The nature of cyberthreats: covert, malicious and from within
According to IBM Security’s ASEAN Technical Leader, Nigel Tan, IBM’s latest X-Force Threat Intelligence Quarterly, is a compilation of happenings that focused on observations gleaned from their emergency response teams, a response to cyber attacks service which IBM Security offers to customers.
These were divided into four main areas, the first of which is the use of more onion-layered attacks. Besides these, ransomware and malicious insider attacks were on the rise. On the bright side however, is also a noticed increase in management awareness for security.
Covert and malicious on the rise
IBM Security’s response teams would be called in for an overt cybersecurity event, but deeper investigation by them, would reveal more covert cyber attackers in the environment.
“This has been happening quite often recently,” said Tan who opined that this could be due to these organisations having lots of unpatched systems, or the lack of visibility into systems, much less real-time monitoring even though there is already security solutions in place.
The second major point from the quarterly report, is the increasing use of ransomware, even in Southeast Asia and Malaysia. “The traditional way used to be to put a wall around your data, until a ransom was paid.”
But recently, a more nefarious method actually encrypts data, effectively holding it hostage till a ransom is paid. “This method called ‘cryptoware’ is more difficult to circumvent. Encryption is high-level which cannot be broken with standard brute force password crackers
“This is the reason why ransomware is becoming more prevalent, because it is more lucrative.”
There is even no guarantee that businesses get their data back after the ransom is paid, and the only way to minimise damage, is to make regular backups of data at the endpoint ie. Computers.
Ransomware in Malaysia
Ransomware like Cryptolocker is common and Malaysian organisations have been hit according to Tan. “It happens across all industries like finance, manufacturing, oil and gas… it may not affect the entire organisation, but small parts here and there enough to become a problem.”
One particular case in Malaysia, involved the ransoming of human resource information. As a result, monthly payrolls could not be processed, and the effect felt was not only upon the company’s reputation, but also employee morale. “There was significant impact to the organisation,” Tan commented.
“Last year alone, the FBI reported that cybercriminals got away with USD18 million. This is only in the United States,” Tan said.
He also advised that organisations really need to do backups of their data. “A lot of organisations usually backup their servers but overlook the information at endpoint devices. So backup has to be across the organisation. Sometimes that’s the only way to get back data.”
Patching up systems is also always a good security practice, especially since a majority of ransomware infiltrate by taking advantage of unpatched systems. Another way of course, is user error.
“Users are the weakest link, and there has to be more user awareness, to be wary of links in emails from friends, for example.”
Reset that password
Tan also opined that malicious insiders that leak information, should be an expanded scope to include not only employees that resign, but also individuals that the organisations work with like contractors, outsourcers, partners and more.
“In a cybersecurity index we released, what we saw last year is that 55-percent of incidents investigated were due to malicious insiders,” Tan pointed out.
IBM had also discovered that these incidents typically happen in companies with lack of accountability when it comes to user access.
In such organisations, there is no audit trail of who has accessed what information, there are no ready controls about sharing of passwords or privileged accounts, and strong passwords are not used or set to expire or reset even when an employee leaves.
Tan said, “Even in my interactions with customers in Malaysia, we see it happening – orphan accounts that are dormant, but active. There should be tools in place to manage the whole lifecycle of these accounts, from its creation to its termination.”
The fourth point that the quarterly report disclosed, is an encouraging one.
One IBM sponsored study in the United States found 85-percent of Chief Information and Security Officers (CISO) surveyed, that security awareness levels in the board room has gone up. Eighty-eight percent reported that security budgets also increased.
In Malaysia itself, Tan saw this increased awareness levels happening as well. Traits of this increased awareness that happened in the US, is also observed in Malaysia, according to Tan.
“In Malaysia, we are still in the starting phase. But questions are being asked now, although frameworks are not truly put in place yet,” Tan concluded.