Famous for the wrong reasons
By Sharmila Ganapathy July 16, 2018
- Russia, China and Indonesia are the top attacking countries directed at the travel industry
- Singapore among top five in APAC with the largest source of web application attacks
SINGAPORE and Indonesia have been featured prominently in Akamai’s recently published State of the Internet / Security Summer 2018: Web Attack Report and for all the wrong reasons.
In the report, Singapore made it back to the list of top five countries in the Asia Pacific region with the largest source of web application attacks, while Indonesia was highlighted as one of the three markets with major sources of credential abuse for the hospitality industry. Credential abuse are unauthorised malicious login attempts targeted at sites.
Digital News Asia spoke with Akamai’s Senior Product Marketing Manager, Security, APJ, Don Ng (pic, right) for his views on what is happening with Singapore and Indonesia.
In an e-mail reply, Ng highlighted that Singapore is a city with one of the highest internet connectivity speeds and residential wired broadband household penetration rates globally.
“Singapore households have laptops, desktops, mobile devices, routers and broadband, IP camera and other Internet-connected applications with high speed Internet connectivity, which are factors that attackers would rate as highly desirable in compromised systems,” he said, commenting on Singapore’s return to the list.
On the perpetrators, Ng said that analyses of attack traffic origination revealed that Russia, China and Indonesia are the top attacking countries directed at the travel industry, including hotels, cruise lines, airlines, and travel sites in Singapore.
“Attack traffic origination against the hospitality and travel industry from China and Russia combined was three times the amount of attacks originating in the US. These countries have historically been large centres for cyber-attacks, but the attractiveness of the hospitality industry appears to have made it a significant target for hackers to carry out bot-driven fraud,” he opined.
He added that the Singapore government and companies are also likely targets – global organisations such as e-commerce companies, banks and public sector organisations – with high value data assets.
However, while consumers may be targets, in most cases, Akamai doesn’t see individuals being targeted individually. That said, individuals do become collateral damage when companies, which have stored sensitive data are compromised and sensitive information are stolen.
A sitting duck
To a question on why the hospitality industry is often targeted, Ng explained that hospitality industry companies have loyalty programmes for their customers.
“The customer accounts have a lot of stored value in the accounts which can be used and redeemed for different purposes which can be redeemed for hotel stays, flights or gift cards, in addition to sensitive personal data. Redemptions are typically electronic, without any need for physical shipping.”
He added that credential abuse results in negative impact to customers with sensitive information exposed and points stolen.
Organisations, are faced with devoting resources to investigate, resolve and very commonly to restate stolen loyalty points, which contributes to significant financial losses to these organisations.
Commenting on the motivations of hackers targeting the hospitality industry, Ng said there are various motivations, ranging from making the website inaccessible through DDoS attacks to gaining access to credit card data or sensitive information of customers for example.
“Financial gains would be a primary objective, point-based rewards systems are tempting targets because they are profitable and hard to track when compromised, with a ready market,” he added.
Implications for Singapore and Indonesia
According to Ng, this is the first instance where Indonesia and Singapore are ranked as top attacking countries.
“The attacker and the attack traffic are not necessarily in the same country or region, as Akamai have observed, compromised systems can and do hide where the master commands are coming from or where the master attacker is physically located.
“The data indicates that there is evidence of a large number of compromised systems within Indonesia and Singapore. Routers may make up a large portion of compromised systems, as many of de-facto passwords are not changed or outdated firmware render them vulnerable to known exploits,” he said.
Commenting on preventive measures that Singapore and Indonesia can take, Ng said consumers can take steps such as installing anti malware solutions on their PCs, laptops, smart phones and devices. They also need to change the default passwords on their internet connected devices, such as IP cameras, routers and WiFi networks.
“In addition, they need to be wary of downloading and installing applications from unknown or non-reputable sources.”
Organisations, meanwhile can protect themselves against credential abuse, by ensuring they have a specialised bot risk management solution that is able to detect sophisticated bots.
“Organisations can also look towards the adoption of multi-factor authentication such as One Time Passwords (OTP) through SMS for example,” he said.
He also advised organisations to examine outgoing traffic from their networks and focus on DNS queries for signs of compromised systems.