Malaysia is no stranger to the cybersecurity landscape, having been involved in and targeted by a significant number of cyberattacks and data leaks. These incidents raise questions about the country’s readiness to face cyber threats within this evolving cybersecurity environment.

The 2024 Cybersecurity Readiness Index for Malaysia

In Cisco’s 2024 Cybersecurity Readiness Index, it is revealed that only two percent of organizations in Malaysia are classified at the ‘Mature’ level for readiness. This classification indicates robust resilience against the myriad of modern cybersecurity risks that today’s businesses face.

This critical assessment arrives at a time when hyperconnectivity defines our era, alongside a threat landscape that is rapidly evolving. Businesses are incessantly bombarded with sophisticated cyber threats, ranging from phishing and ransomware to supply chain attacks and social engineering tactics. Despite concerted efforts to fortify defenses against these onslaughts, many organizations are burdened by their complex security frameworks, which often consist of disparate point solutions.

WHAT’S GOING ON WITH CYBER SECURITY IN MALAYSIA?

Muhammad Zulhusni | 14 July, 2023

The complications of defending against cyber threats are further amplified in today’s distributed work environment, where organizational data is dispersed across an infinite array of services, devices, applications, and user interfaces.

Yet, despite these daunting challenges, a surprising 85% of companies profess a moderate to a high level of confidence in their cybersecurity defenses, despite their actual state of preparedness. This stark disparity between perceived confidence and actual readiness points to a potentially dangerous overestimation of their cybersecurity capabilities and a failure to accurately gauge the magnitude of the threats they face.

The 2024 Cisco Cybersecurity Readiness Index undertakes a comprehensive examination of organizational preparedness against cyber threats across five critical domains: Identity intelligence, network resilience, machine trustworthiness, cloud reinforcement, and AI fortification. These domains encompass 31 distinct solutions and capabilities, evaluated through a double-masked survey of more than 8,000 security and business leaders across the globe.

2% of organizations in Malaysia are classified at the ‘Mature’ level for readiness. (Source – Cisco)

The survey’s respondents were asked about their deployment of these cybersecurity measures, classifying them into four ascending stages of readiness: Beginner, Formative, Progressive, and Mature.

Jeetu Patel, Cisco’s Executive Vice President and General Manager of Security and Collaboration, cautions against the peril of overconfidence within the organizational psyche, advocating for a strategic shift towards integrated security platforms and leveraging AI to scale defense mechanisms effectively.

The findings from the study paint a grim picture of readiness among Malaysian companies, with a mere two percent poised to effectively counter contemporary cyber threats. A significant majority find themselves at the lower echelons of cybersecurity maturity, ill-prepared for the inevitabilities of the cyber threat landscape.

Forecasting cyber risks and financial implications

Moreover, the study forecasts a high likelihood of future cybersecurity incidents and sheds light on the financial ramifications of such breaches, with some incidents costing organizations upwards of US$300,000. The reliance on multiple cybersecurity point solutions has proven counterproductive, hampering the swift detection, response, and recovery from incidents. This issue is exacerbated by the admission from a vast majority that the cumbersome management of numerous point solutions slows their security operations.

The survey also highlights the pervasive issue of unmanaged device access, critical talent shortages, and the ambitious plans of organizations to significantly bolster their IT infrastructures and cybersecurity measures in the near term. This includes a notable emphasis on upgrading existing solutions, deploying new technologies, and a considerable increase in cybersecurity budgets.

Addressing the complex challenges posed by today’s threat landscape necessitates a concerted effort from companies to accelerate their investment in security infrastructure, adopt innovative security measures, and embrace a platform-based approach to cybersecurity. This strategy is essential for enhancing network resilience, making meaningful use of AI, and bridging the significant cybersecurity skills gap.

Hana Raja, Managing Director of Cisco Malaysia, underscores the complexity of the current cybersecurity environment, pointing out the lag in cyber resilience among organizations globally, including those in Malaysia. Raja advocates for a comprehensive platform approach to cybersecurity, which promises a simplified, secure, and holistic view of an organization’s security posture, enabling businesses to better navigate and exploit the advantages of emerging technologies amid the ever-evolving threat landscape.

MALAYSIA’S CENTRAL DATABASE HUB: IS PADU A CYBERSECURITY TIMEBOMB?

Aaron Raj | 7 February, 2024

The first reading of the Cyber Security Bill 2024

Recognizing that only a small fraction of companies in Malaysia achieve a “Mature” status in cybersecurity preparedness, the Malaysian government acknowledges the critical need to bolster cybersecurity nationwide. Consequently, the Cyber Security Bill 2024 has been introduced, marking its initial reading in Parliament. Aimed at strengthening national cybersecurity, this legislative proposal was presented by Digital Minister Gobind Singh Deo on March 25th.

The Star reported that The bill is scheduled for a second reading during the ongoing session of the Dewan Rakyat and outlines a comprehensive approach to elevate cybersecurity standards. It mandates adherence to specific measures and standards for improved national security, detailing protocols for managing cybersecurity incidents that affect the country’s critical national information infrastructure.

Additionally, the legislation proposes the creation of a National Cyber Security Committee and defines the responsibilities and authority of the National Cyber Security Agency’s chief executive officer. It includes provisions for the licensing of cybersecurity service providers and establishes the role of a national critical information infrastructure sector lead.

According to the bill, the Digital Minister, following recommendations from the chief executive, may designate any government body or individual as the sector lead for national critical information infrastructure, potentially appointing multiple leads for various sectors. These appointments will be officially announced on the National Cyber Security Agency’s website.

The sector leads will be responsible for developing a code of practice and creating and updating guidelines on best practices for managing cybersecurity. The National Cyber Security Agency has stated that the proposed bill will legally empower it to define and enforce cybersecurity standards for entities deemed as National Critical Information Infrastructure. Failure to comply with these standards could result in legal repercussions.

The post Cybersecurity in Malaysia: A reality check on readiness and resilience appeared first on Tech Wire Asia.

In the first half of 2023, a report from CyberSecurity Malaysia reveals a concerning trend: the government sector has experienced the highest number of data breaches, while the telecommunications sector has seen the largest volume of data leaked. This data underscores the pressing challenges in protecting sensitive information across different sectors.

National and global cybersecurity challenges

By October 2023, the National Cyber Coordination and Command Centre (NC4), under the auspices of the National Cyber Security Agency, had already registered close to 3,000 cyber incidents, highlighting the increasing focus on cybersecurity matters within the nation. Adding to the concern, cybersecurity firm Surfshark placed Malaysia as the eighth most breached country in the third quarter of 2023, with nearly half a million accounts compromised.

The frequency of cyber threats became even more pronounced, with statistics showing that there have been 74,000 attacks daily throughout the year. In a particularly alarming revelation by both Kaspersky and Surfshark, the rate at which Malaysian user accounts were compromised in Q3 2023 amounted to four leaks every minute.

This data not only underscores the urgency of the cybersecurity situation but also emphasizes the importance of understanding attackers’ tactics to safeguard our people, data, and infrastructure effectively.

Shifting the focus to a global perspective, IBM’s 2024 X-Force Threat Intelligence Index unveils a similar urgency in addressing cybersecurity threats. IBM has unveiled a growing global identity crisis caused by cybercriminals increasingly exploiting user identities to infiltrate enterprises worldwide. This report draws on observations from monitoring over 150 billion security events daily across more than 130 countries.

IBM: THE FIVE TRENDS IN AI FOR 2024

Aaron Raj | 20 December, 2023

The emerging crisis is stark: cybercriminals are shifting from hacking online accounts to using readily available internet and dark web data, with AI further simplifying these breaches. This shift allows for deeper incursions into personal lives, exposing everything from daily routines to hobbies and interests.

IBM X-Force, the offensive and defensive security services branch of IBM Consulting, noted a significant shift in 2023. Cybercriminals preferred using legitimate account credentials to breach corporate networks rather than hacking, making this strategy a favorite among threat actors.

