Photo - (From left) David Rajoo, Principal Consultant, Symantec Malaysia; Eric Hoh, Vice President, Asia South and Korea regions, Symantec Corporations; and Nigel Tan, Director, Systems Engineering, Symantec Malaysia.
Security solutions provider Symantec Malaysia's latest Internet Security Threat 2014 volume 19 [ISTR 19] report shows a global era of 'mega breaches' has dawned and that Malaysian organisations need to review and adopt a more proactive security posture as the country slips to #33 in the 2013 global internet security threat rankings.
Speaking in Kuala Lumpur, Symantec Corporation vice president, Asia South and Korea Regions, Eric Hoh said report, which was based on the analysis during 2013 of the company's Global Intelligence Network made up of more than 41.5 million attack sensors and records thousands of events per second, examined the security threat activities of157 countries.
In 2012, Malaysia was at #35, said Hoh while USA, China and India held the top three spots for most security threat activities. The study shows that after first relatively quiet 10 months of 2013, cyber criminals adopted a series of attacks with eight major breaches in 2013, each exposed greater than 10 million identities, targeted attacks increased and end-user attitudes towards social media and mobile devices resulted in wild scams and laid a foundation for major problems for end-users and businesses.
He said cyber criminals are now planning for months before carrying out "huge heists - instead of executing quick hits with smaller rewards" adding that this shows a significant shift in behaviour.
In 2013, there was a 62 percent increase in the number of data breaches globally from the previous year, resulting in more than 552 million identities exposed - proving cybercrime remains a real and damaging threat to consumers and businesses alike. One mega breach can possibly be worth 50 smaller attacks.
"While the level of sophistication continues to grow among cyber attackers, what was surprising last year was the cyber attackers' willingness to be a lot more patient - waiting to strike until the reward is bigger and better," said Hoh, adding that six global key trends detailed in the report are data breach, targeted attacks, vulnerabilities, ransomware, mobile and social media and internet of things.
"With cybercriminals constantly innovating and enhancing their modes of attacks, companies globally and in Malaysia cannot afford to let their guard down. The consequences of complacency can be far-reaching, causing commercial and reputational damage."
Malaysia's internet security profile declines
"Malaysia's Internet security profile declined last year and ranked 33rd among countries globally on Internet security threat activities," said Symantec Malaysia director of systems engineering, Nigel Tan. "This is a clear indication that cybercriminals have not slowed down, in fact they are increasing the efficiency of their campaigns and have their eye on Small and Medium Businesses (SMBs) with less than 500 employees, in particular the healthcare and transport/utility sectors in Malaysia."
Tan said Malaysia's security profile reflected the global trend as the size and scope of data breaches around the world was increasing, putting the trust and reputation of businesses at risk, and increasingly compromising consumers' personal information - from credit card numbers and medical records to passwords and bank account details. Each of the eight top data breaches in 2013 resulted in the loss of tens of millions of data records. By comparison, 2012 only had a single data breach reach that threshold.
The ranking is assessed from activities such as malicious code, spam, phishing hosts, bots, network attacking countries, and web attacking countries, he said, adding that servers in Malaysia could be conduits rather than originators of malicious threats.
"For cybercriminals, the potential for huge paydays means large-scale cyber attacks are here to stay. Companies of all sizes need to re-examine, re-think and possibly re-architect their security posture," said David Rajoo, principal consultant at Symantec Malaysia.
Rajoo said that targeted attacks were up 91 percent globally in 2013 and lasted an average of three times longer compared to 2012. Personal assistants and those working I public relations were the two most targeted professions - cybercriminals use them as a stepping stone toward higher-profile targets like celebrities or business executives.
Tan added that much of Malaysia's security profile mirrors global trends including the targetting of phishing attacks on personal assistants, media (public relations executives) as these tended to open attachments as part of their everyday roles. "However, another new aspect of this vector is illustrated by the case of a personal assistant in a French mining company who received a phishing mail with an attachment purporting to be an overdue invoice, which was then followed up by a threatening phone call, which prompted her to open the attachment
"What is interesting is the targeted attacks became slow and low as cyber attackers increased the number of campaigns they ran, but decreased the emails used and the number of people they attacked in each campaign. It's almost as if they brought in efficiency experts to improve their attack campaigns," Rajoo said.
Mobility: wearable technology and IoT
Hoh said that as the 'Internet of Things' [IoT] becomes more an everyday reality as part of the general growth of mobile computing, items like TVs, telephones, security cameras, and baby monitors as well as wearable technology and even motor cars will become woven into the fabric of the Internet.
Tan added that this trend will "increase the attack surface, presenting new opportunities for researchers and attackers alike. The Internet of Things could soon become the next battleground in the threat landscape."
The report added that wearable technology such as interactive wristwatches and other accessories will make interacting with these apps less like being online and simply a part of everyday life. "Users who are less aware of the potential risks and dangers may soon find themselves victims. The importance of online security education and awareness-raising for these users will be greater than ever."
"In the future, expect more traditional malware threats being 'ported' to mobile devices," continued the report. "Fake security software has already appeared in this environment, and ransomware could soon be developed for the mobile platform too, given how lucrative it has proved on desktop and laptop computers. The latest mobile devices also contain a large number of entry points, including Wi-Fi, Bluetooth, and near field communication (NFC), as well as USB.
"There may be plenty of opportunities to compromise these devices through new methods not fully explored at this stage. So far, mobile threats are still mainly aimed at consumers rather than enterprises. Only a few cases have been discovered where a mobile threat has targeted corporate users. Targeted attacks can be expected to take advantage of the mobile landscape in the near future, especially since the potential for surveillance or counter surveillance measures are even higher on devices that include in-built cameras and microphones that may be switched on and off with ease."
Hoh said that Symantec is recommending a proactive security approach. "Focusing on the information and the flow of that information around networks is a more proactive approach then just focusing on the hardware. All organisations should now relook and perform a more comprehensive review of their security posture."
The Internet Security Threat Report is based on data from Symantec's Global Intelligence Network, which Symantec analysts use to identify, analyse, and provide commentary on emerging trends in attacks, malicious code activity, phishing, and spam.
Symantec also issued the following the best practices:
- Know your data: Protection must focus on the information - not the device or data centre. Understand where your sensitive data resides and where it is flowing to help identify the best policies and procedures to protect it.
- Educate employees: Provide guidance on information protection, including company policies and procedures for protecting sensitive data on personal and corporate devices.
- Implement a strong security posture: Strengthen your security infrastructure with data loss prevention, network security, endpoint security, encryption, strong authentication and defensive measures, including reputation-based technologies.