DSA was invited to attend a joint media briefing hosted by Symantec and CyberSecurity Malaysia titled “Threat Landscape: Living off the land - working with ubiquitous tools”, where Symantec Malaysia’s Systems Engineering Director, David Rajoo presented the findings of Symantec’s annual Internet Security Threat Report (ISTR).
Through the ISTR, Symantec aims to compile a yearly overview and analysis of global threat activity by establishing the largest civilian threat collection network in the world, monitoring activities in over 157 countries. The data that is analysed is used to provide insights into global threat activity, cybercriminal trends and attacker motivations.
One of the key takeaways of their latest report is that targeted attacks are on the rise, but there is a considerable shift in the motives behind such attacks. From a global perspective, in 2016 there was an upsurge in targeted attacks that were politically motivated, with rising instances of subversion and sabotage, designed to disrupt and destabilize specific organisations or countries.
Email attacks remain to be the weapon of choice for cyber attackers in 2016 as 1 in 131 emails were found to be infectious or laden with malware, the highest rate in five years. Seemingly innocuous emails are commonly made to look legitimate to fool recipients into downloading harmful malware or divulging sensitive information through various methods of social engineering, with highly targeted spear-phishing tactics having grown in popularity and sophistication in recent years.
Instead of customising or building new types of malware to compromise their victims, however, more and more attackers are employing “living off the land” methods; abusing common IT tools such as Microsoft PowerShell or macros in Office documents, operating system features, off-the-shelf tools, and cloud services to essentially hide in plain sight. The tools are ubiquitous, easy to use for malicious purposes and don’t usually arouse suspicion.
David indicated that we’re at the precipice of the next frontier for cybercrime. The growing reliance on cloud services as well as the emergence of the IoT have brought on the rise of new forms of threats, opening up whole new platforms and users for attackers to target.
The CEO of CyberSecurity Malaysia, Dato' Dr. Haji Amirudin Abdul Wahab, was also present to share insights on the current state of cyber security in Malaysia. He stated, “With each year, the security industry faces new types of threats as cybercriminals evolve their approach towards accessing organisations’ data. As Malaysia heads towards Transformasi Nasional (TN50) and rapidly transforms into a digital economy, cyber security will continue to play an increasing role in the national agenda.”
According to Dr. Amirudin, fraud and intrusion made up the bulk of the cybercrime cases reported in 2016 and the first quarter of 2017, constituting about 75% of all reported cyber incidents in Malaysia. He also mentioned that CyberSecurity Malaysia is seeing a worrying increase in the number of cyber harassment or cyberbullying cases, with 679 reported cases between 2016 and early 2017.
Ransomware is certainly an ever-growing menace and Malaysia is currently the 6th most targeted country in the APJ region and 17th globally in terms of ransomware threat. But although Malaysia, Singapore and Thailand are ranked as some of the most tech-savvy nations in Asia, recording the highest scores in overall cyber-savviness and knowledge, the countries came in near the bottom when it came to taking the appropriate steps to protect themselves with many internet users still taking unnecessary security risks.
Despite cyber security being a serious issue, another point of concern are the cases which go unreported. To make it easier for internet users in Malaysia to report or escalate cyber-crime, cyber harassments and other computer security-related incidents, CyberSecurity Malaysia has established the Cyber999 Help Centre. Reports can be made via online form, email, SMS, phone, fax, as well as mobile apps which can be downloaded from the Apple App Store or Google Play.
Volume 22 of Symantec’s annual Internet Security Threat Report, released in April 2017 can be viewed here.