This article is contributed by Wong Joon Hoong, Country Manager, Sophos Malaysia
Recent study reveals that the probable economic damage in Malaysia due to cybersecurity attacks could reach up to four per cent of the nation’s total GDP growth of US$ 296 billion, that is approximately a staggering US$ 12.3 billion (RM 49.15 billion). As the fear for conspicuous cyberattacks, such as ransomware, continues to trigger alarms of precaution in both organisations and consumers alike, this has caused a digital transformation delay in not just Malaysia, but across companies in Asia Pacific as well.
Despite threats, attacks and risks continue to increase, conclusively the organisation challenges which may arise in 2019 aren’t insuperable. Understanding the mind of cybercriminals and how they play in the cyberspace is crucial, as it allows organisations to win an upper hand in the game. Sophos, a global leader in network and endpoint security, urges companies to secure themselves with knowledge of the probable future threats and pacing back to comprehend big-picture trends that are driving each attack.
Hand-crafted, targeted attacks are on the rise
Asia has seen its fair share of ransomware attacks, and well-known ones like WannaCry and CryptoLocker have the tendency to be opportunistic by sending out boobytrapped attachments sent to a large number of potential victims via email.
Despite so, as of three months ago, none of Malaysia’s top 30 listed companies, including banks and telcos, have yet to fully set up defense mechanism to prevent fraudsters from hacking through their domains. Representing just a fraction of Malaysia’s 261,000 businesses, this left about 15.3 million online users vulnerable to fraudulent emails in its name.
2018, however, has seen the advancement of hand-delivered, targeted ransomware attacks that are different from the mass email dissemination method. What this attack methodology means is that even though fewer attacks may take place, the results will be far more devastating, and the cybercriminal could demand a higher ransom. Subsequent malware also has the potential to evolve to become more destructive and effective. This attack style, where these criminals manually maneuver through a network in a step-by-step manner, is now increasing in popularity and the financial success of malwares like SamSam is bound to inspire copycats to strike in 2019.
While these forms of manual attacks are more challenging to prevent using conventional methods, it also signifies that there are far less competent hackers who are capable of conducting them.
Mobile malware is a growing and persistent threat
In 2018, we saw a decline in ransomware attacks after its guerilla performance, notably with Media Prima demanding RM 26million in bitcoins. However, latest cyberattacks have moved from desktop and laptop computers, to mobile and Internet of Things (IoT) platforms. Today, we saw a short but taxing rise in a cryptominers dominated malware landscape, impacting about 37 per cent organisations worldwide.
Cryptojacking, the act of using one’s device to mine cryptocurrency saw an astronomical rise in cryptocurrency value last year, attracting numerous attempts from cybercriminals to cash in on this profitable market. Masked as an innocent-looking app, the cryptominer could strain one’s device processor under the load by transferring the costs of mining (performance, and wear and tear) to the victims and reap the benefits off their victims at no benefit to anyone but the cryptojacker. To reduce future threats, Gobind Singh Deo, Communications and Multimedia Minister of Malaysia is expected to launch a national cyber security policy in the first quarter of 2019.
Mobile cybercriminals also tend to take the route of advertising click fraud, embedded through yet another innocuous app that simulate users clicking ads to generate revenue. According to Geh Thuan Hooi, Malaysian Institute of Human Resource Management human resource adviser, there is an exponential increase in demand for digital marketers in 2019. This means businesses are moving their marketing strategy online, including investment in pay-per-click (PPC) advertising. Thanks to the simplicity of click fraud and the amount of investments in today’s pay-per-click advertising, almost no one is safe.
This year, SophosLabs uncovered an app supplied as part of the stock firmware image of a small phone maker that had been ‘Trojanised’ in the supply chain, before anyone purchased the device. The app, Sound Recorder, had been altered to discreetly intercept and send SMS text messages. Identifying and ultimately removing such a malicious app is almost impossible until the producer of the device is aware of the compromise.
Cybercriminals are turning to what’s already available for their cybercrime sprees
Moreover, Sophos’ 2019 Threat Report uncovers a shift in threat execution, as more mainstream attackers now employ Advanced Persistent Threat (APT) techniques to use readily available IT tools as their route to advance through a system and complete their mission – whether it is to steal sensitive information off the server or drop ransomware.
By utilising essential or built-in Windows IT admin tools, including Powershell files and Windows Scripting executables, cybercriminals are able to deploy malware attacks on users undetected. This pivotal finding traces how this technique has become a common feature in an increasing number of cyberattacks today.
Known as ‘living off the Land’ as it avoids the need to download dedicated tools, cybercriminals have stopped emailing malware to victims via actual malicious executable programmes, but instead switched to using a series of interlinked, nonexecutable scripts, exploitable Microsoft Office document vulnerabilities, and Office document macros that makes detection a puzzle. Because it involves a wide range of file types that include several “plain text” scripts chained in no particular order, it becomes incredibly challenging to separate the normal operations of a computer from the irregular behaviour of a machine in the midst of a malware infection.
Using deep machine learning and AI to avoid PDF based malware attacks
Portable document format (PDF) is one of the most commonly used file formats and it is believed to be less suspicious than executable files. Hence, it is rare for IT administrators to block incoming PDF documents. However, because of the huge popularity and flexibility of PDF file format, it also opens up many ways for attackers to propagate malware via PDF documents. As a result businesses need to turn to solutions that are capable of a multi-layered arsenal of protection in modern cybersecurity, to detect malicious malware in PDF files. This will escalate the detection process – saving businesses time and money.
Staying ahead of the game
For companies, of all scales, to stay protected, education on cybersecurity threats are vital to organisational success. Monash University Malaysia, for example, has outdone itself by setting up a strict sender authentication framework, making it difficult for anyone to impersonate the university and send you a fake email from a spoofed @monash.edu.my address. Simple protection steps matter.
better adopts the digital economy, operating businesses becomes more vulnerable
to cyberattacks as well. To avoid unfavourable financial losses, Sophos urges
both public and private sectors to look into better protection plan against
malware risks and plan ahead to not take cybersecurity for granted.
Wong Joon Hoong
Country Manager, Sophos Malaysia
Joon Hoong Wong has over 22 years of business development and sales management experience in the security industry with a proven track record of running successful lines of businesses and multi-regional sales teams. A greater part of his business experience has been in building and executing successful go-to-market (GTM) strategies for a newly acquired business or accelerating growth in an existing business.
Previous to joining Sophos as the Country Manager, he was the Commercial Director at TecForte.
Before TecForte, Wong was the Country Manager and Regional Sales Director at Trend Micro in Malaysia. He led the team to achieve the number one position in the Content Security Market in the country as reported by IDC in 2004.
Wong holds a Diploma in Computer Studies from Stamford College.