BRI projects may pose risk to cyber threats

By LYDIA NATHAN / Pic By MUHD AMIN NAHARUL

US Security-research firm FireEye Inc has cautioned Malaysian organisations on the heightened risk of cyber threats amid the country’s political transitions and scrutiny of projects related to the Belt and Road Initiative (BRI) from China.

The initiative, to develop a land and maritime trade network that will project China’s influence across the greater region, is said to be an ambitious, multi-year project across Asia, Europe, the Middle East and Africa.

FireEye’s VP and Global Intelligence Operations head Sandra Joyce (picture) said the possibility of the multibillion-dollar Chinese-backed infrastructure projects being reviewed by the newly formed Malaysian government is likely to generate some uncertainty for parties interested in the outcome of these projects.

“It’s imperative for Malaysian organisations across the public and private sectors to take steps to strategically manage their risk, by understanding who’s likely to target them, why, how, and ensure they are able to quickly detect and respond to these attacks,” she said to reporters in Kuala Lumpur yesterday.

Prime Minister (PM) Tun Dr Mahathir Mohamad has said that he will continue to foster a good relationship with China and welcome investments from there, as long as they benefit Malaysia.

Two more projects, both backed by the Chinese government, were recently put on a back burner. These projects involve two gas pipelines and a rail project.

The suspension of the over RM80 billion projects is expected to feature predominantly in Dr Mahathir’s visit to Beijing.

Malaysia signed the deal for the 688km East Coast Rail Link (ECRL) and two gas pipelines in 2016 under the purview of the former PM.

According to Joyce, FireEye analysts within the firm reported patterns of targeted intrusions by China-based groups against organisations with links to the BRI in the Asean region already.

Joyce said the recent wide-spread compromise of the Cambodian political system by TEMP.Periscope was one good example, where the group maintained an extensive intrusion detection architecture and wide array of malicious tools which has been in line with typical Chinese-based efforts.

“We have been asked how we know it is Chinese-backed groups that are involved. There was evidence of three open index servers and an IP (Internet protocol) address that led us back to the country, as well as keyboard settings set to the Chinese language. We also documented the same infrastructure used by these groups in the past,” she added.

FireEye also said a Chinese-backed group called the Roaming Tigers had targeted Belarus, where an industrial park, named Great Stone is being built.

It is the largest foreign investment project in Belarus so far and is within the frame- work of the initiative.

FireEye Asia Pacific president Eric Hoh said security has been one of the largest issues companies face today, thus, there is a need for awareness and education.

“The time frame to detect a system being compromised has improved globally. In the past, it used to be 229 days. Today, it has gone down to 99 days. Unfortunately it is get- ting worse in Asia Pacific, it now takes 498 days to detect a compromised system compared to the 300 days before,” Hoh said.

According to Hoh, the data collected was derived from real-life incidents that took place around the world and 82% of Asian Pacific groups will either get attacked again or by multiple organisations at once.

“It is not just about the technology but also the intelligence that can be used to assess the risk in determining the best way to protect organisations. We have been working with governments across the globe,” Hoh said.

Joyce said it is vital to be safeguarded before any form of intrusion takes place.

“I would say any company that has a contract or policy, or some sort of related function to BRI should consider themselves at high risk of cyber security intrusions,” she said.