Credit: GraphicStock (Cyber strategies)
This exclusive Computerworld Malaysia interview with national digital security agency CyberSecurity Malaysia tackles themes, which are in conjunction with CyberSecurity Malaysia's chief executive officer Dato' Dr Amirudin Abdul Wahab's opening keynote at Computerworld Malaysia Security Summit 2017 (20 April 2017).
While Dr Amirudin did note in his keynote at last year's Computerworld Malaysia Security Summit that critical infrastructure attacks were already on the local horizon, some of the emerging threat groups now include the possibility of more state level attacks and espionage in common with a global increase of organised, sophisticated campaigns.
This interview is part of an inaugural group of special Security by Malaysia-based leadership articles such as 'Securing the Internet of Nano-Things, an exclusive with NanoMalaysia CEO Dr Rezal Khairi Ahmad.'
Photo - YBhg. Dato' Dr. Haji Amirudin Abdul Wahab, Chief Executive Officer, CyberSecurity Malaysia.
You talked earlier in January of this year of threats from emerging technologies: what's your overview of the threatscape today?
[AAW] Malaysia is rapidly growing its digital economy, and one impact of such a journey is that it is more vulnerable to cyber attacks.
With the large amounts of money invested in the digital projects, Malaysia is becoming more of a potential target for various cyber attacks.
We have already witnessed some significant incidents of cybercrime, hacktivism, cyber espionage in Malaysia. Disappearing geographic and space-time barriers, coupled with online anonymity, makes cyber-attack more possible. These attacks can take the form of any cyber offensive action ranging from web defacement, system intrusion, cyber espionage, and malicious software (malware) infection to high-scale cyber attacks with diverse political and economic motives.
Nowadays, cyber attacks committed at the organisational and state levels have become more 'obvious' and they are executed iwith technical complexity and sophistication.
What new things has monitoring by CyberSecurity Malaysia and others picked up?
Cyber attacks today are becoming more sophisticated and we have already acknowledged that Advanced Persistent Threat (APT) actors are now one of the biggest challenges facing the nation.
In simple terms, APT is a sophisticated, covert and continuous cyber attack based on well-coordinated plan committed to achieve both for business or political motives.
In tandem with increasing investments and diversifying economies spur more development in ASEAN and Asia Pacific region, Malaysia too is growing in importance as a potential target for APT cyber attacks.
According to a 2016 report entitled Operation Dust Storm, major industries across Japan, South Korea, the United States, Europe, and several other Southeast Asian countries have been targeted for cyber-attacks from about 2010. These attacks compromised a wide breadth of victims across electricity generation, oil and natural gas, finance, transportation, and construction industries. A wide range of attack types and vectors were employed, and the prime motives are long-term data exfiltration and theft.
Can you talk a little more about APT targeting?
In 2015, FireEye discovered a decade-long cyber espionage operation by the group named Advanced Persistent Threat (APT30) that targeted key political, economic and military information across Southeast Asia for about 10 years.
APT30 captured the regional attention not only for their sustained activity and regional focus, but also for its continued success despite maintaining relatively consistent tools, tactics, and infrastructure since at least 2005.
In a 2015 report entitled Southeast Asia: An Evolving Cyber Threat Landscape, FireEye revealed more than half of the targeted malware detected in Southeast Asia came from government and telecommunications sites. Leading companies that performed business in critical sectors were also targets of APT groups.
In the case of the financial sector, it faces both cybercriminals are looking to steal money from them as well as APT actors, who are seeking sensitive financial information. It is alarming to note that the very existence of the APT attacks highlight not only Southeast Asia regional vulnerabilities but also Malaysia as part of the regional community.
You touched on emerging technology earlier this year: how realistic are such threats in Malaysia today?
The era of Internet of Things (IoT) and Industry 4.0 will see the rise of artificial intelligence, machine learning applications, and nanotechnology. It is the scenario of a future that is fast-approaching, and there are many questions about the possible consequences.
Experts foresee that artificial intelligence, machine learning application, and nanotechnology could be tricked, hacked and hijacked into doing unwanted things. Hackers might already start taking a closer look too, and they could cause all sorts of trouble by tricking these systems with illusory/fake/misleading data.
As technology becomes smarter so do cyber attacks and hackers. They might also work on how to deceive and attack AI, machine-learning, and nano systems. They can do various malicious things to a machine-learning model, and if such things happen defending it can be a very challenging task.
What's your advice to those who are devising and implementing cybersecurity strategies for their organisations?
Traditional cyber security approach relying on detection is still important but it is no longer sufficient as most actions depend heavily on signatures and known patterns.
The traditional approach finds it 'difficult' to detect unique custom malware and new breed of cyber attacks, consequently these result in significant gaps in our cyber defence.
As most APT attacks lie dormant and remain undetected, a more innovative and proactive adaptive security approach is required to address such situation.
The adaptive security approach could be achieved by having the following capabilities:
- Predictive - Ability to collect and analyse structured and unstructured data in order predict and simulate current and future threats;
- Preventive - Ability to deter cyber attacks through various cyber security measures being put in place such as risk assessment, implementation of information security controls, adherence to policies and procedures, competency & information security awareness programmes, etc.;
- Manageability - Vulnerability Assessment & Penetration Testing (VAPT), Incident Response Team, Data Breach Protection Tool etc.; and
- Recovery - Data recovery & digital forensics, malware eradication, Business Continuity Management (BCM) and so forth.
Sign up for Computerworld eNewsletters.