Sumit Bansal, Managing Director, ASEAN and Korea, Sophos
In 2018, Singapore faced its biggest cyber breach to date—the SingHealth data breach, which triggered alarms of precaution in both organisations and consumers alike. As the spotlight continues to be shed on Singapore with its overall progression as a Smart Nation, its cyber security risks also increase. Countering these risks can only be done by staying ahead of the game as the threat landscape has and will undoubtedly continue to evolve. As the year comes to an end, let’s delve into some of the cybersecurity trends to look out for in this region in 2019.
Mobile malware is a growing and persistent threat
Cybercriminals are making the journey with internet users as they move from desktop and laptop computers to mobile and Internet of Things (IoT) platforms. 2018 saw a short but taxing rise in malicious cryptominers and we should expect to see more of this in the year to come. A cryptominer– masking as an innocent-looking app—on one’s phone could strain the device’s processor under the load. It is the act of cryptojacking, where cryptominers transfer the costs of mining (performance, and wear and tear) to the victims and reap the benefits off their victims at no benefit to anyone but the cryptojacker. The Cybersecurity Agency of Singapore recognizes an upward trend in crypto mining and is keeping an eye on this new threat including issuing alerts cautioning individuals and businesses on the increase of malicious malware.
Mobile cybercriminals also tend to take the route of advertising clickfraud, embedded through yet another innocuous app that simulate users clicking ads to generate revenue. According to a recent The State of Mobile Fraud 2018 report by Apps Flyer, Singapore has been found to be the hardest hit in the Asia Pacific area, with app install fraud rates hitting 27 per cent. Though clickfraud was long-established on desktop computers, it is a growing problem in the mobile space due to the number of apps and devices that makes it an inviting target.
This year, SophosLabs uncovered an app supplied as part of the stock firmware image of a small phone maker that had been ‘Trojanised’ in the supply chain, before anyone purchased the device. The app, Sound Recorder, had been altered to discreetly intercept and send SMS text messages. Identifying and ultimately removing such a malicious app is almost impossible until the producer of the device is aware of the compromise.
To Stay Safe And Ensure Protection From These Trends, It Is Important To Plan Ahead And Try To Remain One Step Ahead Of Cybercriminals
Hand-crafted, targeted attacks are on the rise
Singapore, being a global hub for finance and technology in Asia, has become an attractive target for cybercriminals. One-third of Singapore’s SME’s have experienced a ransomware attack in the past year. Cybercriminals have gone back to old-school manual hacking methods to boost the efficiency of targeted extortion. Asia has seen its fair share of ransomware attacks, and well-known ones like WannaCry and CryptoLocker have the tendency to be opportunistic by sending out boobytrapped attachments sent to a large number of potential victims via email.
2018, however, has seen the advancement of hand-delivered, targeted ransomware attacks that are different from the mass email dissemination method. What this attack methodology means is that even though fewer attacks may take place, the results will be far more devastating, and the cybercriminal could demand a higher ransom. Subsequent malware also has the potential to evolve to become more destructive and effective.
This attack style, where these criminals manually maneuver through a network step-by-step, is now increasing in popularity and the financial success of malwares like SamSam is bound to inspire copycats striking in 2019.
The downside to this trend is that these forms of manual attacks are more challenging to prevent using conventional methods, but this also means that there are far less competent hackers who are capable of conducting them.
Cybercriminals are turning to what’s already available for their cybercrime sprees
Cyberterrorists are successfully avoiding detection on Windows computers by abusing legitimate admin tools commonly found on the operating system. This pivotal finding traces how this technique has become a common feature in an increasing number of cyberattacks.
Known as ‘living off the Land’ as it avoids the need to download dedicated tools, cybercriminals have stopped emailing malware to victims via actual malicious executable programmes, but instead switched to using a series of interlinked, non-executable scripts, exploitable Microsoft Office document vulnerabilities, and Office document macros that makes detection a puzzle. Experts have noted the challenge in separating the normal operations of a computer from the irregular behaviour of a machine in the midst of a malware infection. As it comes with a wide range of file types that include several “plain text” scripts chained in no particular order.
Attackers are showing no signs of giving up on new variations of Microsoft Office macro attacks. Recently, protections such as disabling macros inside documents or using preview mode have blunted this technique. Unfortunately, attackers have developed methods to persuade users to disable these using macro builder tools that package Office, Flash and other exploits that cause social engineering prompts. The trend now is to use more exotic filetypes to launch attacks, as commonly used filetypes are now blocked or monitored by endpoint security.
To stay safe and ensure protection from these trends, it is important to plan ahead and try to remain one step ahead of cybercriminals. Having a comprehensive response plan ahead of the incident is key and allows organisations to be more prepared for unpredicted risks. As Singapore moves towards its Smart Nation vision and takes on digitalisation, we should expect a rise in cyberattacks. All businesses and organisations should be prepared to do their due diligence and not take cyber security for granted.