Asia-Pacific cybersecurity landscape

The 2024 X-Force Study also provides a geographical breakdown of cyber incidents, with the Asia-Pacific region being the third most impacted in 2023, accounting for 23% of global incidents handled by X-Force. This marked a change from 2021 to 2022, when Asia-Pacific was most affected. In 2023, Europe rose to the top spot, with 32% of incidents, followed by North America at 26%, Asia-Pacific at 23%, Latin America at 12%, and the Middle East and Africa at 7%.

In the Asia-Pacific, manufacturing continued to be the industry most targeted by cyber attacks for the second consecutive year, comprising 46% of incidents. Finance, insurance, and transportation industries followed, each representing 12% of incidents, and education came in third at 8%.

Phishing remained the predominant method for gaining initial access, responsible for 36% of incidents, closely followed by attacks on public-facing applications at 35%.

Phishing in action (Source – IBM)

Once inside, malware was the leading action, with 45% of attacks involving this tactic, including ransomware (17%) and info stealers (10%).

The report suggests that the return on investment (ROI) from attacking generative AI platforms isn’t significant yet. However, X-Force anticipates large-scale attacks on these technologies once a single AI gains 50% market share or the market narrows down to three or fewer competitors.

Despite a 44% drop in phishing attack volume from the previous year, phishing remains a primary method of attack, particularly as AI can refine and accelerate these attacks by nearly two days, keeping it a preferred method among cybercriminals.

The role of AI in dealing with cyber threats

Amidst these cybersecurity challenges, AI emerges as a pivotal tool in both exacerbating and combating threats. AI is now widely recognized for its utility, especially in how it has revolutionized threat detection, response times, and the protection of user identities and data flow. According to the IBM Cost of Data Breach 2023 report, organizations worldwide have saved almost US$1.8 million on data breach costs by leveraging AI and automation, compared to those that haven’t embraced these technologies.

However, the advent of generative AI introduces new challenges and opportunities in both attacking and defending enterprise assets. As the AI capabilities of attackers evolve, we can expect their attacks to become faster, more precise, and scalable. Conversely, AI is also poised to boost the productivity of enterprise security, with its ability to quickly identify and prioritize threats like ransomware based on their signatures and behaviors—even if it’s a variant the system hasn’t encountered before.

Generative AI, with its capacity for self-learning, doesn’t require prior exposure to specific scenarios to detect new, sophisticated threats. This aspect makes it invaluable for cybersecurity, where it accelerates business processes by automating threat detection and investigation and adapts real-time organizational response strategies based on past incidents. It frees up security teams to tackle more complex and strategic security challenges.

The 2024 X-Force study suggests that as generative AI gains market dominance, it could also become a focal point for cybercriminals, encouraging further investment in tools designed for AI-engineered attacks. Despite the growing concern over such attacks, the primary security threat in the Asia Pacific region remains the exploitation of known, unpatched vulnerabilities.

Attention must also be directed towards protecting the region’s critical infrastructure and key sectors like manufacturing, finance, insurance, and transportation. This includes conducting stress tests and having a robust incident response plan ready.

With the increasing preference among global threat actors for exploiting user identities, there’s a pressing need for more effective user access control measures. This scenario underscores the importance of a comprehensive approach to security in the era of generative AI, highlighting the need for heightened vigilance and adaptation in cybersecurity strategies.

Strategic cybersecurity measures to prevent malicious cyber threats

Various strategies can mitigate cybersecurity threats, and it’s crucial to choose the one that best aligns with your specific needs or those of your business. While numerous AI solutions claim to offer protection against a wide array of cyber threats, the choice ultimately depends on what aligns best with your or your business’s specific needs. For instance, the IBM X-Force Threat Intelligence Index 2024 highlights insights and actionable recommendations for enhancing readiness and improving the speed and efficiency of response to cyberattacks.

One effective approach is to update identity management across multicloud environments. As cybercriminals increasingly exploit legitimate user accounts to gain access to networks—accounting for 30% of incidents responded to by X-Force in 2023—strengthening identity and access management (IAM) becomes crucial. Solutions like IBM Security Verify can bolster security in hybrid and multicloud setups by providing comprehensive IAM capabilities.

Beyond identity management, AI plays a critical role in optimizing cybersecurity resources. Tools such as IBM Security QRadar SIEM User Behavior Analytics (UBA) can aid in identifying compromised credentials and malicious activities, allowing teams to utilize their skills and time better. IBM Security QRadar EDR further enhances protection by securing endpoints and detecting unusual activities, such as data exfiltration or unauthorized account creation.

This pivot from ransomware to malware, particularly those targeting data theft, underscores the imperative of safeguarding data across hybrid cloud environments. This shift underscores the need for vigilant monitoring and robust data protection measures.

However, increasing security spending alone may not suffice. Embracing a zero-trust model and prioritizing trusted data can bolster your cybersecurity posture significantly. By fostering transparency and accountability, organizations can not only minimize risks but also actively prevent bias, making the zero-trust model and prioritization of trusted data essential strategies.

In light of these strategies, building trust and preparing for future threats become pivotal. A proactive security stance, grounded in careful partner selection and regular security reviews, complements the technical and strategic measures discussed. Building trust should be the foundation of every interaction, enhancing cyber-risk management and prioritizing cyber resilience to maintain and strengthen business relationships. This involves constantly monitoring and managing crucial points where trust is established or compromised.

Preparing for future threats requires a proactive security stance, including careful selection of partners and regular reviews of their security strategies and practices. This comprehensive approach to cybersecurity emphasizes the need for a balanced mix of technology, strategy, and a culture of trust and resilience.

As we prepare for future threats, a balanced mix of technology, strategy, and a culture of trust and resilience is crucial. The comprehensive approach discussed underscores the need for vigilance and adaptability in cybersecurity strategies to combat the evolving threat landscape effectively.

The post How vulnerable are we to cyber threats in the digital age? Here’s what IBM found appeared first on Tech Wire Asia.

Throughout 2023, Barracuda XDR and its dedicated SOC analysts sifted through nearly two trillion cybersecurity events. Their relentless scrutiny unveiled tens of thousands of potential high-risk security threats, safeguarding countless networks from intrusion.

A 2023 cybersecurity overview

The year’s analysis by security experts highlighted the predominant XDR threats. Their research unveiled the tactics attackers employed in their unsuccessful attempts to infiltrate networks. Techniques ranged from business email compromise to deploying malicious code and exploits, showcasing the diverse arsenal used by cybercriminals.

It’s crucial to understand that XDR and similar defensive security measures are designed to identify, alert, and thwart potential intruders preemptively. This proactive defense often stops attacks before their intended harm can be realized, leaving the ultimate goal of these thwarted attacks, such as deploying ransomware, unknown.

The trend in 2023 saw a noticeable uptick in high-severity attacks. Specifically, 66,000 threats warranted escalation to SOC analysts for further investigation, with an additional 15,000 posing immediate threats that required swift defensive actions. Notably, the frequency of such threats surged during the latter months of the year, especially from October through December, coinciding with peak online shopping periods and holiday seasons—when attackers likely see increased opportunities due to higher online activity and potentially reduced vigilance from IT staff.

NAVIGATING THE ETHICAL AI DILEMMA WITH BARRACUDA’S INSIGHT ON DUAL-USE TECHNOLOGIES

Muhammad Zulhusni | 27 October, 2023

Highlighting major cyberattack incidents

In one high-profile instance, HTC Global Services, a key IT and business consulting player, confirmed a cyberattack orchestrated by the ALPHV ransomware group, which began leaking sensitive data online. HTC Global Services, catering to industries like healthcare, automotive, manufacturing, and finance, promptly responded with a public acknowledgment via the social media platform X, emphasizing its commitment to resolving the issue and safeguarding user data integrity.

This cyberattack disclosure followed the ALPHV group’s public taunt, showcasing stolen data, including personal and sensitive information, and highlighting the tangible risks of such security breaches.

Similarly, Sony faced a ransomware dilemma with its Insomniac Games division, falling victim to a Rhysida ransomware attack. This incident led to a significant data breach, prompting Insomniac Games to alert employees about their compromised personal information.

Since its acquisition by Sony in August 2019, Insomniac Games has been a pivotal component of Sony Interactive Entertainment’s PlayStation Studios. It has been at the forefront of developing major titles like Marvel’s Spider-Man 2 for PlayStation 5 and is currently developing Marvel’s Wolverine.

Sony’s December announcement of an ongoing investigation into the breach by the Rhysida group underscored the severity of the attack, which resulted in over 1.3 million files being stolen. The refusal to meet the ransom demand led to the public leak of 1.67 TB of internal documents, profoundly impacting the studio’s team and revealing extensive personal and contractual information.

This leak, including previews of the upcoming Wolverine game, represents a significant violation of privacy and security, with Rhysida boasting about leaking 98% of the stolen data after allegedly selling the rest.

The analysis also highlighted a secondary peak in June, a prime holiday season for many, further underscoring the opportunistic nature of cyberattackers. These patterns, first identified in 2022, reaffirm the heightened risk during periods when potential victims are likely to be less vigilant, emphasizing the need for constant and robust cybersecurity measures.

High severity threats 2023. (Source – Barracuda).

The rise of identity compromise in cybersecurity

In 2023, the primary focus of XDR detections revolved around various forms of identity misuse, leading to compromised accounts. These detections highlighted activities such as unusual login patterns, brute force attacks, and attempts to disable multifactor authentication.

An alert for uploading a suspicious executable file might suggest that attackers are attempting to transfer additional malicious tools or malware from a controlled external source, like a command-and-control server, into a breached account.

Endpoint threat detections are initiated by Barracuda’s Managed XDR Endpoint Security whenever a potential threat is identified within a system. These critical alerts require immediate communication with the client for further investigation, regardless of whether the threat was successfully neutralized. This process is vital for determining how the malicious entity was initially executed.

The scope of these detections spans a broad range of threats, encompassing everything from benign to malicious entities, including potentially unwanted applications, adware, spyware, and more severe threats like ransomware and backdoors. Each type demands a specific strategy for identification and remediation.

Barracuda XDR uses AI and machine learning for enhanced detection capabilities, particularly in identifying suspicious login activities. These AI-driven rules analyze patterns and establish a user’s typical behavior, flagging any deviations for immediate review.

Suspicious login activity. (Source – Barracuda).

One such AI tool, the “Impossible Travel” detection rule, identifies logins from locations improbably far apart within a short time frame, indicating potential account compromise. For instance, Barracuda XDR recorded an example where a login occurred in Iowa, followed by another in Moscow just over an hour later, suggesting an impossible travel speed.

The “Rare User Log-in” detection rule aims to identify logins using unusual or inactive usernames, potentially signaling unauthorized access by an intruder exploiting dormant accounts or creating new ones for persistent access.

Similarly, the “Rare Hour for User” detection rule flags logins at atypical times for a user, which could indicate unauthorized access from different time zones or outside of normal working hours.

Barracuda XDR’s Intrusion Detection System (IDS) meticulously monitors network traffic, identifying suspicious activities and threats. This system is crucial for spotting both overt and subtle signs of cyberattacks, including malware distribution and other security breaches.

Analysis of top IDS detections in 2023 underscores a continuous trend of attackers exploiting unpatched vulnerabilities and weaknesses, emphasizing the importance of diligent network security updates.

Despite being decades old, Shellshock bugs remain a top detection, indicating that many systems are still vulnerable. Similarly, exploits against the Log4Shell vulnerability persist, likely due to the widespread integration of Log4j in software, making mitigation efforts challenging for many organizations.

Reflection on the 2023 cybersecurity strategy and future

Merium Khalid, director of SOC offensive security at Barracuda XDR, emphasizes the importance of understanding cyberattackers’ behaviors and strategies. Khalid observes, “Our data for 2023 shows that attackers are launching more high-severity attacks overall, and especially during times when IT teams are away from the workplace or less attentive, such as during holidays, outside working hours, during the night, and at weekends.”

Khalid further notes that a common goal among these attacks is to breach accounts through identity compromise. With attackers increasingly utilizing AI to enhance the volume, velocity, and complexity of their efforts, Khalid warns of an intensification of these trends. It’s imperative for security teams to arm themselves with equally advanced and effective security solutions.

To counteract these threats, Barracuda advocates for the adoption of stringent authentication and access management practices. This includes, at a minimum, the implementation of multifactor authentication, with a preference for transitioning towards zero trust architectures. Complementing this with diligent patch management, data security strategies, and regular cybersecurity education for all staff members is also advised.

Such measures should be part of a comprehensive security strategy that incorporates cutting-edge security technologies. This strategy should be supported by professional analysis and continuous security monitoring by a 24/7/365 SOC to detect and respond to any potential threats or anomalies that might otherwise go unnoticed.

2023 – a big year for big cyberattacks.

The post A year of high-severity attacks and groundbreaking cybersecurity strategies in 2023 appeared first on Tech Wire Asia.

Fueled by the Asia Pacific’s (APAC) rapid digitalization and existing geopolitical tensions, Kaspersky’s experts forecast the cybersecurity threats likely to impact the region this year.

Kaspersky highlights the ongoing risks of phishing, scams, data breaches, and politically driven cyberattacks, which are expected to continue affecting both organizations and individuals in the region.

Vitaly Kamluk, the head of the Research Center for Asia Pacific at Kaspersky’s Global Research and Analysis Team (GReAT).

Vitaly Kamluk, the head of the Research Center for Asia Pacific at Kaspersky’s Global Research and Analysis Team (GReAT), notes the exponential growth of APAC’s digital economy, projecting its continued expansion over the next five years. The region’s increasing embrace of digital technologies, including digital payments, superapps, IoT, smart cities, and emerging generative AI, underscores the critical importance of cybersecurity in safeguarding the region’s digital infrastructure from potential cyberthreats.

Kamluk observes that cyber-espionage remains the primary goal of Asian advanced persistent threat (APT) groups, a trend he expects to persist in 2024 due to ongoing geopolitical frictions.

Kaspersky’s GReAT team has also made vital cyberthreat predictions for 2024, focusing on major countries and territories within APAC.

Expanding cyberthreats in Southeast Asia

In Southeast Asia, the proliferation of scams poses a significant challenge. The UN reports that hundreds of thousands of people have been recruited for online scam operations like romance-investment scams, crypto-fraud, money laundering, and illegal gambling.

CAN KASPERSKY HELP CSM AND NASCA IMPROVE CYBERSECURITY IN MALAYSIA?

Aaron Raj | 20 June, 2023

These recruits are often lured through seemingly legitimate job adverts for roles like programmers and marketers. The complexity of these scams in Southeast Asia is exacerbated by widespread digital payment adoption, limited online user protections, and the sheer number of people involved in these criminal activities.

Kamluk highlights the efforts of law enforcement in tackling these scams and phishing attacks, citing successful operations in 2023, including a collaborative effort by the Australian Federal Police, the FBI, and the Malaysian Police, which led to several arrests. However, he predicts a continued rise in these online scams and phishing attacks across Southeast Asia due to widespread technical and legal illiteracy.

In Singapore, 2023’s significant technological security incidents revolved around data breaches and service outages. DBS bank experienced a significant operational failure in October 2023 due to a data center outage, affecting millions of transactions. While not attributed to a cyberattack, this incident and similar outages highlight the need for enhanced service reliability and security. Similarly, Citibank faced operational issues, underscoring the importance of infrastructure resilience amid ongoing changes that present opportunities for cyberattackers.

DBS bank experienced a significant operational failure due to a data center outage. (Source – X).

Singapore also faced web service disruptions in several public hospitals and polyclinics due to a DDoS attack. The attack flooded servers with traffic, preventing access to online services. While the attack didn’t compromise data or internal networks, it revealed a vulnerability to DDoS threats. Several Singaporean websites were defaced for political motives in late 2023, targeting various entities, including a historical temple and a tourism agency.

