SEA at risk as disputes turn to cyberwar: FireEye
By Benjamin Cher November 19, 2015
- Hackers hitting government and military targets to get emergency response plans
- Number of APT attacks in the region starkly higher than the global average
SOUTH-East Asia is at increasing risk from geopolitical tensions expanding into cyber-warfare, according to the South-East Asia: Cyber Threat Landscape report released by FireEye Inc today, based on a joint study with Singapore Telecommunications Ltd (Singtel).
“We have seen a lot of attacks focused on geopolitical tensions, especially among nations involved in territorial disputes in the South China Sea,” said the company’s Asia Pacific chief technology officer Bryce Boland.
“Just in the first half [of 2015] alone, we have seen targeted attacks against government organisations, including some military agencies,” he told Digital News Asia (DNA) in Singapore before the report was made public.
READ ALSO: SEA journalists being targeted by hackers, state agencies
These attacks targeted such agencies to get access to emergency response plans, according to Boland.
Citing the APT 30 report FireEye released earlier this year, he argued that the Asian culture of secrecy is making the region more vulnerable.
“This is … a big issue in this region – if people find out they have been attacked, they don’t say anything and the attackers can keep attacking until someone says something,” he said.
“If one of those organisations had come out and said they were being attacked, it would have forced the attackers to do something else,” he added.
While disclosing that their company had been attacked is still seen as negative in Asia, Boland argued that it should be a badge of honour that the attack was detected.
It does not help that South-East Asia remains a favourite target of advanced persistent threat (APT) groups, according to the FireEye report.
An APT is a sophisticated attack that targets a specific organisation to monitor and extract data from.
The region still faces a huge challenge, made worse by the gaps in cybersecurity readiness amongst its countries, according to Boland.
“Cybersecurity consists of a few components, but a lot of it is about preparing a policy to guide and enforce people’s behaviour; detecting and investigating incidents; law enforcement taking over when appropriate; and the judicial capability to enforce laws and regulations,” Boland said.
“That’s hard to do because it is hard to train people in all those areas, and also because many incidents take place across national borders,” he added.
A whole lot of factors need to be in place before any nation can be competent enough to take on the cybersecurity challenges of today, he noted.
A key finding from the latest FireEye report is that 29% of its customers in South-East Asia have detected malware associated with APT groups, which is higher than the global average of 20%.
“29% of our customers in South-East Asia saw targeted attacks in the first half of 2015, which is roughly 50% more than the global average – that is quite a stark contrast,” said Boland (pic).
The three South-East Asian countries that reported higher levels than the regional average were Thailand (40%), the Philippines (39%) and Malaysia (33%).
Another interesting finding from the report was that 6% of malware infections were from an 11-year old malware, Gh0stRat.
“[This] is a freely available remote access trojan tool and has been around for 11 years,” Boland said.
“The point is a lot organisations are being infected by things that are 10 or 11 years old, and it is not because they are not running things like antivirus or firewalls, it is because it doesn’t matter that it is 11 years old, an attacker can create a unique version for every attack,” he added.
Due to each attack being unique, no firewall or antivirus is going to detect or stop it, and these ancient attack types are still highly effective in the region because organisations here still have not adopted the technology to detect them, Borland argued.
The root of the problem
The key takeaway is that everyone is vulnerable. “Governments are vulnerable, so are individual organisations and people,” Boland said.
“No-one has solved the problem completely, and at the root of the security problem we have, it is about all the insecure code we write,” he added.
People make mistakes – approximately one security mistake per 1000 lines of code, according to Boland – making the problem bigger and faster than companies can address.
This is compounded by connecting complex systems with vulnerabilities, and then connecting them to the Internet, he said.
“Pretty much everything that has connected or will be connected to the Internet has security flaws, and we are just making it a much bigger problem now.
“Everyone is going to be breached – the challenge is whether you can detect and respond to it,” he added.
Some companies in South-East Asia are stuck in their old ways, according to Boland.
“Products were previously touted as being able to solve all the security problems then, but they don’t solve the problems we have now,” he said.
“There are a lot of ways attackers can bypass these old controls, and many organisations are still kind of stuck in that old paradigm,” he added.
While each organisation places a different priority on security, all of them have something of value, according to Boland.
“Every organisation will think that security is more or less important depending on the business they are in, but all will have something of value,” Boland said.
“What’s the worst case scenario for your organisations if you are breached? That’s a question a chief executive officer (CEO) should be thinking about,” he added.
Citing the Ashley Madison, Sony and Target breaches, Boland noted that these CEOs all lost their jobs.
“And the reason they lost their jobs is because they didn’t take security seriously enough,” he said.
“You don’t necessarily know what will hurt you until it happens, but you should be thinking about what the worst case scenario is going to be,” he added.
To download the South-East Asia: Cyber Threat Landscape report, click here.
State-sponsored group that spied on Malaysia for 10 years
Plugging the gaps in today’s threat landscape
Asia in the crosshairs of APT attackers: FireEye CTO
China-based group using new tactic to plant backdoors: FireEye
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.