WannaCry and Petya seem to have spurred other incidents as the world becomes witness to some epic heist and targeted attacks in the web world
By LYDIA NATHAN / Pic By BERNAMA
Cyber security has been an ever-advancing problem in the world today, especially when cyber space itself keeps growing and changing at such a fast pace.
These days, it is much tougher to formulate a complete resolution to any cyber-security issue.
The 2017’s calamitous WannaCry and Petya ransomwares were among the worst mishaps within the realm and things are not getting any easier for those in the cyber-security business.
WannaCry and Petya seem to have spurred other incidents as the world becomes witness to some epic heist and targeted attacks in the web world.
Some of the great breaches that most likely affected us here in Malaysia, included the infamous Facebook hack, which saw the giant networking company disclosing a data breach that caused attackers to gain access to 30 million user accounts by stealing “user authorisation tokens”.
The company later stated that vulnerabilities had been detected since July 2017, but suspicious activities began to surface in September 2018.
That was followed by data powered company Google LLC’s notification that 500,000 users data had been exposed for about three years via a bug.
In December 2018, Google also announced that an additional bug in a Google +API had exposed user data from 52.5 million accounts. Although the company said there was not any evidence of exploited data, it still caused a great amount of concern.
LGMS Services Sdn Bhd CEO Fong Choong Fook told The Malaysian Reserve that such attacks are unlikely to slow down or come to a halt in 2019.
According to Fong, concerns in the cyber security world has taken on some likeness of what is going on abroad and formed a trend that the public can watch out for.
“Malware, particularly ransomware, has evolved to be stealthier than ever. There are many ‘fileless’ malware emerging which makes it lethal and difficult to detect because it does not appear as an actual file,” he said.
Fong added that even antivirus programmes and malware scanners are not able to stop the attacks from spreading and causing havoc on computers, servers or an entire networks.
“Computer users are advised to always keep their computer updated with the latest patches. Never download suspicious software, and follow all best practices against phishing,” Fong said.
He said there is a growing need for cyber threat intelligence service today, adding that the “good guys need to catch up with bad ones” out there.
“The only way to know your enemy is to learn from them. The intelligence service will be able to fill the gaps where needed, so enterprises could consider subscribing to threat intelligence that relates to their industry,” he said.
However, Fong said this would be an emerging market which enterprises are advised to access and perform in-depth due diligence against threat intelligence before committing to any proposals.
He said the growing maturity of the 5G (fifth-generation) technology will also force enterprises to rethink their strategies for the coming years.
The road to 5G has been uncertain because of the changes needed for its infrastructure, but Fong said by early 2019, some experimental 5G networks will be established in several markets around the world.
“For example, American multinational conglomerate AT&T Inc is partnering Samsung Electronics Co Ltd to offer 5G services to users in the US already.
“It is very likely most telecommunications companies around the world will follow suit and embark on an initial 5G deployment,” Fong said.
He added that despite the conflict on 5G network between China and the US, Chinese manufacturer Huawei noted it would continue to thrive and play a dominant role in the 5G market as the infrastructure and application supplier.
The competition between the two nations reached a peak in August 2018 when the Trump administration signed a bill banning the use of Huawei Co Ltd and ZTE Corp’s technologies as part of the broader Defence Authorisation Act, thus labelling both Chinese firms as national security threats.
The concern was the prevailing global sentiment of possible Chinese cyber-espionage through the techno- logy it exports.
Meanwhile, closer to home, Fong said people should be cautious of imitation websites as they appear identical to the original domains.
“Take, for example, a flight booking website will have stored all your personal information, including passport numbers.
“Worse still if the site accepts payments for flights via credit cards. People should watch out for what they type out — like typing airasia.com. Looks can be very deceiving, as it will look the same,” he said.
Fong added that sometimes the purpose of the bad guys is not to phish for sensitive information but instead, to push certain things to the end user.
“For example, an imitation Microsoft Corp’s website may require you to do all the same things as the original site would, but towards the end, it may ask you to install an anti-virus and that could lead to a deployment of malware,” he said.
Fong said the rule of thumb is for users to be cautious and aware, always looking out for anything that may seem dubious or suspicious.
“Don’t click on random links or things that appear on your email, don’t install things you do not know and just all around be alert,” he said.