Online Info Blog: Three cybersecurity trends

Many Asian organizations are ill-equipped to defend their networks from cyber-attacks simply because they’ve grown complacent that attacks will not happen to them. There is a general assumption that because the organization has not experienced a breach, they are either doing the right thing, or are not a target (and therefore would continue not to be), or both. As cyber-security continues to evolve and shift, awareness has to come from within an organization, so that cyber-security is acknowledged and prioritised by employees at all levels (including those not just in IT); this will enable enterprises to truly protect themselves.

Insider threats

It’s best to assume that anyone and everything is an insider and, therefore, a potential insider threat. In the same way, everyone can also be a potential victim. This state of vigilance would serve modern enterprises far better than broken cyber-defense models centered on “keeping bad stuff out.”

Ransomware

The Singapore Computer Emergency Response Team noted a noticeable rise in ransomware infections in both Singapore and overseas. Ransomware is a type of malware that holds a victim's files, computer system or mobile device "hostage", restricting access until a ransom is paid. It spreads via malicious email attachments, infected programmes and compromised websites. Ransomware relies on the end-user paying a fee to retrieve their data or system access, and this ransom demand can range from hundreds to tens of thousands of dollars.

Ignoring Privacy settings

With the rise of social media and internet usage for personal and professional reasons, users seemingly sprint their way throughout the online universe without thinking about privacy settings. Individuals share much of their personal and sensitive information on their social media, and because of the easy accessibility to these personal information, attackers are able to take advantage of these information for malicious purposes.

Online Info Blog: Millions of Net Users Possibly Exposed

“Without requiring any user interaction, the initial script reports information about the victim’s machine to the attacker’s remote server. Based on server-side logic, the target is then served either a clean image or its almost imperceptibly modified malicious evil twin.

“Using the known Internet Explorer vulnerability CVE-2016-0162, the encoded script attempts to verify that it is not being run in a monitored environment such as a malware analyst’s machine,” and if the script does not detect any signs of monitoring, it redirects to the Stegano exploit kit’s landing page.

Upon successful exploitation, the executed shell code collects information on installed security products and performs – as paranoid as the cyber-criminals behind this attack – yet another check to verify that it is not being monitored. If results are favorable, it will attempt to download the encrypted payload from the same server again, disguised as a gif image.

Online Info Blog: Investment creates opportunity

“Japanese companies and national institutions are constantly under cyber attack, but the public awareness in Japan as to the need for cybersecurity is low compared to Israel or the United States. But now, we’ve partnered with SoftBank to establish Cybereason Japan Corp to help defend Japan,” Lotem Guy, a security research group manager at Cybereason who will be moving his family to Japan in the coming days, told The Jerusalem Post.

Tel Aviv-based Cybereason is a company that locates, isolates and responds to cyber attacks in real-time. Their platform – which relies on the company’s tech and human wealth – can find a single component of an attack and connect it to other pieces of information gathered by Cybereason, in order to reveal an entire campaign and shut it down.

“Our product specializes in identifying attacks on large organizations. Our team sits inside an organization and gathers and analyzes data from inside their computers, servers and workstations. That data is then sent to our central server, which runs on our software and studies the organization’s behavior, breaking it down into separate units. Then we can identify anything that is out of the ordinary and characterizes a cyber attack, isolate it and respond to it without disrupting the organization’s work routine,” Guy explained.