminals take advantage of vulnerable or outdated apps, browsers, or even operating systems.

Even without the user attempting to click or download anything, the malicious code can get downloaded to the user's device.

Said Miss Schrade: "This unintentional download of the malicious code can result in the exploitation of vulnerabilities in web browsers, applications or even in the device's operating system. This can be hosted on legitimate websites and it can be difficult for even an experienced user to identify a compromised site from a list of search results."

 
 
 

While such attacks can be hard to detect, users can take several precautions to protect themselves.

Experts advise users to make sure that they install an antivirus programme and the latest security updates on their computers, mobile phones, tablets or other similar devices.

They should also uninstall software and any add-ons to their applications that are neither necessary nor used. This digital clean-up will simplify the amount of software to be updated on their systems and minimise the potential hacking.

"Users should also stay vigilant and watch out for malicious or compromised websites and avoid pirated content," added Miss Schrade.