BEAT CYBERCRIMINALS AT THEIR OWN GAME
Collaboration is key to ensure hackers’ efforts are in vain, writes BRIAN HANSEN
WHEN Malaysia implemented its Movement Control Order (MCO) in March to combat Covid-19, a different kind of threat also reared its head.
With the MCO keeping Malaysians at home, more people began working remotely and using financial services online than ever before.
Organisations in Malaysia (and elsewhere) had to adapt quickly to protect their corporate and customer data, communications, and processes when moving from office and branch-based systems to remote ones, which may be less secure.
Digitisation of financial products and services was already in full swing in Malaysia, but has now accelerated, with customers who used to do their financial transactions in person forced to go online. Given the uncertainty around the pandemic, we expect both trends to continue.
Remote working and digitisation of financial services represent substantial increases in the attack surface of the industry, and cybercriminals are quick to recognise and target new vulnerabilities.
From March 18 to April 7, a period coinciding with MCO, 838 cybersecurity incidents were reported to CyberSecurity Malaysia, marking a significant increase of 82.5 per cent compared to the same period last year.
This spike was not limited to Malaysia, with Australia, Japan, and others reporting similar increases in phishing, data breaches, and distributed denial of service (DDoS) attacks.
But Malaysia may be especially vulnerable, because of the rapid growth of new financial services such as digital banks, and new digital customers may be targeted by cybercriminals who take advantage of their relative inexperience on these platforms.
To best capitalise on new attack strategies in Southeast Asia like botnets, cryptojacking and ransomware, threat actors collaborate through a variety of networks. For example, less techsavvy criminals can simply buy ransomware services or kits from more technical hackers.
Criminal groups are now not simply holding stolen data for ransom and returning it to the victim after payment, but also posting it online for other threat actors to use or auctioning it off on the dark web.
Many cybercriminal networks even run like legitimate companies, with diverse functions and organisational roles like chief executive officers, recruiters and even customer service agents who, for example, guide victims through how to pay to recover their data or regain access to their systems.
Now more than ever, the only way to stay ahead of these sophisticated criminal networks is for us to work together as well.
In financial services, this is especially crucial, since large-scale attacks on financial institutions could damage overall customer trust in the financial system, which can affect the whole industry, not just the individual victims of the attack.
Sharing cyber intelligence is one crucial way to reduce cyber risk. Organisations like ISACs (information sharing and analysis centres) facilitate sharing in a trusted environment using a secure member portal, a set of guidelines for how information can be shared, and smaller circles of trust for specific communities within different sectors and regions.
At FS-ISAC, we enable intelligence sharing for the global financial services industry. Our regional office in Singapore serves member institutions across the Asia-Pacific region, giving them a platform to share country-specific threat activity and best practices in areas like incident response and third-party risk management.
Through a variety of events and meetings, we build trust in the community and between members, and we offer resiliency exercises to build our capacity to protect and defend against new types of attacks.
All of these help firms save precious resources instead of experimenting on their own, making cybersecurity cheaper and more effective.
It also makes cybercrime more expensive. The faster the intelligence is shared, the higher the chance for other firms to put up defences against the threat.
This prevents cybercriminals from using the same attack strategy multiple times, forcing them to find a different approach or build new attack infrastructure, lowering their return on investment.
As cybercriminals constantly adapt and become sophisticated, the need for intelligence sharing is more important than ever. The cyber attacks related to Covid-19 have proved how quickly new attack vectors can emerge.
Since no institution can anticipate every threat all the time, the financial services industry needs to learn from the threat actors themselves and build trusted relationships within the industry through peer-to-peer intelligence sharing.
Only by collaborating as they do can we beat cybercriminals at their own game.