KUALA LUMPUR, 25 APRIL 2010 -- Malaysia is listed in the Asia Pacific and Japan top 10 countries for phishing and bot-infected computers, according to security solutions firm Symantec's latest Internet Security Threat Report (ISTR).
"Malaysia ranked fourth in Southeast Asia (SEA), behind Thailand, Philippines, and Indonesia for hosting phishing websites in Asia Pacific and Japan (APJ)," said Symantec Malaysia, principal consultant, enterprise security, Paul Woo, who added that the study was in its eighth year.
"In Malaysia, 86 per cent of the phishing website hosts target the financial services industry (FSI)," said Woo. "The motive behind this percentage is financial gain."
Woo said the report showed that cyber criminals continued to focus on acquiring confidential information, which could then be sold at lucrative prices in the underground economy.
"Cyber criminals now focus on single financial institutions, for instance, and devise attack strategies specifically for the customers of that institution," he said.
The Symantec Internet Security Threat Report, which is created by the Security Technology and Response (STAR) organisation, is derived from data collected by tens of millions of internet sensors, first-hand research, and active monitoring of hacker communications covering more than 200 countries, and is intended to provide a global view of the state of Internet security.
Growing attack on enterprise sector
Symantec South Asia region, principal consultant, Nigel Tan said the growth of attacks on the enterprise sector in developing economies continued to grow. "This is fuelled by the local growth of IT infrastructure as well as access to broadband connectivity.
"According to another recently-released Symantec study --2010 State of Enterprise Security Report -- 75 per cent of enterprises have experienced cyber attacks in the past 12 months and 100 per cent experienced some type of cyber loss in 2009," said Tan. "[That] report showed that the average annual cost of cyber attacks is US$2 million globally and US$763,000 in Asia Pacific and Japan."
"Cyber attackers have evolved their techniques from simple scams to more highly sophisticated espionage campaigns that target some of the world's largest corporations and government entities," said Tan.
"The ranking of countries in the report is based on an aggregate of malicious activities ranked into five main areas: malicious code, spam zombies, phishing hosts, bots, and attack origin," he said.
"Theft and loss of laptops and USB drives constitute 36 per cent of data breaches globally," said Tan.
"Hacking and insecure policies further expose personal data; organisations and people need to manage their systems and infrastructure more efficiently," he said.
"Advanced social engineering tricks are continuing to grow in sophistication, for example there has been an increase in adverts offering loans," said Tan. "In addition, the growth of online purchases means that phishing attacks are expected to remain firmly in the landscape."
Cyber criminals get software support
"There has been continued rise in the sale of attack kits' to cyber criminals these are like the Swiss army knife. Basically, it is a single piece of software, costing US$700-3,000, which allows attackers to make multiple attacks," Tan said, adding that after-sales support is even included for purchasers.
Though there has been a rise in prices in the underground economy for credit card information between US 85 cents and US$30 the actual number of adverts for such data appears to have dropped from 32 per cent in 2008 to 19 per cent in 2009, perhaps due to more stringent measures from financial institutions," he said.
"The general global economic downturn in the last two years does not seem to have negatively impacted the underground economy, which appears to remain robust, said Tan.
He added that Symantec's Report on the Underground Economy 2008, which covered the reporting period between July 1, 2007 and June 30, 2008, the company estimated that the value of total advertised goods on observed underground economy servers was more than US$276 million. "This analysis highlights the potential value if all of the advertisers active on underground economy servers observed by Symantec were to liquidate their assets. As the underground economy matures and operates more like a traditional business model, it is expected that generated revenues will increase."
Need to increase security social responsibility
"Malaysia ranked third in Southeast Asia in the bot-infected computers category, behind Thailand and Singapore, possibly due to new users adopting broadband," said Symantec's Woo. "Bots are covertly installed on a computer to allow hackers to remotely control the machine for a wide variety of uses."
"Malaysian IT security tends to lag a little behind in terms of local resources and skill-sets, and we believe that the Malaysian government needs to further encourage security awareness as well as increase the number of security-specific courses at university level," Woo said.
We have been talking to our customers on protecting their information," he said. "There has been a lot of positive traction in this area in Malaysia and a definite increase of interest in the need for security awareness."
Sign up for CIO Asia eNewsletters.