Kamluk predicts that Singapore will likely continue to face threats such as denial-of-service attacks, politically motivated compromises, defacements, and data leaks in the future. He also warns of the ongoing threat of targeted ransomware, which could involve pressuring victims through regulatory complaints.

In China, efforts to combat telecom fraud have intensified, with the government seeking international cooperation to address this issue. This crackdown may lead to a decline in telecom fraud activity, particularly from groups operating in northern Myanmar. However, Kaspersky researchers have observed a surge in phishing attacks targeting Chinese citizens, focusing on stealing credit card information via QR code scams. These attacks show no signs of abating and are expected to peak again towards the end of the year and early next year.

APT attacks against high-profile targets in China are also on the rise. Reports of cyberattacks on various national institutions and organizations have surfaced, with spyware artifacts like ‘Second Date’ being identified.

These cyber-espionage tools allow full control over network devices and prolonged data theft, with targets including a university involved in military-industrial projects and government departments handling geographic data. Additionally, active APT organizations have been observed launching attacks against Chinese nuclear energy companies and other unspecified targets. Given China’s geopolitical significance, an increase in APT attacks targeting the country is expected.

India and South Korea: emerging cybersecurity challenges

In India, the popularity of micro-loan apps has led to new schemes targeting users with inflated premiums and personal threats. The country’s move towards smart cities also raises significant security concerns due to IoT vulnerabilities.

South Korea is set to experience increased cybersecurity threats in 2024, coinciding with a significant general election. Historical patterns suggest that such political events attract cybercriminals aiming to disrupt proceedings through sophisticated social engineering and direct attacks. Customized cyberthreats tailored to South Korea’s local IT environment have been persistent, with state-sponsored actors exploiting vulnerabilities in widely used software solutions.

As 2024 approaches, these tailored threats are expected to continue, posing ongoing challenges for South Korea’s cybersecurity.

Kamluk emphasizes the need for vigilance and preparedness across the APAC region, as these diverse and evolving cyberthreats pose significant risks to organizations and individuals alike.

Predictions and recommendations from Kaspersky for 2024

For APAC organizations, Kaspersky suggests the following measures to safeguard against anticipated cyberthreats in 2024:

• Ensure all devices are consistently updated with the latest software versions to block attackers from exploiting network vulnerabilities.
• Implement robust passwords for accessing corporate systems and adopt multi-factor authentication for remote service access.
• Opt for a reliable endpoint security solution that includes behavior-based detection and anomaly controls, offering robust defense against known and emerging threats.
• Employ a comprehensive suite of endpoint protection tools, along with threat detection and response solutions, to quickly identify and neutralize even the most elusive new threats.

As APAC continues to embrace digital transformation, the region faces a complex and evolving cybersecurity landscape. From phishing and scams to politically motivated attacks, Kaspersky warns that organizations and individuals across APAC must prioritize robust cybersecurity strategies to safeguard their digital infrastructures and maintain resilience in the face of these challenges in 2024.

The post Kaspersky foresees rise in phishing, scams, data breaches, and APT attacks in APAC for 2024 appeared first on Tech Wire Asia.

Cybersecurity threats continue to be the biggest concern for organizations around the world. Despite the potential of generative AI and other emerging technologies to help in the fight against the likes of malware and phishing, organizations still need to allocate a large budget to improve their cybersecurity every year.

In fact, according to a report by Gartner, worldwide end-user spending on cybersecurity and risk management is projected to total US$215 billion in 2024, an increase of 14.3% from 2023. And a large chunk of the spending will focus on data privacy and cloud security.

CYBERSECURITY MANAGED BY MSPS THE BETTER OPTION?

Aaron Raj | 23 October, 2023

Specifically, the increasing use of AI by organizations opens the door for more cybersecurity threats, especially when it comes to the impact of processing personal data. Gartner also predicts that by 2025, 75% of the world’s population will have its personal data covered by modern privacy regulations.

But while businesses are handing out sacks full of cash to protect their data and the data of their users, it’s important to remember that cybercriminals are also using AI – in their case, to launch more and more sophisticated threats to businesses. Today, cybersecurity threats come in all forms, and generative AI is helping cybercriminals improve their delivery of these threats.

Businesses will need to focus on data security in 2024.

Oakley Cox, analyst technical director at Darktrace pointed out that generative AI will let attackers phish across language barriers. Cox said that currently, the majority of cyber-enabled social engineering, like phishing, has been carried out in English. The language is used by millions of people across North America and Europe, and dominates business operations in large swathes of the rest of the world. As a result, using local languages has not been worth the effort for cybercriminals when English can do the job just fine.

Until now.

For businesses in APAC, the diversity of local languages has restricted the extent to which hackers can target the region. Employees know to look out for phishing emails written in English, but are complacent when receiving emails written in their local language. in a sense, they have no natural immunity to phishing in their own local languages, because it hasn’t been a significant problem before.

 “With the introduction of generative AI, the barrier to entry for composing text in foreign languages has dropped dramatically. At Darktrace, we have already observed the increased complexity of English language use in phishing attacks. Now we can expect attackers to add new language capabilities which were previously viewed as too complex to be worth the effort, including Mandarin, Japanese, Korean and Hindi,” said Cox.

Cox added that, given the reduced barrier to entry, local language phishing emails are likely to bring rich rewards to cybercriminals. Email security solutions trained using English language emails are unlikely to detect local language attacks, and the emails will land in the inboxes of those who are not used to receiving social engineering attempts in their native language.

Cox also pointed out that AI will hunt for software vulnerabilities, which can be beneficial for the good guys.

“As AI becomes more widely used to augment software development, defenders will use it to find vulnerabilities in their software. On the flip side, AI could also become an even more powerful tool for adversaries to find and exploit new vulnerabilities in software on which to launch attacks” added Cox.

Ransomware is unlikely to diminish in threat in 2024. (image generated by AI).

Ransomware remains a major cybersecurity threat

Ransomware has dominated most cybersecurity incidents in 2023. And it’s most likely that it will continue to be a major concern for organizations as well. While there has been an increase in the number of businesses paying the ransom to get their data back, this practice may not continue as the advice from cybersecurity experts continues to be not to do so.

Countries are also enhancing their regulations to ensure businesses take their data more seriously and are accountable for any cybersecurity incident. For example, Australia has imposed new plans to boost its cybersecurity over the next few years while Singapore is currently collecting feedback from the public on how it can improve methods in handling cybersecurity threats.

MANAGING CYBERSECURITY RISKS CAUSED BY EMPLOYEES CAN BE AS HARMFUL AS HACKING IN APAC

Muhammad Zulhusni | 29 November, 2023

For Liam Dermody, director of Darktrace’s Red Team, it’s likely ransomware crews will focus their attention on APAC countries. Hong Kong’s Computer Emergency Response Team Coordination Centre (HKCERT) has already reported an increase in ransomware targeting the region in late 2023.

Dermody believes this could represent a longer-term pivot to APAC by ransomware operators, as the region has key similarities to Central America which saw an extraordinary spike in ransomware attacks in 2022. The APAC region contains some of the fastest-growing economies in the world but also contains many businesses that are not as prepared as their counterparts in other regions which have historically been the focus of ransomware attacks.

“Much of APAC represents a greenfield investment for ransomware operators. Furthermore, APAC represents less of a risk to ransomware operators when compared to their ‘traditional hunting grounds’ like the US, where cybercriminals are being subjected to increased scrutiny from government, intelligence agencies and law enforcement. This combination of lowered risk and heightened reward could see ransomware operators continue to focus on APAC well into 2024,” he commented.

Meanwhile, Tony Jarvis, VP of enterprise security at Darktrace said the single biggest change happening right now is the greater involvement of government in ransomware regulation and response.

“The Australian government is now mandating that businesses report ransomware activity so that more can be done – both in terms of understanding the scale of the problem, and also coordinating responses with impacted entities. This is Australia-only at this stage, but I expect other neighbouring countries to follow suit or adopt something similar.

I think this is interesting because ransomware has really been a problem since early 2016 and is now a global issue. The government is stepping in, meaning public-private cooperation. I expect to see additional government initiatives play out in this space both in Australia and around APAC as neighbouring countries take notice and learn from the efforts of others,” said Jarvis.

