From its 11th ranking last 2018, the Philippines climbed to fourth place in Kaspersky’s worldwide ranking of countries with the highest web threat detections from January to December 2019.   

Data from the Kaspersky Security Network (KSN) for the past year showed the cybersecurity company’s technologies monitored and prevented nearly 28 million internet-borne attacks against Kaspersky users in the Philippines.

This accounts for 44.40% of Kaspersky users in the country that encountered web threats in 12 months in 2019, where 26.62% were individual users and 7.58% were business users. The Philippines trailed behind the top three countries namely, Nepal, Algeria and Albania.

Top 10 countries, KSN January-December 2019

PlaceCountryPercent of users attacked by web-borne threats
1Nepal51.4%
2Algeria51.0%
3Albania46.1%
4Philippines44.4%
5Djibouti43.3%
6Mongolia43.0%
7Belarus42.9%
8Tunisia42.7%
9Bangladesh42.5%
10Azerbaijan42.0%

In Southeast Asia, the Philippines led the top three countries with the highest number of detections followed by Malaysia at 13th and Vietnam at 17th. 

Ranking of SEA countries, KSN January-December 2019

PlaceCountryPercent of users attacked by web-borne threats
4thPhilippines44.40%
13thMalaysia41.50%
39thVietname40.00%
92ndThailand29.10%
156thSingapore14.20%

Common attacks via drive-by downloads and social engineering tactics 

Kaspersky said a browser attack is still the top method for infecting web surfers. Users in the Philippines continue to be attempted to be attacked by cybercriminals through popular attack techniques such as drive-by download and social engineering.

Drive-by download happens when an Internet user visits a website that he/she didn’t know is infected and installs malware directly onto the user’s computer. Vulnerable computers are those with operating systems, applications, or web browsers that are not updated which means these contain security flaws.

Attempts to infect computers of Kaspersky users in the Philippines is done through social engineering where a cybercriminal exploits a user’s lack of knowledge. Disguising as friends, families or even as IT support personnel, cybercriminals convince a clueless user to disclose his/her confidential data. With the information, a cybercrook will gain access to multiple networks, infect the user’s computers with malware or prompt the user to open links to infected websites. 

Top 5 attack vectors 

Ways used by cybercriminals in the Southeast Asian region to install malware into a user’s computer include the following:
⦁ Visiting an infected website or when an online advertisement performs unfair action, such as adware which collects information without the owner’s consent
⦁ Unintentional downloads of certain programs or files from the Internet
⦁ Downloading malicious attachments via email
⦁ Browser extensions activity. Browser extensions are like plugins which add certain features and functions. Examples of extensions are used to block ads on web pages, translate text from one language to another, or add pages to a third-party bookmark services such as Evernote or Pocket.
⦁ Downloading malicious components or communications with control & command (C&C), a server that helps an online fraudster control a botnet and sends malicious commands that eventually would install malware onto a user’s computer. Botnet, short for robot network, is a collection of compromised (hacked) computers running malicious programs that are remotely controlled by cybercriminals. 

Below are the most widespread web threats in SEA (based on Kaspersky’s web-antivirus detections, according to Kaspersky Security Network):

Most widespread web-threats in Southeast Asia

Blocked urlsGeneric detection of blocked malicious URLs of any nature
Trojan Script GenericGeneric detection, as well, for malicious scripts
Trojan.Script.Miner.genWeb-miners
Trojan.Script.IframerHidden iframes, mostly used in muddy online-advertisements
Trojan-PSW.Script.GenericIn most cases, online-skimmers or sniffers

Local threats, malicious hosts down in PH

In the same report, Kaspersky products detected and blocked more than 47 million local incidents on computers of its users in the country. This has pushed the Philippines to slide down to 61st place in 2019 from its 65th place in 2018 in Kaspersky’s worldwide ranking among countries with the highest local infections. 

Local infections or threats results from malware spread through removable media such as USBs, CDs, DVDs, and other “offline” methods. 

Kaspersky said worms and file viruses, which are usually self-replicating, generally account for such incidents. Attempts of attacks were monitored and prevented against 52.73% of individual Internet users and 20.99% of business users in the Philippines. 

Meanwhile, there were only 1.5 million malicious hosting incidents monitored and blocked in Philippine-based servers in 2019 compared to two million in 2018 pulling the country’s global ranking from 35th to 37th.  

“As far as web threats are concerned, among the noticeable changes we’ve seen in the region reflect the same scenario worldwide —strong activity of web-miners in the beginning of the year followed by a dropdown. There was also a growth of online skimmers that we’ve recorded. In the case of local threats, the overall situation in SEA is the same — there’s a drop in the number of cryptocurrency miners and a slight decrease in crypto ransomware,” said Yeo Siang Tiong, general manager for Kaspersky Southeast Asia. 

“In the Philippines, we believe the stern warnings against the use of cryptocurrencies and the newly enacted law which imposes harsh penalties against bank account fraudsters and credit card skimmers, are among the possible reasons for the changes in numbers. Despite these though, we can’t drop our guards and be complacent. The overall increase in awareness and level of security among individual Internet users and businesses only mean that typical attacks will be more difficult to carry out. And we see that cybercriminals will intensify their efforts towards social engineering tactics more and will veer away from PCs to focus on attacking mobile devices and other internet-connected hardware,” he adds.

In order to be secured against the evolving threats online and offline, Kaspersky security experts advise the following basic but important steps:

For businesses:

⦁ Secure internet access for your employees. Deploy solutions which can help provide multi-layered gateway level protection against the latest web-based threats and blocks them before they reach your end points. Such is part of ⦁ Kaspersky Targeted Solutions portfolio.
⦁ Raise your employees’ awareness of cybersecurity by educating them on good cyber hygiene. Awareness training can help develop cybersafe behavior by building your employee’s understanding of potential threats. 
⦁ Configure your OS to avoid running anything from USBs.

For consumers:

⦁ Use USBs, CDs and DVDs from trusted sources.
⦁ Carefully check the link before visiting a site, especially for misspelling or other irregularities, even if you think it’s a site you’ve visited regularly before.
⦁ Enter your username and password only over a secure connection. Avoid logging in to online banks and similar services via public Wi-Fi networks.
⦁ Be aware that URLs that begin with the “https” may not always be secure.
⦁ Don’t trust emails from unknown senders until you can verify the authenticity of their origins. 
⦁ Always run a system with a quality, up-to-date anti-malware program such as Kaspersky Internet Security. Our advanced solution will help you solve most of the problems automatically and alert you if something went wrong.

Liked this post? Follow SwirlingOverCoffee on Facebook, YouTube, and Instagram.