Existing vulnerabilities main cause of cyber attacks, says Trend Micro


Trend Micro Inc, a cyber security solutions provider, has predicted that cyber attacks will continue to plague businesses this year with major breaches looming to compromise existing vulnerabilities similar to what had happened in 2017.

With the number of Internet users in Malaysia set to reach 23.4 million by 2020, the company said it will be essential to learn and apply “best online practices” to reduce the risk of getting cyber security threats.

“We at Trend Micro are constantly scouting out future threats that will have the greatest impact for businesses, while we predict which vulnerabilities will make the biggest waves in the coming year,” Trend Micro Malaysia MD Goh Chee Hoh (picture) said in a statement last week.

“And as corporate ‘attack surfaces’ (points within an infrastructure where an attacker could attempt to access internal networks from the outside) expand and more entry points are exposed, patch management and employee education should be prioritised for all executives to protect an organisation’s most critical data,” he said.

Goh added that many devastating cyber attacks last year had leveraged on known vulnerabilities that could have been prevented.

“This trend will continue in 2018 as we see more local enterprises expanding their network connectivity, while potentially increasing their exposure to vulnerabilities.

“Despite this remaining a challenge, business leaders must prioritise vulnerability management and be aware of the potential points of entry (both internally and externally),” he said.

Trend Micro has looked into the current and emerging threat landscape, and has recommended the appropriate security to approach for it.

Based on their report, “Paradigm Shifts: Trend Micro Security Prediction for 2018”, it stated that the ransomware business model will still be a cyber crime mainstay in 2018, while other forms of digital extortion will continue to gain more ground.

At the same time, the report concluded that global losses from business email compromise (BEC) scams will exceed RM34.9 billion in 2018.

“The growing awareness around BEC and the tactics used will contribute to the hike in projected losses worldwide.

“BEC can be deflected if information technology personnel stay on top of the things and apply security updates in a timely manner,” it reported, adding that employee training and strict internal processes need to be implemented.

Meanwhile, the report added that cyber criminals will explore new ways to abuse Internet of Things (IoT) devices for their own gain.

According to the National IoT Strategic Roadmap by the Ministry of Science, Technology and Innovation, the IoT’s economic potential is expected to reach RM9.5 billion in billion in gross national income creation by 2020.

“This means that corporations and individuals will see new security challenges from the increased adoption of these new technologies,” the report stated.

Last May, several businesses and academic institutions were victims of the WannaCry ransomware attack, a virus which encrypts data on infected computers where it then asks users to pay a ransom in order to receive a code to encrypt the data.

The ransomware had created worldwide chaos for individuals, businesses and public bodies. The WannaCry ransomware had hit over 200,000 systems from some 150 countries, with hackers charging US$300 (RM1,295) for their files to be decrypted.

Following the attack, Malaysia also faced a highly coordinated Distributed Denial of Service attack, resulting in what was described as the biggest data leak in October 2017.

CyberSecurity Malaysia CEO Datuk Dr Amirudin Abdul Wahab had advised Malaysians to equip themselves with cyber security knowledge in the wake of these attacks.