MFA is no longer the cast iron security system it used to be. (Image generated by AI).

Cybersecurity threats are bypassing MFA

Dermody also pointed out that the increase of multi-factor authentication (MFA) bypassing over the next 12 months by all levels of attackers will test the security industry’s resolve.

MFA has been wildly successful in preventing brute force attacks and reusing stolen passwords. MFA’s effectiveness has seen it become a prerequisite in many cybersecurity frameworks and a default setting of many providers, like GitHub. Unfortunately, as MFA is now in wide use, attackers have adapted to this hurdle and have developed a number of ways to bypass it.

These methods range from the simple – sending countless MFA push notifications until a fed-up victim clicks “Accept” – to the more involved – using detailed OSINT investigations on a target to enable a SIM swap, allowing the attacker to impersonate the victim’s phone.

That being the case, Dermody believes MFA bypassing can be done by both the sophisticated and the simple attacker alike – and there’s been a rise in MFA bypassing in high-profile attacks, a trend that will only continue into 2024.

“We need to move past viewing MFA as a credential protection panacea and be more attuned to unusual activity during and after authentication has occurred. This requires a deep and nuanced understanding of what is ‘normal’ for any given identity – location, timing and resources being accessed – which can be difficult to do with our dispersed and dynamic workforces without using AI or ML to learn patterns of life,” added Dermody.

At the same time, Jarvis explained that as cybercriminals find ways to bypass MFA, it simply indicates that newer tech is needed. Jarvis said that each passing year sees a raft of technologies being brought to market that aim to augment some of the gaps in existing defences, or simply to counter new techniques and exploits being used and exploited by threat actors.

While 2024 will be no different from 2023 in this regard, what is changing is the growing number of technologies, categories, acronyms and quadrants that security practitioners need to be across.

“The expression ‘Old malware never dies’ is certainly true, and in a similar vein, newer technologies rarely replace more established controls, meaning that many organizations are likely to have additional solutions in their security stack by the end of the coming year. The end result? CISOs need to spend the time they don’t have researching a constantly growing number of tools, forever questioning the opportunity cost of going with one option in lieu of another,” Jarvis concluded.

With that said, businesses need to be sure they are well prepared in 2024 to deal with any type of cybersecurity threats that are targeting them. It’s always better to be well prepared than to deal with a cybersecurity incident against which you have no prior defence.

The post Cybersecurity threats that could wreak havoc in 2024  appeared first on Tech Wire Asia.

While ransomware remains one of the biggest problems in cybersecurity, insider threats can be a far bigger crisis for organizations. Insider threat attacks can occur anytime and some may even end up causing more damage than a ransomware attack or any other type of cybersecurity incident.

Insider threats in cybersecurity are malicious actions or breaches of trust by people who have authorized access to an organization’s network, data, or systems. These people can be current or former employees, contractors, partners, or vendors. Insider threats can cause significant damage to an organization’s reputation, finances, operations, or security.

THE ENEMY WITHIN: INSIDER THREATS EXPLAINED  

Aaron Raj | 30 March, 2023

Ponemon Institute’s 2022 Cost of Insider Threats: Global Report reveals that insider threat incidents have risen 44% over the past two years, with costs per incident up more than a third to US$15.38 million. The time to contain an insider threat incident increased from 77 days to 85 days, leading organizations to spend the most on containment as well.

Some examples of insider threats are:

• Data theft: An insider may steal sensitive or confidential data for personal gain, such as selling it to competitors or hackers, or using it for blackmail or extortion.
• Data sabotage: An insider may intentionally delete, alter, or corrupt data to harm the organization or its customers, such as erasing backups, planting malware, or falsifying records.
• Data leakage: An insider may unintentionally or carelessly expose data to unauthorized parties, such as sending it to the wrong recipient, using unsecured devices or networks, or losing a laptop or USB drive.

One company that has actually witnessed insider threat cyberattacks more than once is Tesla. Investigations of a recent cybersecurity incident revealed that two former employees leaked more than 75,000 individuals’ personal information to a foreign media outlet. Prior to this incident, there had been reports that Tesla workers shared sensitive images recorded by customer cars.

One way to mitigate an insider threat is to train your employees to recognize some common behavioral indicators among their colleagues.

Insider threats in Thailand

In 2022, the National Cyber Security Agency of Thailand registered a total of 835 cyber threats against public and private organizations in the country. Cyberthreats against educational institutions made up 325 of that number. This was followed by threats against government agencies that are part of the non-critical information infrastructure (non-CII), amounting to 243.

Statistics also show that between the first quarter of 2020 and the second quarter of 2023, the number of records exposed in account breaches in Thailand fluctuated significantly. The number of impacted datasets reached its peak in the fourth quarter of 2020 before sharply declining after 2021. Approximately 201,000 datasets were reported as having been leaked in the second quarter of 2023, compared to around 64,400 during the first quarter of the same year.

FOUR DECADES AND BILLIONS OF DOLLARS IN SALES LATER, WHAT’S NEXT FOR APPLE IN JAPAN?

Dashveenjit Kaur | 9 August, 2023

But what actually caused these incidents? While there are many causes for cybersecurity incidents, a report based on a survey conducted by SearchInform revealed that 46.4% of Thai companies’ representatives noticed an increase in information security incidents caused by employees during this year. Moreover, 35.7% of them named internal incidents as more dangerous than external attacks.

The survey questioned an admittedly small pool of 28 representatives of Thai companies from both governmental and non-governmental organizations. The opinion of 46.4% interviewed (so, between 12-14 people) was that employees more frequently tend to leak data by accident, while 35.7% believe that insiders more often cause such incidents deliberately. At the same time, over 57% of respondents admitted facing data-related incidents due to employee mistakes.

Half of the respondents revealed that the organizations in which they work had experienced an attempt by discharged employees to leak data, while 32.1% of those surveyed said discharged workers had attempted to access corporate infrastructure via a personal account, or with the help of onboard employees.

The majority of those who were interviewed claimed that personal data leaks happen more often in comparison to other types of data breaches. 21.4% of participants named legal information, and accounting and financial documents as the most frequently leaked data.

“We are confused by the fact of low information security protection among Thai businesses and institutes. We see that 75% of companies implemented antivirus protection, but even this solution is not used by all. On DLP, companies in Thailand are at the beginning of the journey – only around 14% of organizations have implemented DLP. However, it is critical to protect data by local and international laws”, said Alexey Pinchuk, chief business development officer of SearchInform.

Thailand has witnessed an increase in insider threats. (Image generated by AI).

Preparing for risks

The percentage of Thai companies that notified the affected parties in the aftermath of a data leak and the percentage who didn’t notify anyone was equal at 25%. The top three riskiest channels in terms of data leaks, according to the research, are cloud storage, storage devices (USB) and mobile devices, and email.

Judging by the results of the survey, almost half of Thai companies experienced information security incidents caused by insiders in the past year. Around 36% of those who were surveyed named internal attacks as more dangerous than external ones. The reason is simply that insider threats can be deadlier and costlier as they are not only harder to detect but also have access to a lot more data without triggering anywhere near as many security protocols.

But the survey also highlighted that nearly half of the respondents believed that employees tend to leak data by accident, while more than 50% of surveyed had experienced such incidents in the past. While these may seem harmless at first, the risks such incidents bring can be catastrophic if the issues are not addressed and mitigated fast.

The most widespread type of information security incident was data leakage, with half of those surveyed experiencing data loss caused by a discharged employee. The most frequent information security incident was also data leakage, while cloud storage was named as the most dangerous communication channel in terms of information security risks.

As such, to prevent or mitigate insider threats, organizations need to implement a comprehensive strategy that includes:

• Risk assessment: Identify the most valuable and vulnerable data and systems, and the potential sources and motives of insider threats.
• Security awareness: Educate and train employees on the importance of data protection, the signs of insider threats, and the reporting procedures.
• Access control: Limit and monitor the access and privileges of users based on their roles and responsibilities, and revoke them when they are no longer needed.
• Data protection: Encrypt, backup, and audit data regularly, and use tools such as data loss prevention (DLP) and digital rights management (DRM) to prevent unauthorized copying or sharing.
• Incident response: Detect and respond to insider threats quickly and effectively, and conduct investigations and forensics to determine the cause and impact of the incident.

