THE Philippines landed in the fourth spot in the new global ranking of countries with the highest web threats in 2023.
According to the recent Kaspersky Security Network (KSN) report, web threats directed at the Philippines decreased by approximately two percent, totaling 48 percent last year compared to 49.8 percent in 2022. This shift caused the Philippines to drop two spots, placing fourth globally among countries most frequently targeted by malicious files and phishing websites originating from the internet.
Yeo Siang Tiong, general manager for Kaspersky Southeast Asia, credited the slight drop to the efforts of government agencies in cyber-proofing the country.
“We see the country is slowly making headway in cybersecurity. We classify the Philippines to be in the intermediate group of countries that are identifying cyberattacks and making efforts to implement rules,” he said.
Another reason for the drop is that cybercriminals are continuously taking other attack routes that might be off the radar.
“One trend that we consistently have been seeing lately is their preference for targeted attacks instead of the spray and pray method.
In the recent global ranking, the Philippines came behind Mongolia (51.8 percent), Moldova (48.9 percent) and Greece (48.8 percent). Since 2019, the country has consistently been in the top 10 ranking countries.
Other countries with high web threats are Kazakhstan (47.7 percent), Belarus (47.5 percent), Russian Federation (47.4 percent), Latvia (46.1 percent), Kyrgyzstan (44.8 percent) and Bulgaria (44.2 percent).
Among Southeast Asian countries, the Philippines is trailed by Malaysia (33rd place) with the overall percentage of users attacked by web-borne threats from January to December 2023.
With cybercriminals continuing to develop tools and techniques, the Philippines should remain vigilant at all times.
“They (cybercriminals) actually surprise cybersecurity experts all the time. Our mindset should be how to be able to hunt threats before they could cause harm and damage. At this point, I recommend that we should be talking more about threats as we proactively learn to detect and respond to them. This is where threat intelligence comes in handy,” said Yeo,
Web or online threats are attacks through browsers which are also cybercriminals’ tried and tested ways to spread malware. It can easily be done with or without the involvement of the victim.
A web attack with victim participation is done through social engineering. The victim is tricked into doing something that jeopardizes their personal security or the security of the organization they work for. The objective is to get the victim to respond by clicking an infected email attachment, or a compromised website, or responding to a fake unsubscribe notice, among others.
Last year’s data breaches involving a government agency and an e-wallet company, which were each reportedly traced to phishing, are examples of this type of web threat.
An attack requiring no victim involvement is through drive-by downloads. By simply visiting a compromised website, their device gets infected automatically (and silently), particularly if they fail to apply a security update to one of their apps. This method is used in most web attacks.
To stay protected, Kaspersky recommends to users the following:
* Do not download and install applications from untrusted sources.
* Do not click on any links from unknown sources or suspicious online advertisements.
* Create strong and unique passwords, including a mix of lower case and upper case letters, numbers and punctuation, as well as activate two-factor authentication.
* Always install updates.
* Ignore messages asking to disable security systems for office or cybersecurity solution.
* Use a robust cybersecurity solution appropriate to system type and devices. / KOC