The evolution of networks and thus the type of utility it has for hackers is slightly different from that in North America or Europe. In those regions, the networks evolved from dial up connections to high speed networks but in APAC - most of the countries are leap frogging the technology and directly moving to networks that have much higher speeds than traditional modem-based networks. In addition, most organisations in APAC are aware of how the Internet is to be leveraged so banks and other institutions are already adopting these technologies but while doing so they need to be aware of the security threats and ensure that they have the right security based on their own threat perception.
Scott Robertson (SR): One of the latest threats that has surfaced very recently comes in the shape of an aggressive malware and a form of ransomware known as CryptoLocker. It infects computers, encrypts files and then extorts money, via anonymous online payment modes, for the files in return. CryptoLocker passes via phishing emails that a user clicks on or downloads attachments from. Having done so, the user will notice a file which resembles a pdf or image file but is actually an extension file (.exe). Upon clicking on this file, CryptoLocker will infect the computer. It will connect to command and control servers and search for file types and then encrypt them using techniques such as RSA and AES 2048-bit encryption which are practically uncrackable.
It is important to note that the current threat landscape is such that we see numerous forms and variations of threats that organisations are vulnerable to which are not necessarily specific to a region. The threat landscape globally is constantly evolving and organisations have to keep abreast by employing appropriate security policies and necessary infrastructure.
Q: Just last week, it was reported that groups claiming links to the Anonymous collective defaced dozens of websites belonging to Australian businesses and Philippine government agencies. Could you elaborate on how such incidents happen?
JH: Like any attack, the attacker needs to find the weakness in the system to be attacked. In case someone is trying to attack a network, the attack can be broadly broken down into the following (and many more sophisticated ones):
1. Reconnaissance : This is the phase where the attacker is trying to find the weakness in the system to be attacked such as a website or a network. During this phase, they scan the website, crawl the web pages, inject random inputs into the fields of the web forms - the intent is to find information about the server infrastructure and if there are misconfigurations and weaknesses. Misconfiguration could be in the form of default admin passwords not being changed, or if a software package is being used - admin may have forgotten to remove the default files which may have very loose security configuration etc.
Sign up for CIO Asia eNewsletters.