Businesses need to be prepared for all sorts of threats, be they caused by external or internal threat actors. That means having as robust a strategy in place to deal with insider threat (and insider incompetence) as there is to deal with malware or ransomware.

The post Insider threats on the rise in Thailand appeared first on Tech Wire Asia.

Cybersecurity is now so severe that even pets aren’t safe. In a world where digital data breaches are increasingly common, affecting financial institutions, healthcare records, and personal identities, it now appears that the scope of cyberthreats has extended to our four-legged friends. And it may be, therefore, that the best pet insurance for dogs is increased cybersecurity.

Not long ago, the idea of pets fiddling with high-tech gadgets was pure science fiction. Now, it’s a different story – 83% of pet owners across North America and Europe have jumped on the pet tech bandwagon, according to The Wall Street Journal.

Does this tech invasion make our furry friends (and us) more susceptible to cyberthreats?

Sadly, it does. Connectivity means vulnerability.

Cybersecurity researcher Jeremiah Fowler’s recent discovery of a significant data breach highlights this new aspect of digital security. The recent breach, involving an unsecured database containing over 56,000 records, exposed not only owners’ data but included pets’ medical records, DNA test results, and detailed pedigree histories.

COST OF A DATA BREACH FOR ASEAN BUSINESSES HITS RECORD HIGH

Aaron Raj | 28 July, 2023

The impact of the data breach on pets and their insurance

Fowler’s discovery was striking as it involved records of thousands of dogs worldwide and their owners’ information. The database, accessible publicly on cloud storage, included 56,624 documents in PDF, .png, and .jpg formats, amounting to 25 GB. His investigation revealed that the database was associated with the Worldwide Australian Labradoodle Association (WALA). This international entity advocates for the Australian Labradoodle breed and maintains high standards in breeding practices, if not cyber-hygiene.

Thanks to WALA’s global presence (its main office is in Washington state, USA, and it has regional offices across many continents), Fowler’s discovery included documents from various countries in the database. He promptly sent a responsible disclosure notice to WALA, but the database was only secured several days later.

WALA, as per its website, focuses on uniting Australian Labradoodle breeders globally to ensure high breeding standards and the establishment of a detailed and accurate database for preserving pedigree and health information. The exposed documents in the breach were comprehensive, including medical reports and DNA tests of dogs, their pedigree details showing lineage details, and information about the dogs’ owners, veterinarians, and testing laboratories. The data included names, addresses, contact numbers, and email addresses, among other details.

This breach highlighted the often-overlooked implications of pet medical data breaches in a sector where, as reported by the American Pet Products Association (APPA), a significant portion of US households own pets and spend a substantial amount annually on pet-related expenses.

An X user warns users about leaking information online. (Source – X)

Rising concerns: pet insurance fraud and microchip risks

The breach also raised concerns about the risk of pet insurance fraud. Given that policies for the best pet insurance for dogs cover a range of scenarios, from accidents to routine care, the exposure of such sensitive information could potentially be exploited for fraudulent insurance claims. Historical trends have shown a marked increase in pet insurance fraud, especially between 2010-2015. The North American Pet Health Insurance Association’s 2022 report detailed a significant number of insured pets and a substantial amount of premiums paid. Current data on the prevalence of fraud in this sector is not publicly available.

COULD THE PHILIPPINE HEALTH INSURANCE CORPORATION CYBERATTACK HAVE BEEN AVOIDED?

Aaron Raj | 11 October, 2023

An additional risk factor identified in the recent breach was the exposure of pet microchip numbers. Microchips aid identifying and recovering lost pets, and unauthorized disclosures alongside owners’ details, poses potential risks. Criminals could misuse this information, falsely claiming ownership of lost or stolen pets, given the high value of certain breeds, Labradoodles among them.

Beyond the risk of pet theft, there are concerns about social engineering tactics where criminals might impersonate authority figures to extract personal and financial information from pet owners, leading to fraud or identity theft.

Fowler stressed the importance of maintaining the confidentiality of pets’ microchip numbers and being vigilant about requests for related information. He advised pet owners to verify the identity of anyone asking for such details and to report any suspicious activities to the relevant microchip registry and local authorities. The exposed database underscores the need for robust data security measures and brings to light the diverse and often unexpected implications of data breaches.

Safeguarding against data breaches and scams

The phenomenon of “puppy scams” encompasses various deceptive activities connected to dog sales, often involving the advertisement of non-existant or falsely represented ‘pedigree’ puppies. A common scam is “breeder identity theft,” where fraudsters impersonate legitimate breeders to dupe buyers. Such scams comprise ads on classified websites or social media. Buyers should exercise caution and confirm the legitimacy of any breeder’s identity and credentials. Buyers should be wary of sellers offering high-value pedigree puppies at curiously low prices and avoid making payments or wire transfers without verifying the authenticity of the animal.

The WALA database leak, containing extensive pet health records and breeder information, presents a potential risk if exploited by criminals to falsely claim ownership of or breeding rights to specific dogs. The scope of access to the records by unauthorized parties remains unclear. The Better Business Bureau (BBB) in the United States reported that pet scams constituted 24% of online scams in their 2021 Scam Tracker.

The Federal Trade Commission (FTC) estimates less than 10% of scam victims report incidents, so the number of victims could be significantly higher. In 2022, Australians reported losses of over AU$ 3.5 million to pet-related scams, and the UK witnessed a 39% increase in such scams from 2020 to 2021, with an average loss of around £1,400.

The duration of exposure of the WALA database and the extent of access by unauthorized individuals is unknown. There is no direct claim that criminals accessed the exposed documents so no specific fraud risk. Similarly, there’s no allegation of related misconduct by WALA or that its members faced any direct threat. The focus here is on highlighting the potential risks associated with any data breach, especially those that could jeopardize the privacy and security of individuals or entities in such databases.

This incident not only underscores the widespread implications of cybersecurity in our everyday lives but also serves as a reminder that virtually no aspect of our lives, not even our pets’ information, is immune to the reach of cyberthreats.

So it could well be that the best pet insurance for dogs is simply stronger cybersecurity.

The post Barking up the wrong data tree: even pets aren’t safe from a data breach appeared first on Tech Wire Asia.

Australia has recently witnessed a record number of cyber-incidents. The Australian government has since taken the initiative to strengthen the country’s cyber-resilience. This includes strengthening Australia’s cybersecurity laws by adding attack surface management to its existing security posture.

Australia’s Minister for Home Affairs and Cyber Security, the Hon. Clare O’Neil MP, introduced six key shields that underpin Australia’s upcoming cybersecurity strategy. These shields span diverse domains from advancing automated threat detection, to sharing and blocking, to fostering coordinated global cybersecurity efforts through international collaboration.

AUSTRALIA’S CYBERSECURITY CRISIS: ORGANIZATIONS NEED TO STOP PAYING RANSOMS

Muhammad Zulhusni | 5 July, 2023

Underscoring the crucial need for the government to enhance its cyberdefenses, especially after the recent cyber-incidents in the country, attack surface management has emerged as a cornerstone of effective cybersecurity practice, and is pivotal to creating cyber-resilience across national critical infrastructure.

Palo Alto Networks describes this as the process of continuously identifying, monitoring and managing all internal and external internet-connected assets for potential attack vectors and exposures. Put simply, attack surface management helps organizations gain visibility into, and reduce risks on, their attack surface. Both internal and external attack surface management are necessary, due to the dynamic nature of organizations pursuing a move to the cloud.

Australia’s focus on attack surface management echoes what the United States Cybersecurity and Infrastructure Security Agency (CISA) outlined in its 2024-26 strategic plan for critical infrastructure uplift. CISA states that it will leverage commercial attack surface management to help its critical infrastructure and other partners  ‘identify exploited or exploitable conditions and gain a better picture into security trends across the country.’

