We are creating some awesome events for you. Kindly bear with us.

Exclusive: Why tech savvy enterprises are not always cybersecure

“Singapore is a major hub for data centres. Cybercriminals know that…many attacks globally are starting out of Singapore,”

This is from Stephan Neumeier, Managing Director APAC Kaspersky Lab. He shares this alarming fact with OpenGov Asia in a recent interview. Stephan is joined by Vitaly Kamluk, Director of GReAT (Global Research and Analysis Team) APAC Kaspersky Lab. Together, they share with us how in times like these, even the most tech savvy of organisations is susceptible to cyberattacks. Kaspersky is working with customers to improve their cybersecurity infrastructure and providing education on how to invest in cybersecurity.

All Enterprises Vulnerable to Cyberattacks?

Enterprises have become easy targets of attack. Vitaly notes that two key trends this year that has made businesses susceptible.

First, the attribution game this year has changed significantly with the appearance of Olympic Destroyer. Vitaly said it tricked the world. The malware caused mass disruption during the 2018 Winter Olympics in Pyeonchang, targeted financial organisations in Russia and attempted to attack biochemical threat prevention laboratories in Europe. Highly malicious, Olympic Destroyer was elaborately planned. Researchers could not easily attribute the source of attack since it bore close resemblance to other malwares. Investigations were severely slowed down since they needed to verify with multiple sources.

Second, supply chain attacks and the creation of a fake supply chain have also become commonplace. The financial industry has been especially susceptible.

Vitaly explained that the remotely managed ATMs have multiple backdoors for threat actors to enter. What’s worse is that the backdoors come from vendors and they are unaware of it. Attackers can easily enter and inject malicious code.

Even if a supply chain vendor is highly secure and cannot be breached, attackers create a fake supply chain. A cryptocurrency business suffered this fate. The attacker created a fake company using a software which looks and acts legitimately, resembling the business. Apart from the billions stolen in bitcoin, the reputational damage far outweighs.

“There is a hidden backdoor which is hard to discover. Fake vendors and supply chains are tricky and hard to discover,” explained Vitaly.

Another example Vitaly provided is an infected EDM. Hiding behind the veil of what seems like a legitimate company, a fraudulent product could be advertised through email. Although the product is not fully developed, the promotional material is attractive enough for end users to download it. In the process, they unknowingly open a backdoor.

Vitaly said, “Even if it is a temporary solution, once you download it, it opens doors to your organisation.”

Reminiscent of alligators staking out their preys near water bodies in the Savanna, these are known as a watering-hole attacks in the virtual world. Legitimate websites are compromised without the need for a malicious server. Attackers are confident that targeted users will fall prey.

Proving watering-hole attacks are common, Vitaly offers the example of how a highly secure and tech-savvy bank in Poland was breached by the malware Lazarus, a North Korean state actor. Although many of the bank’s applications were conducted offline – a precaution many would consider fool proof – attackers managed to break into the system.

A leeway was presented when a regular system update for an installed Flash Plugin failed. Typically, the plugin would fetch the update from an online source. However, given the bank’s security protocol, a proxy with the relevant credentials was needed to validate the process. No one in the organisation had followed up to check if the software update was conducted regularly. This slip allowed attackers to inject malicious code into the Flash Player, exploiting a selected group of visitors.

“Even if you are technically savvy, it is easy to overlook such things,” said Vitaly.

However, there is little consolation for those who want to protect themselves. When asked how an individual could protect themselves from well-disguised threats, Vitaly said, “That’s the problem – there is no chance.”

“You need the expert’s eyes. Not on the interface, but on the backstage.”

Where to Invest for Cybersecurity

Hence all organisations should consider Stephan began by explaining that traditional threat prevention methods such as endpoint security is insufficient today. Since cyberthreats are becoming more sophisticated, organisations need to diversify their investments.

“Of an organisation’s IT budget, 10% should be invested in cybersecurity.”

“In the past, many companies invest 80% of their IT budgets in endpoint protection and the rest in some other aspect. But this should shift. 40% should go into prevention. 60% needs to be invested in detecting, responding and predicting,” suggests Stephan.

However, beginning the journey or selecting the best combination of services might be a daunting one. Hence, Vitaly explained that Kaspersky Lab arranges meet-ups between businesses and their security experts. Businesses are briefed on the latest threats in the region or industry, and how best to respond.

Even for enterprises which do not subscribe to their services, Kaspersky Lab offers a heads up. The aforementioned cryptocurrency company is a beneficiary.

Kaspersky Lab offers a portfolio of these required solutions in its Enterprise Portfolio. The combination of technologies and services helps the IT department to prevent most attacks, detect new and predict future threats, and respond to emerging incidents. This helps to ensure operational continuity and regulatory compliance.

The comprehensive services offered are possible given the company’s global reach. According to Stephan, the company protects more than 400 million endpoints globally. They have good working knowledge of what is happening on the ground. Hence, high quality intelligence reports can be generated to help both their business and customers.

What to Do When Breached

Despite their global reach and geographic expertise, Stephan and Vitaly shared that not all countries or companies were open to receiving their help. More specifically, developing nations tended to have the most reservations.

Vitaly explained, “Developing countries, being much more suspicious and closed off [in sharing information about their breach] would say: ‘Show us proof, we don’t want to hear you’. In the end, they don’t want to hear about the breach. They want to live in their own shell and are afraid of discovering threats even on their own premises. They want to be ignorant about this.”

He added, “In Singapore, the response was opposite. We came on the ground, we did a search with their engineers and they found that our suspicions were based on fact. Their response was also very diligent. I was impressed.”

Stephan concurred, “This is a challenge we meet in many countries. When we talk to larger corporations or even government, the concern to share data, specifically after customers or citizens got breached, is huge. They don’t want to share anything.”

“But if you do not share, you cannot leverage on information which is out there as well. If you look at the cybercriminals, this is a global network. There are no borders. They share all the malicious codes they have, they send it to each other to develop it further. They are very well connected globally. If companies and governments are not working globally with each other, then there will always be a disadvantage. They will always be a step behind.”

Ending off, Vitaly said, People trust too much, they are not suspicious enough. On the internet, people are much more relaxed. They think no is going to attack them physically, so computers and smartphones are not as harmful.”

The rise of private information extortion through scams in Southeast Asia should be warning enough.

He advised users, “Put less trust in systems and strangers on the networks. If you receive messages from social media, text or emails, about being hacked or being blocked, do not engage in the conversation. This allows the malicious actor to enter.”

Unless people revert to devices with limited functionalities, there is little to no chance of evading an attack these days. Threats will keep evolving and it there will be no end to them. As long as individuals and organisations install apps and plugins to their devices, there will be always be malicious intents waiting to lure unsuspecting prey.

Send this to a friend