Share This

Sunday, December 21, 2014

2015 Hack of a year ahead!

2014 has seen a tsunami of epic hacks and identity thefts, including the recent massive cyber attack on Sony Pictures Entertainment. Security experts are predicting more or worse cases of such hackings, including in Malaysia where the awareness of cyber threats and security measures is still very low


Brace for more cyber attacks

PETALING JAYA: If you think that a cyber attack like what happened to Sony Pictures Entertainment could only happen in Hollywood, think again.

It is a sign of what’s to come globally in 2015, say cyber security experts.

In the attack on Sony on Nov 24, the attackers hacked the company’s network and took terabytes of private data, deleted original copies from the company’s computers and left messages threatening to release the information if Sony did not comply with their demands.

Nigel Tan, director of systems engineering for software security firm Symantec Malaysia said the prominent data leaks of 2014 would keep cyber security in the spotlight in 2015.

“With the interconnected nature of a global Internet and cloud infrastructures, cross-border flow of data is unavoidable and needs to be appropriately addressed.

“Malaysia was affected in the data breaches this year and will continue to be affected next year,” he said.

Tan recalled a hack last month by a site called Insecam, which downloaded and displayed images from unsecured webcams of CCTV and simple IP cameras around the world, including from Babycams.

Symantec expects more mega data breaches next year, especially with the rising use of mobile devices for e-payment and the cloud computing technology for storage of personal and confidential information.

“Mobile devices will become even more attractive targets for cyber attackers in 2015 as mobile carriers and retail stores transition to mobile payments.

“Mobile devices are also used to store troves of personal and confidential information. They are left switched on all the time, making them the perfect targets for attackers,” said Tan.

He said the growing use of smart home automation, like smart televisions, home routers and connected car apps had also increased the potential of cyber attacks as more devices were being connected to the network.

Cyber law expert Dr Sonny Zulhuda agreed that the idea of synchronisation and interlinking of smart home automation (or the Internet of things) would be too tempting for both users and “abusers”.

“Users need to balance the use of these devices and smart technology with the efforts to preserve security, privacy or confidentiality.

“Just imagine how many mobile users are concerned about installing a good malware scanner on their devices. In the mind of the criminals, on the other hand, this will make their work even easier.”

Dr Sonny, who is assistant professor at the law faculty of the International Islamic University Malaysia, said it would come to a point where people would get too tired with the intrusion and abuse of their privacy.

“In Malaysia, for example, more people are being aware about the need to protect personal data thanks, to the enforcement of the PDPA 2010 (Personal Data Protection Act).

“Perhaps it is timely now to consider the development and penetration of cyber insurance as a new product for our insurance industries,” he said.

Imam Hoque, managing director of business analytics software and services company SAS said another reason why more cyber criminals target mobile devices was the increasing number of corporations embracing the “bring your own device” (BYOD) to work policy.

“This coupled with a general trend for business to provide more methods of interaction with consumers using mobile devices opens up further opportunities for hackers.

“The emergence of more mainstream malicious software kits for these mobile devices will accelerate the number of attacks on the mobile channel,” he said.

Hoque said that the continued trend to store data within the cloud, coupled with the high-publicised data losses from corporations such as Sony would encourage more hackers to consider large data loss exploitation.

“This in turn will lead to higher levels of identity theft and the ability of hackers to compromise the relationships between individuals and the institutions with which they interact,” he said.

CyberSecurity Malaysia CEO Dr Amirudin Abdul Wahab said while malware would continue to rise steadily on mobile devices to attack individuals, cyber criminals would also exploit the mobile device for advanced persistent threats (APT) on specific targets, resulting in high impacts on security, prosperity and public safety like critical infrastructure and big corporations.

“We foresee sophisticated APT carried out using a combination of technical sophistication, excellent planning and coordination, and social engineering,” he said, adding that another major cyber threat next year was the increasing influence of social media.

“Social media can be exploited to propagate political and racial radicalism as well as religious extremism that could destabilise our national security and societal harmony which we have taken for granted all these years.”

