Most APAC organisations breached, the rest don’t know they’ve been hit!
By Benjamin Cher July 26, 2016
- Asia in the crosshairs of threats ranging from botnets to APTs
- Growing cybercrime can be seen as an indicator of economic growth!
SIT down for this one: According to cybersecurity company RSA, over 70% of organisations in Asia Pacific report that they have suffered a successful cyberbreach in the past 12 months.
And the rest? “I’m willing to bet a good portion of the remainder simply isn’t capable of detecting their breaches,” RSA president Amit Yoran said in his keynote address at the recently concluded RSA Conference 2016 Asia Pacific & Japan in Singapore.
The region in fact is being increasingly targeted, according to Ixia senior product manager Philip Trainor.
“There’s so much noise in Europe and the United States about being targets, because perhaps they are just reporting it more,” he suggested. “I’ve seen lots of attacks targeting Asia … there is compelling proof.”
Asia Pacific is facing a veritable rogue’s gallery of cyberthreats, with more appearing almost every day.
APTs just the tip
Advanced persistent threats (APTs) are among the many threats, and the problem is that they are becoming increasingly automated, according to Trainor (pic).
“There is no person behind the keyboard, and they have multiple stages to them … there is a whole bunch of automated scripts,” he said.
Trainor said that he built a honeypot – a computer security mechanism set to detect, deflect and counteract attacks – in Singapore, and saw attacks from over 1,000 IP (Internet Protocol) addresses in a mere 12 hours.
“I correlated all the ones that attacked in Singapore with the ones attacking across the globe … these are advanced attackers,” he said.
“You’re being scanned constantly – some of the IP [addresses] that attacked my honeypot were command and control [servers] for botnets, hosting and sending malware, and launching remote exploits and phishing campaigns.
“These were attacking [systems] here in Singapore, as well as in [rest of] the world,” he added.
Asia Pacific is pretty much on the cybercriminal’s radar.
Rise of the botnets
Another growing threat is the botnet, a network of private computers controlled as a group without the owners’ knowledge.
Asia Pacific has two countries (South Korea at No 3 and China at No 4) in the top 10 countries in the world hosting the command and control (C&C) servers that launch such attacks.
South Korea in fact edged past China in the past year, according to Chris Richter (pic), senior vice president of Global Security Services at Level 3 Communications.
And this was because South Korea “is one of the fastest growing economies in the region, and with that comes more network infrastructure, more systems, and more vulnerabilities,” he said.
Economic growth is in fact a draw for cybercriminals and this is why we are seeing the rise of botnets in the region, Richter argued.
“It seems like the faster the economy is growing, the more reckless the controls and the less governance there is,” he said.
“The fastest growing economy in Europe is Poland, and we saw it move up the list as well, just as South Korea has moved up,” he added.
In fact, the level of C&C activity can almost be used as an indicator of the health of the economy, Richter ventured.
Moving to the cloud does not exactly resolve issues with botnets either, as cloud service providers are not patching the virtual machines your server is running on, he argued.
“It actually spreads the problem because we’re seeing botnets hosted by cloud companies – those virtual machines are no different from physical machines,” said Richter.
“If you don’t have good governance – for example, patching your virtual machines – they are still vulnerable to attack, and there’s nothing [the service provider] can do,” he added.
Indeed, Richter warned against assuming that large cloud service providers ensure their machines are up to date with patches.
“They patch the host machines and the hypervisor, but they aren’t going to patch your virtual machine – that machine is still yours,” he quipped, adding that these providers are not going “to take care of everything for you.”
It’s organised crime, these days
To make matters worse, it is apparent that cybercrime – which today is being driven by financial motivations – is increasingly being industrialised, according to Sunny Tan (pic above), head of South-East Asia security sales at BT Global Services.
“The nature of criminals has evolved over the years – on the cybercrime side, it has actually become organised crime,” he said.
“These guys are essentially businessmen – they have a clear strategy on how they want to benefit from attacking organisations, and there is always an end goal in mind,” he added.
The recent spike in ransomware attacks highlights this point, but that is just the tip of the proverbial iceberg, according to Tan.
“It is still very much an opportunistic method for lower-level hackers or attackers, and they try to do it en masse, hoping to cash out here and there,” he said.
“What’s more worrisome is organised crime [syndicates] which have a specific objective against your organisation – they are clearly looking for a monetary benefit out of attacking your organisation and stealing something which can then be sold.
“Then there is of course the old-fashioned blackmail, where attackers threaten to publish sensitive information.
“It is a different story from a poor guy just having his notebook encrypted, it is starting to be industrialised, and they are trying to mass manufacture these opportunities,” he added.
Coupled with crimeware-as-a-service, where malware toolkits are sold for use, organisations are now facing a tough time protecting themselves, especially since malware “can evolve in a minute,” according to Tan.
“We’ve seen malware in use for 60 seconds before the code is changed again, because there are so many engines that they can use to change the code and evade detection,” he said.
“The average lifespan is 60 seconds and a lot of the traditional controls might not be fast enough to respond to something as shortlived as that – antivirus companies are updating their signatures every day, but that’s no longer sufficient,” he added.
Next Up: Here's how NOT to defend yourself
The world of money and espionage: Not Bond, but data breaches
Asia in the crosshairs of APT attackers: FireEye CTO
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.