The European Union also recognized attack surface management’s value in a landmark law in 2022, that encourages national cybersecurity incident response teams to deploy its capabilities to ensure they can ‘identify, understand and manage the entity’s overall organizational risks.’

While the US and EU governments have developed various policies emphasizing the role of attack surface management in national cyber-resilience, the Australian government has yet to release guidance or policy addressing this capability.

Attack surface management is the process of continuously identifying, monitoring and managing all internal and external internet-connected assets for potential attack vectors and exposures. (Image – Shutterstock)

Cyber defence through the eyes of the adversary

According to Sarah Sloan, head of government affairs and public affairs, New Zealand ANZ at Palo Alto Networks, the surge in cloud adoption, continuous digital transformation, and the ubiquitous embrace of remote work – all further accelerated by the disruptive impact of the Covid-19 pandemic – have expanded the digital footprint and attack surface of an average organization. Collectively, Sloan believes, this has rendered corporate and government networks larger, more dispersed and dynamic, and with a constant influx of new assets interfacing with the network.

As Palo Alto Networks 2023 Attack Surface Threat Report highlights, cloud-based IT infrastructure remains in a constant state of flux; in a given month, an average of 20% of an organization’s cloud attack surface will be taken offline and replaced with new or updated services.

AUSTRALIAN COMPANIES TARGETED BY CYBERATTACKS AGAIN

Aaron Raj | 17 March, 2023

“As a consequence, organizations struggle with gaining clear visibility across all their internet-facing assets that may or may not be vulnerable to attacks. This challenge is often compounded by (manually managed) traditional asset discovery and vulnerability management processes, which were developed when corporate networks were more stagnant and centralized. This complex digital environment unfolds against a backdrop of an increasingly hostile cyber-terrain, financial constraints, and a global shortage of cybersecurity expertise,” said Sloan.

In response, Sloan explained that attack surface management has become a foundational element in contemporary cybersecurity practice. It gives organizations a view of their network from an adversary’s perspective – identifying targets and assessing risks based on the opportunities they present to a malicious attacker.

“The ultimate goal of attack surface management is to increase attack surface visibility and reduce risk across both known and unknown assets of which an organization’s security team is unaware  and has not authorized or sanctioned,” added Sloan.

Attack surface management brings your vulnerabilities to light.

Setting the direction: attack surface management as a focal point in global government policies

In the US, Sloan pointed out that the government has made a number of references to the strategic importance of attack surface management across various government strategies and reports from the US Congress. CISA not only included attack surface management in its strategic plan for the years 2024-2026 but also released Binding Operational Directive 23-01, which compelled Federal Civilian Executive Branch agencies in the US to perform a range of automated asset discovery and vulnerability enumeration activity.

Sloan also highlighted that the US National Security Agency (NSA) has contributed to this narrative by providing no-cost attack surface management services through its Cybersecurity Collaboration Center to protect defense industrial base (DIB) entities. According to the NSA, its attack surface management service ‘has detected thousands of vulnerabilities on DIB networks and worked with network defenders to implement mitigations before they became compromises.’

DATA BREACHES IN AUSTRALIA HAVE LED TO INCREASED CYBERSECURITY INVESTMENTS

Aaron Raj | 6 February, 2023

There are also various legislative provisions, such as the National Defense Authorization Act, that have called for the US Department of Defense to achieve real-time visibility of all internet-connected assets and attack surfaces across the DoD enterprise using commercial-off-the-shelf (COTS) solutions.

Sloan added that the EU has adopted the revised Network and Information Security Directive (NIS2) that also encourages cybersecurity incident response teams to be able to provide, upon request of a covered entity, ‘a proactive scanning of the network and information systems used for the provision of the entity’s services and assistance in monitoring ‘an entity’s internet-facing assets… to identify, understand and manage the entity’s overall organizational risks.’

“It’s clear in the global context that attack surface management is increasingly seen as playing a critical role in safeguarding national interests,” said Sloan.

“It’s clear in the global context that attack surface management is increasingly seen as playing a critical role in safeguarding national interests,” said Sloan. (Image – Shutterstock)

Enhancing Australian policies to proactively confront cyber-risk

For Sloan, as Australia strives to become the world’s most secure nation by 2030, the government must emphasize the vital role of attack surface management through the forthcoming cybersecurity strategy, which should emphasize the need to integrate it across key government policies such as the ‘Essential Eight’ and the Critical Infrastructure Risk Management Program (CRIMP).

Sloan explains attack surface management (ASM) in both policies below:

1) From the Essential Eight to the Necessary Nine

The Australian Cyber Security Centre’s (ACSC) Essential 8 (E8) has long been positioned as a beacon for organizations to shield themselves against a multitude of cyber-threats.  In recent years, the government has promoted these prioritized mitigation strategies as the cybersecurity standard for all organizations and has dedicated substantial resources to the promotion and adoption of the E8 across the federal government. Nonetheless, the E8 does carry certain limitations and while their implementation can be instrumental in preventing threats, for many organizations, effectively implementing these mitigations often presents formidable challenges and substantial costs.

In light of these considerations, the government may wish to expand the E8 to become the ‘Necessary 9,’ incorporating ASM as its foundational cornerstone. Consider this scenario: an organization leveraging an ASM platform gains awareness of potential common vulnerabilities and exposures (CVE), such as a zero-day exploit, within an unpatched internet-facing application – enabling them to prioritize this in the organization’s E8 remediation over an application that may be internal-facing only. By integrating ASM into the E8, government agencies can pivot towards a risk-based approach to cybersecurity, an increasingly indispensable stance, especially within financially constrained circumstances.

Of course, such a paradigm shift should be accompanied by a corresponding revision of the ACSC’s guidance and materials such as the Information Security Manual (ISM) Cybersecurity Principles and Cybersecurity Guidelines. These revisions are vital to engendering a comprehensive understanding among government entities and other stakeholders regarding ASM capabilities, articulating the critical functions essential for an organization’s business operations.

Level up your organization’s cybersecurity measures with the Essential Eight – a set of the most effective mitigation strategies to help organisations protect themselves against cyber-threats. Learn about each strategy & how to start implementing them 👉 https://t.co/KYL1JzAIg8 pic.twitter.com/xrMiU3RajU

— Australian Cyber Security Centre (@CyberGovAU) September 6, 2023

2) Proactive Risk Management for Critical Infrastructure

In 2022, a significant milestone was achieved as the Australian government concluded the final phase of amendments to the Security of Critical Infrastructure Act 2018 to elevate the resilience of Australia’s critical infrastructure across 11 vital sectors. The amended legislation now mandates that critical infrastructure sectors establish a comprehensive CIRMP encompassing an ‘all-hazards’ approach to risk – including cyber and supply chain risks.

To further fortify this framework, the Australian government might consider incorporating ASM capabilities into the CIRMP. The integration of ASM can serve as a catalyst for organizations, empowering them to proactively grapple with cyber-risks, rather than responding reactively to breaches or incidents. Importantly, this proactive engagement enables these entities to strategically allocate resources, effectively prioritizing remediation endeavors – offering a cost-effective approach to cyber-risks.

“In an era where cyber-threats are a constant reality, nations must be proactive in their approach to cybersecurity. Attack surface management has emerged as an effective strategy to enhance cyber-resilience by identifying vulnerabilities and mitigating risks.

“The Australian government should look to provide clear guidance and incentivize the adoption of attack surface management capabilities across government departments and critical infrastructure sectors, thus fortifying its cyber-shields. In doing so, Australia can confront the ever-evolving cyber-threats, reinforce its cyberdefenses and secure its national interests,” concluded Sloan.

The post Fortifying Australian cyber-resilience through attack surface management appeared first on Tech Wire Asia.

As the COVID-19 pandemic led to an increase in e-commerce and businesses digitalizing their services, it also opened the door to increased online attacks. While online attacks continue to increase globally, the Southeast Asian region seems to be experiencing them at a much higher and faster pace.

