In 2018, Singapore faced its biggest cyber breach to date – the SingHealth data breach, which triggered alarms of precaution in both organizations and consumers alike. As the spotlight continues to be shed on Singapore with its overall progression as a Smart Nation, its cybersecurity risks also increase. Countering these risks can only be done by staying ahead of the game as the threat landscape has and will undoubtedly continue to evolve. As the year comes to an end, let’s delve into some of the cybersecurity trends to look out for in this region in 2019.
Cybercriminals are making the journey with internet users as they move from desktop and laptop computers to mobile and Internet of Things (IoT) platforms. 2018 saw a short but taxing rise in malicious cryptominers and we should expect to see more of this in the year to come. A cryptominer – masking as an innocent-looking app – on one’s phone could strain the device’s processor under the load. It is the act of cryptojacking, where cryptominers transfer the costs of mining (performance, and wear and tear) to the victims and reap the benefits from their victims at no benefit to anyone but the cryptojacker. The Cybersecurity Agency of Singapore recognizes an upward trend in crypto mining and is keeping an eye on this new threat including issuing alerts cautioning individuals and businesses on the increase of malicious malware.
Mobile cybercriminals also tend to take the route of advertising clickfraud, embedded through yet another innocuous app that simulates users clicking ads to generate revenue. According to a recent The State of Mobile Fraud 2018 report by Apps Flyer, Singapore has been found to be the hardest hit in the Asia Pacific area, with app install fraud rates hitting 27 percent. Though clickfraud was long-established on desktop computers, it is a growing problem in the mobile space due to the number of apps and devices that makes it an inviting target.
This year, SophosLabs uncovered an app supplied as part of the stock firmware image of a small phone maker that had been ‘Trojanized’ in the supply chain, before anyone purchased the device. The app, Sound Recorder, had been altered to discreetly intercept and send SMS text messages. Identifying and ultimately removing such a malicious app is almost impossible until the producer of the device is aware of the compromise.
Singapore, being a global hub for finance and technology in Asia, has become an attractive target for cybercriminals. One-third of Singapore’s SMEs have experienced a ransomware attack in the past year. Cybercriminals have gone back to old-school manual hacking methods to boost the efficiency of targeted extortion. Asia has seen its fair share of ransomware attacks, and well-known ones like WannaCry and CryptoLocker have the tendency to be opportunistic by sending out boobytrapped attachments sent to a large number of potential victims via email.
2018, however, has seen the advancement of hand-delivered, targeted ransomware attacks that are different from the mass email dissemination method. What this attack methodology means is that even though fewer attacks may take place, the results will be far more devastating, and the cybercriminal could demand a higher ransom. Subsequent malware also has the potential to evolve to become more destructive and effective.
This attack style, where these criminals manually maneuver through a network step-by-step, is now increasing in popularity and the financial success of malware like SamSam is bound to inspire copycats striking in 2019.
The downside to this trend is that these forms of manual attacks are more challenging to prevent using conventional methods, but this also means that there are far less competent hackers who are capable of conducting them.
Admin Tools Targeted
Cyberterrorists are successfully avoiding detection on Windows computers by abusing legitimate admin tools commonly found on the operating system. This pivotal finding traces how this technique has become a common feature in an increasing number of cyberattacks.
Known as ‘living off the Land’ as it avoids the need to download dedicated tools, cybercriminals have stopped emailing malware to victims via actual malicious executable programs but instead switched to using a series of interlinked, nonexecutable scripts, exploitable Microsoft Office document vulnerabilities, and Office document macros that make detection a puzzle. Experts have noted the challenge in separating the normal operations of a computer from the irregular behavior of a machine in the midst of a malware infection. As it comes with a wide range of file types that include several “plain text” scripts chained in no particular order.
Attackers are showing no signs of giving up on new variations of Microsoft Office macro attacks. Recently, protections such as disabling macros inside documents or using preview mode have blunted this technique. Unfortunately, attackers have developed methods to persuade users to disable these using macro builder tools that package Office, Flash and other exploits that cause social engineering prompts. The trend now is to use more exotic filetypes to launch attacks, as commonly used file types are now blocked or monitored by endpoint security.
To stay safe and ensure protection from these trends, it is important to plan ahead and try to remain one step ahead of cybercriminals. Having a comprehensive response plan ahead of the incident is key and allows organizations to be more prepared for unpredicted risks. As Singapore moves toward its Smart Nation vision and takes on digitalization, we should expect a rise in cyberattacks. All businesses and organizations should be prepared to do their due diligence and not take cybersecurity for granted.
Sumit Bansal, managing director, ASEAN and Korea, Sophos authored this article.
The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends.