Better safe than sorry
More cyberattacks are expected in 2018 and good cybersecurity practices are more relevant now than ever.
RANSOMWARE attacks will evolve and hit harder in the upcoming years, says Pikom Cybersecurity chair Alex Liew.
Speaking at the Star Empowerment: Cyber Defence & Network Security forum in Petaling Jaya recently, Liew said that most security experts agree that this type of malware will be prevalent throughout 2018.
“The reign of ransomware is far from over. In 2017 alone, ransomware growth topped 2,500%, hitting hospitals, businesses and individual users. It will hit harder, covering a wide range of attack surfaces like varied mobile devices, operating systems, Internet-connected devices and more this year,” said Liew.
In 2016, there were 14,627 reported cases of online scams totalling a loss of RM1.6bil in Malaysia. “Those are just the reported cases. We knew of some companies and individuals in Malaysia that fell victim to the WannaCry ransomware last year, but they weren’t officially reported,” he revealed.
Cybersecurity consultant Foong Chong Fook echoed this sentiment, saying that even with security solutions, businesses often left themselves vulnerable due to poor security habits and misconceptions about how hackers worked.
He said attackers do not pick their targets, and that every business was equally at risk, even if they were a small company or did not have an online presence.
Big business
According to mobile, online and digital market research specialists Juniper Research, cybercrime will rise dramatically in 2018, and will cost the world US$2.5tril (RM9.7tril) annually by 2022.
Foong, who is also the CEO of cybersecurity firm LGMS, said this was driven by the “new economy” of ransomware, where attackers would even purchase ransomware from other parties.
Liew concurred, adding: “The evolution of cyberattacks over the years show that the attackers don’t have to be as sophisticated as before, because there are tools easily available for cybercriminals to use.
“It started with something small like password guessing, and now has turned to phishing and social engineering.”
Social engineering aims to trick users into sharing confidential or personal information that can be used for fraudulent purposes.
One of the leading cases of data breach is human error, and despite many warnings, people still fall victim to phishing – the act of sending e-mails seeded with malware or designed to maliciously obtain valuable personal data.
“Social engineering will grow more complex, and more spams will deliver Trojan payloads that compromise computers when users unknowingly open a malicious file,” Liew warned.
Foong also expanded on this point during his live demonstration on how fake WiFi hotspots could be used to compromise a computer, with a case study of how social engineering using bogus e-mails could even compromise a bank.
He added other threats to expect in 2018 include social media spying, automated cyberattacks against SMEs, large enterprises and fintech systems, plus hacking using drones.
Securing your networks
For his part, Liew believed that 2017 was a year of learning when it comes to creating and implementing security practices.
Some key practices to follow are the increase of password strength and the need for two-factor authentication, and stringent access control to system and applications.
“To minimise risk, you have to adopt cybersecurity practices and maintain up-to-date systems,” added Liew. “We also need to educate users and implement best security practices.”
The good news is, Trend Micro Malaysia head of solution architect Law Chee Wan said there were now more security solutions like machine learning that could help keep users secure.
He said unlike older signature files system which could only detect known threats, machine learning used algorithms to predict potential and unrecognised threats. However, it is more resource intensive.
“Not everything new is the best, you need to blend the old and new to get better protection and avoid false positives,” said the Security Threat specialist, who has over 20 years of experience in the field.
False positives were when safe files were mistaken for threats.
Law explained that by combining machine learning with signature files, plus other security features like behavioural analysis and sandboxing, it creates a complex filter that would stop most threats from sneaking in.
Pikom’s Liew also advised users to secure their home and office networks and to use separate networks for IoTs. “Back up your data and avoid using free WiFi for important transactions, and use your 4G data instead. Evaluate the convenience versus the privacy trade off.”