Cyber treats are a global issue that governments are struggling to address. Izwan Ismail talks to cybersecurity expert company Forcepoint's Principal Security Consultant for Southeast Asia, Brandon Tan, on the unique threats faced by Malaysia, and the efforts being made to deal with them.
Q: What is the current cyber security threat situation in Malaysia like?
A: Cybersecurity is very much a global issue. When attacks happen in the US, chances are, they will trickle down to other parts of the world too. In Malaysia, specifically, cybercrimes have increased at an average of 10,000 cases per year – the highest number involves online scams and hacking information systems of organisations.
In 2015, there were 1,714 cases of cyber hacking reported in Malaysia. This year, however, it’s shocking to note that 1,705 incidents have already been reported during the first half of the year!
This proves that the threat in Malaysia is only increasing, and it is expected that more local organisations will be under attack in future. There will also be increased incidents of insider threats through hijacked systems, rogue users, or accidental user errors.
Q: What are the most worrying threats among consumers in Malaysia in the cyber world today?
A: The most worrying threat is that consumers can experience an incidence of cybercrime in a relatively easy fashion. More and more attacks that are happening are for financial gains by way of data leakage or data theft. With the rise of social media and internet usage for personal and professional reasons, consumers seemingly sprint their way throughout the online universe without thinking about privacy settings.
Individuals share much of their personal and sensitive information on social media, and because of the easy accessibility to this personal information, attackers are able to take advantage of this information for malicious purposes. Daily routines like answering e-mails, texting over WhatsApp, transferring files over USB and the like, leave a footprint which can also be exploited by those with ill intentions.
Q: How do these threats affect them?
A: As access to various data, including those of a confidential nature, becomes easily attainable, crooks are able to uncover pins, passwords and sensitive information for malicious purposes. These attackers can spread malware via malicious email attachments, infected programmes and compromised websites. They hold a victim’s files, computer system or mobile device “hostage”, restricting access until a ransom is paid. In the case of ransomware, demands are relatively affordable and easy, as crooks are intent on collecting money quickly and moving on to their next target. However, making payment does not guarantee the successful return of encrypted files or device/ computer storage.
Q: What are some of the specific cases from these threats?
A: Earlier this year, Forcepoint did a special investigation, named JAKU, into a botnet campaign. Botnets are an easy form of resilient, redundant and highly pervasive attack infrastructure that are repeatedly deployed by major threat actors, such as organised crime-sponsored attackers and rogue states via their agencies. What makes JAKU unique is that within the noise of thousands of botnet victims, it targets and tracks a small number of specific individuals. JAKU targets its victims primarily via 'poisoned' BitTorrent file shares. The victims are spread all over the globe, but a significant number of victims are in South Korea and Japan. We found out that the botnet Command and Control (C2) servers identified are also located in the APAC region, including Malaysia, Singapore and Thailand.
Q: What has been lost due to these attacks?
A: Over the period of Sept 2015 to May 2016, an excess of 29,000 unique victims have been recorded by JAKU. However, the prevalence of duplicate entries in the telemetry data suggests that a more realistic figure is closer to 19,000.
Q: Are Malaysians aware of the threats they face?
A: People in general have grown complacent that attacks will not happen to them. There is an assumption that because the individual has not experienced a breach, they are doing the right thing or are not a target (and therefore would continue not to be). Thankfully, in Malaysia, programmes are in place to recognize the importance of cyber security.
Science, Technology and Innovation Minister Datuk Seri Madius Tangau recently said that there is a need to develop a national cyber security innovation ecosystem and that cyber security will continue to be a priority for Malaysia in the next five years, particularly the development of home-grown cyber security products and services. This added emphasis on the issue will help businesses stay more vigilant and protected from attacks. As cybersecurity continues to evolve and shift, awareness has to come from within, so that cybersecurity is acknowledged and prioritised.
Q: How can they plan for their online safety?
A: Businesses should exercise caution and avoid opening suspicious e-mail attachments or links to websites that they do not recognise or are sent from people they do not know. Everyone should understand the need to establish different passwords for different accounts. It doesn’t stop there; these passwords must be changed on a routine basis. This way, the damage of a breach is limited to the site that was compromised – not every site that victims use during the week.
Besides basic cyber security awareness, businesses can also take things a step further by implementing solutions against insider threats and privileged users. These internal issues often have a longer dwell time and can result in severe damage and loss for a company.
Q: What does Forcepoint have to offer?
A: With Forcepoint, companies can embrace new technology and transform their business safely. We offer a simple platform that unifies threat management solutions, allowing businesses to deal with threats quickly and without complexity. We aim to empower organisations to drive their business forward by safely embracing transformative technologies (cloud, mobility, Internet of Things (IOT), and others) without fear.
We are also on the pulse of cyber security issues around the globe and are constantly innovating to keep our clients at the forefront of cybersecurity. Our latest innovations include an insider threat and privileged user programme that help our clients keep a tab on internal attacks, an area that is often overlooked by organisations.