Employees working from home are more exposed to cyberspace attacks due to unsecured and unregulated platforms

by RAHIMI YUNUS / pic by BLOOMBERG

HACKERS have launched a wave of cyberspace attacks to exploit Malaysians who are working from home as the Covid-19 pandemic has forced more people to use unsecured and unregulated platforms, said security firms.

Kaspersky GM for SouthEast Asia Yeo Siang Tiong said the company has blocked 269,533 phishing attempts against small and medium businesses in Malaysia during the first six months of 2020, 56% higher compared to 172,906 phishing attempts recorded in the same period last year.

In South-East Asia, he said the company’s anti-phishing software applications prevented 1.6 million phishing attempts against companies with 50-250 employees, a 39% increase compared to a year ago.

“It is clear to us that cybercriminals are piggybacking on the current pandemic situation and using social-engineering tactics like phishing to victimise vulnerable individuals, which put even enterprises at risk given the remote work set-up,” Yeo told The Malaysian Reserve (TMR).

He said cybercriminals are banking on the Covid-19 situation via different tactics including phishing, malware and ransomware. With the rise of video conferencing in the new normal, he said cybercriminals can exploit and infiltrate through different entries, such as insecure WiFi, network without encryption, use of weak passwords, poor or neglected app permissions, among others.

Yeo said it is particularly important at this time to pay attention to the source and validity of information before sharing or acting upon it.

“We have already seen incidences of incorrect health advice about anti-inflammatory drugs circulating through various media including WhatsApp and social networks and through valid online news sites, which have only added to the panic and chaos.”

Microsoft Malaysia national technology officer Dr Dzaharudin Mansor said Covid-19-themed threats are mostly rethreading existing attacks, but slightly altered to tie in to the pandemic, according to Microsoft’s data.

“In practice, this would involve attackers shifting their existing attack mechanisms such as ransomware, phishing and other malware delivery tools to now include Covid-19 keywords. This move capitalises on peoples’ fears and users who click on this link are vulnerable to identity and money theft,” Dzaharudin told TMR.

He said it is estimated that 91% of cyberattacks start with an email, which either leads to malicious links directly or contains dangerous attachments, and more employees working remotely are exposed to such threats.

Bernama recently reported that a total of 7,765 incidents were reported to CyberSecurity Malaysia in the eight months of this year, with fraud topping the list at 5,697 cases and April as the worst month.

CyberSecurity Malaysia CEO Datuk Dr Amirudin Abdul Wahab reportedly said the country’s cybersecurity specialist agency foresees the number of cases to rise to between 11,000 and 12,000, exceeding last year’s record of 10,772.

Besides fraud, Amirudin said incidences of intrusion, also known as hacking, ranked second during the period with 933 cases, followed by cyber harassment (409) and malicious codes (351).

Cybersecurity experts advise corporates and consumers to always update devices with the latest security updates and provide a virtual private network to staff and restrict the access rights of people connecting to the corporate network, among other measures.

Congress of Union of Employees in the Public and Civil Services (Cuepacs) president Adnan Mat said fraud cases involving civil servants are on the rise of late, which resulted in millions of ringgit in losses.

Adnan said fraud cases such as Macau scams, fake calls, housing loans or investments have long been carried out by syndicates targeting civil servants, as well as retirees.

He added that Cuepacs is hoping the Public Service Department, through its training division, to improve training modules for civil servants not only in the aspects of financial management, career development and service quality, but also to include matters related to the modus operandi of fraud and fake investment syndicates.≠