Southeast Asia (SEA) has always been a target for cyberattacks in the region. Significant data breaches affected many industries, including government, healthcare, and financial services. With the region housing a rapidly growing population of internet users and an accelerating digital transformation, it also has made itself a target for cybercriminals looking to steal sensitive information and disrupt online services.

Last year, cybercriminals had a blast targeting companies in SEA, according to the latest data from Kaspersky. Statistics showed a 45% jump in web threats blocked by its business solutions in 2022.

THREE TIPS FOR IMPROVING YOUR COMPANY’S CYBERSECURITY TRAINING

Aaron Raj | 25 April, 2023

Web threats are online attacks that expose users to online harm and can cause undesired actions or events. Not only are these online attacks damaging to businesses, but they can also severely impact customers. Some of the most common types of web threats include data theft, phishing attacks and computer viruses.

At the peak of the COVID-19 pandemic in 2020, the global cybersecurity and digital privacy company prevented 10.20 million web attacks from infecting businesses in the region. The number dipped slightly in 2021 at 9.18 million and spiked again in 2022 at 13.38 million.

Kaspersky found that Singapore logged the highest year-on-year jump in terms of web threats targeting business last year. It recorded more than a three-fold spike (329%) after Kaspersky’s business solutions blocked a total of 889,093 web attacks, a whopping increase from 2021’s total of 207,175 incidents.

A similar trend is seen across the other four other countries in SEA. Malaysia is another prime target, with a 197% increase in web threats targeting businesses, followed by Thailand (63%), Indonesia (46%), and the Philippines (29%).

The only exception, however, appears to be Vietnam. Kaspersky’s data recorded a slight dip (-12%) after recording only 2.49 million incidents last year as compared to 2021’s 2.82 million. Southeast Asia general manager Yeo Siang Tiong explained why this is the case.

“The Vietnam government has continuously pushed to beef up the cybersecurity defenses of the nation and the country’s local companies and it is encouraging to see that the efforts are translating into concrete results,” Yeo shared.

“The manager adds that while the IT security talent gap remains an issue, outsourcing experts and comprehensive solutions can offer efficiencies to fill this missing piece. “As 2023 will be the first year of fully re-opened borders and markets, we encourage companies here to allocate budget and resources to strengthen their defenses against the increasing attacks against their networks,” said Yeo.

(Source – Kaspersky)

How can businesses protect themselves from web-based online attacks? 

Web-based threats, or online threats, are attempts to download malicious objects from a malicious or infected website. Malicious users deliberately create these websites; they include sites with user-contributed content, such as forums, and compromised legitimate resources.

Regardless of intent or cause, the consequence of a web threat may damage both individuals and organizations. Cybersecurity Ventures predicts global cybercrime costs to grow by 15% per year over the next five years — reaching US$10.5 trillion annually by 2025.

Here are some general tips for both end-users and web service providers to protect themselves against web threats:

1. Always create backups: You should copy all valuable data and store it safely to prevent data loss in the case of an accident. Websites, device drives, and even web servers can be backed up.
2. Enable multi-factor authentication (MFA): MFA allows for additional layers of user authentication on top of traditional passwords. Businesses should enable this protection for users, while end-users should use this feature.
3. Scan for malware: Regular scans for infections can help to secure your computer devices. Enterprise endpoint machines and computer networks should use this protection as well.
4. Keep all tools, software, and OS up to date: Computer systems are more vulnerable when they’ve been unpatched against undiscovered holes in their programming. Software developers should regularly probe for weaknesses and issue updates for this purpose. Businesses can protect themselves by downloading these updates.

The post Online attacks against businesses in SEA up by 45% in 2022 appeared first on Tech Wire Asia.

The debate over whether organizations should pay ransoms in ransomware incidents often centers around the importance of promoting cybersecurity awareness. Last week, news emerged about Australian financial company Latitude Group Holdings, which announced its decision not to succumb to criminals’ ransom demands following a cyberattack the previous month. They asserted that doing so would harm customers and the broader community by encouraging more attacks.

While a few companies may have followed Latitude’s example by refusing to pay ransoms, a striking 83% of those who fell victim admitted to paying the ransom at least once, according to ExtraHop’s 2023 Global Cyber Confidence Index: Cybersecurity Debt Drives Up Costs and Ransomware Risk report.

The study, contrasting IT leaders’ cybersecurity practices with the actual attack landscape, revealed a significant rise in ransomware incidents – from an average of four attacks over five years in 2021 to four attacks within just one year in 2022.

RUSSIAN RANSOMWARE GROUP LOCKBIT 3.0 LEADING CYBER ATTACKER IN MALAYSIA

Aaron Raj | 23 March, 2023

Now, the costs of data breaches continue to increase yearly. Ransomware payments are also not getting any cheaper, especially with most ransoms being paid in cryptocurrency. Businesses will eventually realize that the cost of paying ransom is actually a lot more than implementing and improving their cybersecurity. Backup and data recovery services need to be prioritized as well as increasing the cybersecurity awareness among employees.

As organizations face a growing number of attacks, the data shows they are overwhelmed by cybersecurity debt – unresolved security vulnerabilities such as unpatched software, unmanaged devices, shadow IT, and insecure network protocols that serve as entry points for malicious actors.

Apart from that, most organizations have not moved on from outdated cybersecurity practices and are lacking good cyber hygiene. Both of these may not be the major cause of ransomware but are contributing factors that can enable cybercriminals to easily launch cyberattacks.

Ransomware threats expose flaws in outdated cybersecurity practices

Outdated cybersecurity practices involve using old or obsolete security measures that no longer effectively protect digital assets and information systems. These practices may include weak passwords, lack of multi-factor authentication, failure to update software, and inadequate employee training on current cyber threats.

In the ASEAN region, particularly in Singapore, Malaysia, and Indonesia, approximately 75% of respondents indicate that outdated cybersecurity practices have contributed to at least half of their organization’s cybersecurity incidents.

Relying on outdated cybersecurity practices leaves organizations vulnerable to cyberattacks, data breaches, and financial losses, emphasizing the importance of regularly updating security protocols and staying informed about evolving threats.

The lack of basic cyber hygiene

The study identified considerable gaps in organizations’ fundamental security practices. Insufficient cyber hygiene, which may involve neglecting software updates, using weak passwords, not enabling multi-factor authentication, and failing to provide adequate employee training on emerging cyber threats, can leave organizations vulnerable.

Source – Shutterstock

The research found that 98% of respondents are running one or more insecure network protocols, a six percent increase from 2021. Despite urging from leading technology vendors to retire SMBv1, which contributed significantly to the widespread WannaCry and NotPetya attacks, 77% of organizations still use it in their environments.

Regarding unmanaged devices in Singapore, Malaysia and Indonesia, 57% of respondents report that some critical devices can be remotely accessed and controlled. In comparison, 48% indicate that their critical devices are exposed to the public internet.

The lack of proper cyber hygiene exposes organizations to cyberattacks, data breaches, and financial losses, emphasizing the need for consistent maintenance and security updates to protect against ever-evolving threats.

Cloud security is more important than ever

As organizations increasingly migrate mission-critical applications and sensitive data to the cloud, monitoring cloud workloads has become more crucial than ever. With heightened attention to their cloud environments, 72% of respondents expressed complete or significant confidence in the security of their organization’s cloud workloads.

Mark Bowling, Chief Risk, Security, and Information Security Officer at ExtraHop, noted that as organizations grapple with staffing shortages and dwindling budgets, it is unsurprising that IT and security teams have relegated some of the more basic, seemingly mundane, or expendable cybersecurity requirements to lower priority.

“The probability of a ransomware attack is inversely proportional to the amount of unmitigated surface attack area, which is one example of cybersecurity debt,” said Bowling. “Greater visibility into the network with an NDR solution can help reveal the cyber truth and shine a light on the most pressing vulnerabilities so they can better take control of their cybersecurity debt.”

The post Cost of cybersecurity: 83% of ransomware-hit firms paid ransom at least once appeared first on Tech Wire Asia.