RP ranks 4th in SEA on Internet threats

MANILA, Philippines - Four Southeast Asian countries, including the Philippines, were listed in the top 10 countries in the Asia-Pacific and Japan (APJ) region as source of Internet threats.

The list was released recently by Symantec Corp. in its Internet Security Threat Report (ISTR) Volume XV, which highlights key trends in cybercrime from January to December 2009.

The report cited the Philippines as fourth in Southeast Asia — behind Thailand, Vietnam, and Indonesia — in five threat areas: malicious activity, Web-based attacks, bot-infected computers, phishing URLs, and originating spam.

Raymond Goh, regional technical director, system engineering and customer advisory services of Symantec, said this finding is aligned to the increase in the number of users using broadband and adopting social engineer sites in the region.

Symantec said malicious activities are increasingly happening in emerging countries because of the high adoption of IT in these countries and that there is an increase in the number of targeted threats focused on enterprises as cybercrime becomes easier to perpetuate with the wider availability of attack tool kits in the market.

In the APJ, the Philippines ranked 10th in malicious activities, bot-infected computers and spam, sixth in Web attacks, and eighth in phishing activities.

Clearly, said Goh, this is a top 10 listing that nobody wants to be included in.

According to Symantec, the number of new users adopting broadband in a country may be a significant factor in the rate of bot infections and users may increasingly “need to adopt best practices and be vigilant about their security practices when online.”

In the area of phishing attacks, the top target sector for the Philippines in 2009 was the financial services sector, with 92 percent of phishing URLs detected in the country spoofing financial services industry (FSI) brands.

“Attackers were targeting confidential information, especially bank account credentials and credit card information,” the report said, adding that such data are highly sourced for and sold at lucrative prices in the underground economy.

Goh explained that this underground economy is unaffected by the global economy.

In the area of spam, Symantec said the most common type detected in 2009 was related to Internet-related goods and services such as online degrees, which made up 29 percent of all detected spam.

“Eighty-eight percent of all e-mail traffic observed by Symantec was spam, which means that only 12 percent of e-mail was legitimate,” it said.

Goh emphasized the need for law enforcement procedures and cooperation across international jurisdictions to combat cybercrime and to adopt more secure IT policies.

He cited that hacking, for example, increased exponentially to become the number one cause of identity theft over the Internet as a result of unsecure IT policies.

“When you look at the trends of Internet security threats today and tomorrow, we believe that these four steps — protecting the infrastructure, focusing on information, having an IT policy and implementing it, to correctly manage systems — can eliminate risks to the organization,” he said.