National digital security agency CyberSecurity Malaysia has added its voice to security software company Trend Micro's expectations of increased cyber threats against organisations as Malaysia continues to drive its Digital Economy framework.
CyberSecurity Malaysia chief executive officer Dato' Dr Haji Amirudin Bin Abdul Wahab (pic below) said the country is attracting more attention from cyber criminals concurrent with its growing digital infrastructure and increasing economic activities.
Specific attack groups include fraud, cyber harassment and denial-of-service (DDoS) attacks, said Dr Amirudin when revealing details from the agency's recent report.
"About 88 percent of today's malware is now able to morph to avoid detection by signature-based antivirus solutions," he added.
A different strategy is required, said Dr Amirudin, pointing to rapidly changing threat tactics in the current operating environment.
Earlier this year, during his opening keynote at the Computerworld Security Summit in Kuala Lumpur, he detailed a changing treat landscape for 2017. (See - Combatting cyberattacks with a strategic mind set: Computerworld Malaysia 11th Security Summit)
New attack families
Trend Micro Malaysia's head solution architect Law Chee Wan (pic below) during the company's recent summit discussed current threats.
Among his comments, he noted that "The number of new families is forecasted to grow 25 percent in 2017, and organisations need to look at mitigation at every point."
Dhanya Thakkar (pic below), vice president , APAC & MMEA, Trend Micro, drilled down to examine some of the company's own findings, which singled out the threat posed by ransomware.
Ransomware attacks against enterprises and larger organisations are on the rise. This is exacerbated by criminals' use of new technologies and techniques, which allow malware to infect systems within one minute.
At the beginning of 2015, CyberSecurity Malaysia's Dr Amirudin said the agency had detected ransomware as a potential major threat group and delivered a nationwide alert.
According to a cybercrime survey late 2016, close to 100,000 online extortion threats have been recorded in Malaysia in the first half of 2016 across various businesses. At the time, the U.S. Federal Bureau of Investigation (FBI) revealed that ransomware has cost enterprises a total of US$209 million in monetary losses.
Thakkar confirmed that as connectivity deepens and emerging technologies such as the Internet of Things (IoT) promise opportunities for both businesses and cybercriminals.
Returning to ransomware, he said the attackers have added the enterprise sector to existing attacks against individuals and small organisations.
He agreed the attack methods have changed since 2016 to try and evade enhanced detection solutions. As well as focusing on victims able to give bigger pay-outs, ransomware operations are carried out across multiple infection channels - ransomware families - called crypto-ransomware, which encrypt certain file types on infected systems and force users to pay the ransom through certain online payment methods in order to obtain a 'decrypt key.'
How to stay ahead of the attacks? "Organisations need to anticipate the shifts in IT infrastructure, embrace changes in user behaviour and adapt protection for new and constantly-emerging threats," said Thakkar.
What this usually means is that "whether organisations are deploying workloads in the physical, virtual, cloud or hybrid environments, investments for security capabilities need to be comprehensive," he added. "They should also look at more holistic approaches, rather than rely on narrower security protection methods."
For recent local security news, visit:
- Combatting cyberattacks with a strategic mind set: Computerworld Malaysia 11th Security Summit
- Malaysia at risk: CyberSecurity Malaysia chief covers espionage and state level attacks
- Cybercrime survey finds almost 100,000 online extortion threats in Malaysia
- CyberSecurity Malaysia gears up to tackle ransomware
- How the Ransomware 'industry' fared in 2016 and what to do for 2017: exclusive interview
Sign up for Computerworld eNewsletters.