BY Hariati Azizan The Star/Asia News Network

Common hack job used to attack Sony Pictures 

The entrance of Sony Pictures Studios in Culver City, California is seen December 16, 2014. "Guardians of Peace" hackers invoked the 9/11 attacks in their most chilling threat yet against Sony Pictures, warning the Hollywood studio not to release a film which has angered North Korea. - AFP

PETALING JAYA: The hack on Sony Pictures Entertainment might have been one of the most incredible cyber attacks ever, but it was carried out in one of the most common modus operandi of cyber crime.

As reported on Friday, US investigators had evidence that hackers stole “the keys to the entire building” of Sony Pictures by getting the password of a top-level information technology employee in the entertainment company.

Security experts in Malaysia have warned that we are also vulnerable to similar attacks with low level of awareness of cyber threats and security measures.

Cyber criminals exploit “users’ ignorance”, along with the rise of social media and mobile devices, to mount attacks against them,” said CyberSecurity Malaysia CEO Dr Amirudin Abdul Wahab.

He said more cyber criminals were using a combination of technical sophistication and social engineering - a non-technical method of intrusion that relies heavily on human interaction – to trick people into breaking normal security procedures and giving up their personal data.

Nigel Tan, director of systems engineering for Symantec Malaysia, cautioned that user behaviour will continue to be big target points for cyber crime next year.

“Sometimes the weakest link is the person behind the keyboard. If they visit dodgy websites, click on unknown links in fake emails and download apps or malicious software, cyber criminals will take advantage of this to siphon off information like passwords for online banking or e-mails.”

Tan said as most people still tend to use the same password for all their online transactions, services and websites, a stolen password can give the thief access to the victim’s whole life.

“And once they access your email, they can reset all your passwords and take over your identity,” he said.

Imam Hoque, managing director (Fraud and Security Solutions) with business analytics software firm SAS said the growing number of online services has created a goldmine for cyber criminals.

“If you think about how many different services you interact with over web and mobile channels, the numbers are forever growing.

“You need to consider what a hacker would need to know to compromise your accounts and then what damage they could do,” he said, stressing that hackers tend to go for the weakest link and then work their way from there.

Tan highlighted the case of a group of hackers in August who claimed to have stolen 1.2 billion usernames and passwords belonging to more than 500 million e-mail addresses in a hack described as the “largest data breach known to date”.

“They did it by targeting every site their victims visited, instead of focusing on one large company,” he said.

Cyber law expert Dr Sonny Zulhuda said cyber criminals tended to exploit people’s greed to attack them.

“While it is important to equip ourselves with some technical knowledge about the risks and threats to security, we also need to use our common sense when facing possible threats.

“One thing we need to understand with technology is the law of economy – why would people provide you mobile apps for free? Or any online service for that matter, for free?”

“How do they make profit if not from the access to users’ information that they acquire when you install such a free app? If one is keeping this in his mind, then he will be more mindful and careful in using the mobile devices.”

Dr Amirudin warned local computer experts not to be seduced by the seemingly easy but lucrative reward of cyber crime.

“Cyber crime is preferred by criminals due to its profitability, convenience and low risk, and their ‘success’ has boosted the global underground economy. It has even become a money-making profession for some computer experts.

“If this trend affects Malaysians, our own experts could be recruited to join the lucrative international underground economy, while our general public become their potential victims.”

Related posts:

Anonymous hackers has begun the cyber war on Singapore
Anonymous hackers has begun the cyber war on Singapore. Singapore's internet and phone regulator said it was investigating the hack. Anonymous hackers have declared war on Singapore with a pledge to hit at official ...
A woman browses the Internet at a cyber cafe in Kuala Lumpur. (File photo)
Malaysia Websites hacked but not whacked after threatened; time to build secured websites
PETALING JAYA: Local websites have been hacked ahead of the deadline set by a foreign-based hacker group, Anonymous, that said it would attack the Malaysian Government portal at 3.30am today. On the micro-blogging ...

NSA secretly hacks, intercepts Google, Yahoo daily

No comments: