Thailand has ranked high on lists of most infected countries for more than a year: a user surfing the Web in Thailand, has a one-in-five chance of encountering malware according to Sophos. Only China and Indonesia are listed as riskier than Thailand.
The nation, which suffered massive flooding in 2011 that caused a worldwide shortfall in hard-disk drives, has ranked high on lists of most infected countries for more than a year. In April 2011, for example, antivirus firm PandaLabs named Thailand the No. 2 most infected country, with nearly two-thirds of systems infected by some form of malicious software.
According to the studies, web users in Thailand have “a greater than one-in-five chance of encountering malware each quarter” of the year.
Only Indonesia, with a 23.5 per cent cyber-risk factor, and China with 21.3 per cent ranked higher than Thailand.
A look at the latest report from antivirus firm Sophos underscores the dangers of not treating Internet security at a national level. In its year-end report, Sophos found that users in southeast Asia were living in the equivalent of a digital hot zone.
Using a measure called the threat-exposure rating (TER), the company tracked the probability that a user’s computer would encounter a malicious infection attempt in a particular three-month period. Eight of the 10 riskiest nations were in southeast Asia with one country from the Middle East and another from central America rounding out the bottom 10.
Many of the threats that impact those nations take advantage of older vulnerabilities, says Richard Wang, manager of Sophos’ research labs.
“That is a pretty strong indication that there are a lot of PCs out there that are not being protected by updates or any form of security software,”
he said.East and Southeast Asian countries took seven of the top 10 “most dangerous” spots to access the worldwide web and the internet, the study said.
Growth of dangerous targeted attacks
While law enforcement was becoming more effective against cybercriminals, 2012 also saw growing concern about state-sponsored cyber attacks, as well as exploits launched in apparent cooperation with states to achieve strategic objectives. To the extent that these attacks proliferate and are confirmed, high-value government and private targets will face worrisome new risks. Lower value targets will also need to increase vigilance in order to avoid becoming collateral damage. This will mean, among other things, strengthening their own network security efforts—and integrating them with other security services to detect and repel attacks more rapidly.
In this category, the Flame attack got the most publicity in 2012, but its significance and effectiveness were far from clear. More recently, the destructive Shamoon Trojan (Troj/Mdrop-ELD) apparently caused significant damage throughout the Middle East’s energy sector.
According to the BBC and The Register, it infected some 30,000 computers, taking Saudi Arabia’s national oil company network offline. Soon thereafter, Qatar’s natural gas firm RasGas was attacked, taking its network and website offline as well, and leaving its office systems unusable.
We saw hints of organized cyber attacks against the U.S. Late in September, U.S. Senator Joseph Lieberman pointed to massive recent DDoS attacks targeting Bank of America, JPMorgan Chase, Wells Fargo, Citigroup and PNC Bank, and alleging without public proof that these attacks were “done by Iran… [as] a response to increasingly strong economic sanctions the U.S. and its allies have put on Iranian financial institutions. It is, if you will, a counter attack…”
The study cited by eWeek did not break down types of threats except in Indonesia, where internet users are subjected to widespread Trojan horses, software applications infected with malware that are then sold online.
The Security Threat Report 2013 was released Thursday by Sophos. It ranked Norway, Sweden and Japan as the safest countries to access the internet, all with infection and attack rates under three per cent.