RP 4th in SE Asia as source of Internet security threats—report

MANILA, Philippines – The Philippines ranks fourth in Southeast Asia as one of the sources of Internet threats in the region and 10th in the Asia-Pacific and Japan (APJ), according to a report by a software giant.

The Philippines places fourth behind Thailand, Vietnam, and Indonesia where malicious codes, spasm, zombies, phishing hosts, and bots originate, according to Symantec’s Internet Security Threat Report Volume 15.

China ranked first in the APJ region, Symantec said in its report based on a study it conducted from Jan. 1 to Dec. 31, 2009.

In that same report, the Philippines ranked sixth as the origin of Web-based attacks, with six percent in the APJ region originating from the country.

Web-based attacks are launched from computers other than that of the user through redirection or malicious advertisements.

The country also has a significant number of bot-infected computers. Symantec said bots were “covertly installed” on a computer that allowed hackers to remotely control one’s computer to commit cybercrimes like identity theft and data breaches.

The country is also one of the hosts of phishing URLs in APJ. In fact, Symantec said the country ranked second for phishing in Southeast Asia.

Phishing attempts to acquire someone’s information like passwords, usernames, and other information such as those found on credit cards.

Symantec said that locally, the target of phishing was the financial sector, with 92 percent of its URLs being “spoofed” or copied.

“Attackers were targeting confidential information, especially bank account credentials and credit card information. Such data are highly sourced for and sold at lucrative prices in the underground economy,” Symantec said in its report.

Raymond Goh, regional technical director of Symantec, said the rise in Internet attacks was brought about by the increasing number of users, with major businesses being the main source of these attacks.

“Give the potential for monetary gain from compromised corporate intellectual property, cybercriminals have turned their attention toward enterprises. The report found that attackers are leveraging the abundance of personal information openly available on social networking sites to synthesize socially engineered attacks on key individuals within targeted companies,” he said.

Goh said that while social networking sites were initially used as a means to interact, it was now being used by cybercriminals to obtain sensitive information from an individual or an enterprise.

Symantec suggested that:

*Businesses should protect the infrastructure by devising an effective security plan.

Goh said that the key was for businesses to determine the source of Internet threats and to come up with solutions to effectively contain the threat.

*Businesses should also protect sensitive information within the company like e-mails, firewalls, and to fix any weak links that could be used by cybercriminals to launch an attack.

*Companies should develop and enforce strict IT policies and to effectively manage security systems.

For protection against Internet attacks, Symantec offers:

• Control Compliance Suite 10.0, which promises to deliver greater visibility into an organization’s IT compliance and risks, to provide better intelligence at lower costs;
• Data Loss Prevention Suite 10.5, which helps prevent data loss through social media and helps protect information in private clouds;
• Altiris Management Suite 7.0, which has complete IT management that enhances effectiveness through faster deployments and increased security;
• The Symantec Protection Suits with an in-depth protection tailored to specific areas of the IT infrastructure and provide businesses with unified information security management across endpoints, servers, and gateways. –By Abigail Kwok, INQUIRER.net