Adopt threat hunting to prevent cyber menace

Local companies need to shift from just prevention to threat hunting, says cyber security expert


Traditional monitoring for malware and responding to cyber attacks are no longer sufficient to combat the threat of cyber criminals who are advancing faster than available know-how.

Cyber security experts said local companies need to shift from just prevention to threat hunting, proactively scanning the networks for possible security lacks and and isolate any possible external threats.

SANS Institute, the largest source for information security training and security certification in the world, defines threat hunting as a focused and iterative approach to searching out, identifying and understanding adversaries internal to the defender’s networks.

Cyber security specialist LGMS Services Sdn Bhd CEO Fong Choong Fook (picture) said the lack of cyber threat hunting shows us how the cyber security ecosystem in Malaysia still lags behind other advanced countries.

He said for example, most financial institutions subscribe to threat intelligence that notifies them of any potential threats that may be affecting the financial industry worldwide.

“Threat hunting is an entirely different proactive approach. Most banks in Malaysia today depend on threat intelligence,” Fong said to The Malaysian Reserve (TMR).

Last month, Bank Negara Malaysia announced it thwarted an attempt of unauthorised fund transfers using falsified Society for Worldwide Interbank Financial Telecommunication (SWIFT) messages.

The central said the cyber heists were stopped following a prompt action in strong collaboration with SWIFT, other central banks and financial institutions.

The regulator of the country’s financial system said no financial loss occured due to the incident.

The Philippines’ financial regulator also increased its supervision following the event in Malaysia, according to the news reports.

Fong drew the recent cyber heist incident to the US$81 million (RM313.5 million) Bangladesh Bank heist case in 2016.

Unknown hackers, which were linked to a group named Lazarus, used the SWIFT credentials of Bangladesh Central Bank employees to send more than three dozen fraudulent money transfer requests to the US Federal Reserve Bank of New York, asking for Bangladesh Bank’s fund transfer to bank accounts in the Philippines, Sri Lanka and other parts of Asia.

The heist dented the integrity of the SWIFT network which global banks use to conduct transactions indefinitely.

Fong said there are cyber security companies that are selling products, but also claim to be security consultants.

He said this could lead to companies to receive biased security advice. Fong said these companies commonly provide firewall solutions, anti-virus, end-point protection system, intrusion prevention system, network equipment, switches and routers.

“We need someone neutral, such as audit firms or cyber security service providers, to audit and assess,” he said, adding that the flawed practices were due to the lack of regulations in the cyber security industry.

“Unlike advanced countries like the US and Europe where there is a clearer definition on who can provide services as well as sell products, in Malaysia, we want to sell everything,” he said.

TMR had reported that Malaysia needs a comprehensive national policy on cyber defence on data security reporting covering all government agencies as cyber security standards currently vary from one agency to another.