Photo - Nigel Tan, Country Director, Malaysia & Thailand, Symantec.
Security solutions firm Symantec's latest Internet Security Threat Report (ISTR) noted that cybercriminals are changing their tactics together with an increase of attacks against both large and small companies in Malaysia.
During the unveiling of the report, Symantec's country director for Malaysia & Thailand, Nigel Tan said: "Almost no company, whether large of small, is immune from targeted attacks. In Malaysia, five out of every six large companies with more than 2500 employees were targeted with spear-phishing attacks in 2014. Small- businesses also saw an uptake, with attacks increasing from 10 percent in 2013 to 28 percent last year. In view of the growing sophistication of these attacks, good IT security is essential and broad cybersecurity practices should be the norm."
"We are seeing a dramatic shift in the mode of attacks," said Tan. "Attackers have stepped up their game by tricking companies into infecting themselves through Trojanised software updates, hiding their malware inside software updates of programs used by target organisations. This enables cybercriminals to gain full access to corporate networks without the need to even make any forced entry."
"In a record-setting year for zero-day vulnerabilities, Symantec research reveals that it took software companies an average of 59 days to create and roll out patches-up from only four days in 2013," he said. : Attackers took advantage of the delay and, in the case of Heartbleed, leapt to exploit the vulnerability within four hours. There were 24 total zero-day vulnerabilities discovered in 2014, leaving an open playing field for attackers to exploit known security gaps before they were patched."
In addition, Tan said that advanced attackers continued to breach networks with highly-targeted spear-phishing attacks, which increased a total of eight percent in 2014. "What makes last year particularly interesting is the precision of these attacks, which used 20 percent fewer emails to successfully reach their targets and incorporated more drive-by malware downloads and other web-based exploits."
Malaysia 5th in APJ
The study noted that attackers were using stolen email account details from one corporate victim to "spear-phish other victims higher up the food chain as well as taking advantage of companies' management tools and procedures to move stolen IP around the corporate network before exfiltration.'
There is also evidence of attackers building custom attack software inside the network of their victims to further disguise their activities, said Tan, adding that email remained a major attack vector for cybercriminals, but they continued to test new attack methods across mobile devices and social networks to reach more people, with less effort.
"Instead of doing the dirty work themselves, cybercriminals are taking advantage of unwitting users to proliferate their scams," said Tan. "For 2014, Malaysia is ranked 5th in the Asia Pacific and Japan region for the number of social media scams. Interestingly, the majority of such scams, up to 84 percent, were shared manually as attackers took advantage of people's willingness to trust content shared by their friends."
He said though social media scams provide cybercriminals with quick cash, some use more "lucrative and aggressive attack methods like ransomware, which rose 113 percent last year. Notably, there were 45 times more victims of crypto-ransomware attacks than in 2013. Instead of pretending to be law enforcement seeking a fine for stolen content, as we've seen with traditional ransomware, the more vicious crypto-ransomware attack style holds a victim's files, photos and other digital content hostage without masking the attacker's intention. Malaysia recorded an estimated 4,530 ransomware attacks last year, 9th highest in the region."
"2014 saw the first piece of crypto-ransomware on mobile devices on Android. Malaysia is ranked 13th globally with 37% of mobile devices experiencing attempted or successful malware infection," Tan added.
Advice to businesses
Symantec's advisory to businesses included:
- Don't get caught flat-footed: Use advanced threat intelligence solutions to help you find indicators of compromise and respond faster to incidents.
- Employ a strong security posture: Implement multi-layered endpoint security, network security, encryption, strong authentication and reputation-based technologies. Partner with a managed security service provider to extend your IT team.
- Prepare for the worst: Incident management ensures your security framework is optimized, measureable and repeatable, and that lessons learned improve your security posture. Consider adding a retainer with a third-party expert to help manage crises.
- Provide ongoing education and training: Establish guidelines and company policies and procedures for protecting sensitive data on personal and corporate devices. Regularly assess internal investigation teams-and run practice drills-to ensure you have the skills necessary to effectively combat cyber threats.
The Internet Security Threat Report is based on data from Symantec's Global Intelligence Network, which Symantec analysts use to identify, analyse and provide commentary on emerging trends in attacks, malicious code activity, phishing, and spam.
Sign up for CIO Asia eNewsletters.