According to a recent Internet Society survey, APAC’s biggest internet and technology concern in 2017 is cybersecurity, which was the #2 concern in the same survey last year. The majority of respondents feel uncomfortable disclosing bank and credit card details online! How can CISOs instill confidence with ecommerce, banking, and data management when there seems to be new malware incidents every day?
Microsoft published the global survey Security Intelligence Report (SIR), volume 22 which states emerging Asian countries are the most exposed to malware. According to the report, the countries most likely to encounter malware breaches are Bangladesh, Pakistan, Cambodia, and Indonesia; on the other hand, Japan, New Zealand, Australia, and Singapore were least likely to be affected and in fact are higher than the global average.
“Japan and China have been listed as the two countries with the lowest ransomware encounter rate. One of the few exceptions in the region is South Korea, which has had the second highest ransomware occurrences worldwide.” – Q1 2017 Security Intelligence Report
Microsoft’s report is based off information from the beginning of 2017 when WannaCry and Petya ransomware were exploiting vulnerabilities in enterprise operating systems.
WannaCry is out and Bad Rabbit is in.
What are some of the issues Asia and the South Pacific have been dealing with in regard to cybersecurity recently – everything from the Malaysia data breach to Wi-Fi issues in Singapore – and what can be done?
Malaysia Mobile Numbers Data Breach
ZDNet recently reported on a cybersecurity breach (dating back to 2014 and 2015) which includes 46.2 million mobile numbers, home addresses, and SIM card information. First discovered by Malaysian technology news website Lowyat.net, all major mobile carriers were affected. This type of attack could have been in the network for years and traditional defense tools would not necessarily detect or block this particular attack. The Telco industry regulator is the Malaysian Communications and Multimedia Commission which released a statement announcing a formal investigation on October 20, 2017.
“MCMC and PDRM are investigating reports that there is advertising to sell unauthorized users to sell unauthorized data. As a precautionary measure, the MCMC has requested the website administrator of lowyat.net to lower the sales ad. The admin of the website has given us the opportunity to drop advertising and related articles. MCMC urges all parties not to speculate until the authorities have completed the investigation.”
They have also developed a Data Verification Task Force with Telco enterprises, announced on September 21, 2017, to protect consumers by eliminating false registration, security, and data integrity issues.
What can be done?
With private data of all of Malayasia’s 32million people up for sale, the damage has already been done. This security breach could have laid dormant in the networking system for weeks, months, or even years. According to BBC, Malaysian law requires service providers are required to keep personal data secure so there will almost certainly be legal repercussions from the affected mobile operators and from the Malaysian Medical Council, Medical Association, Housing Load Applications, and more.
“Communications services cannot escape the security aspects, [service providers] must work together, and safety features are important to gain the trust of consumers,” said Dr. Mazlan Ismail, COO of MCMC.
Investing in a security incident response platform could reduce the implications of the data breach by responding and resolving security incidents faster across the network and IT infrastructure.
Read more on why CISOs and SOCs need a unified platform for security incident response in the white paper here.
Wi-Fi Security Flaws in Singapore (and Beyond)
Though a problem globally, the Singapore Computer Emergency Response team (SingCert) issued an alert on major security flaws of Wi-Fi devices. Wi-Fi Protected Access 2 (WPA2) has multiple vulnerability and may affect data confidentiality of user’s connectivity in homes and offices, including routers, smartphones, computers, and surveillance cameras. Singapore has more than 11million homes, offices, and public locations with Wi-Fi connections; the impact could be significant.
“These vulnerabilities may affect the data confidentiality of users’ Wi-Fi connectivity in homes and offices,” said SingCert, part of Singapore’s Cyber Security Agency (CSA), on October 17, 2017. “”The attacker can exploit the vulnerabilities to monitor, inject, and manipulate users’ network traffic.”
What can be done?
Since using a wired LAN for internet connection is not as easy as it sounds in our Internet of Things digital world, SingCert has a few recommendations:
- Patches are the key to response for this threat. Unplug any unpatched Wi-Fi device. Microsoft released a security update for their products in their October 10, 2017 Windows update.
- Ongoing, use encrypted web pages (https). Encrypted sites are less exposed to malware. Do not install software from unknown websites; especially false Flash updates (e.g. Bad Rabbit!)
- Use a Virtual Private Network (VPN) when sending confidential details to enhance security and unplug any unpatched Wi-Fi device
For more information on Cybersecurity in Singapore, read the Definitive Guide eBook here.
Bad Rabbit – the Latest Ransomware
Bad Rabbit, a new variant of Petya ransomware, is spreading laterally across exposed networks and starts with a fake Flash update on a compromised website. It’s been determined Bad Rabbit and Petya’s Dynamic Link Library (DLL) share 67% of the same code so the ransomware versions are closely related.
So far, this ransomware seems to be contained to Eastern Europe, in particular Russia, but could spread to other regions so stay alert – particularly on media websites. The system is infected by an individual installing the Malware dropper; education to internal employees to not install Flash – which includes giving login credentials for Windows machines – is going to be key to avoiding the ransom (and subsequent loss of data).
What can be done?
Resolve Systems believes to best protect your company, focus on protection and prepare for security incident response with automation and orchestration. If you’ve already been affected by Bad Rabbit, go straight into incident response:
- Block the execution of the file c: \ windows \ infpub.dat, C: \ Windows \ cscc.dat
- Isolate infected systems
- Block known, malicious IPs
- Review Flash player install files
Tim Brooks, Director and Information Security Officer at Resolve Systems, stated, “If there is indication of a breach, time to response is paramount. Resolve’s security incident response platform enables security teams to respond to ransomware like Bad Rabbit in a quick and structured manner. Automate hunting for Bad Rabbit Indicators of Compromise (IOCs) and expediently quarantine infected systems to prevent further compromise. Resolve has prebuilt automations and playbooks to recover compromised systems to avoid paying ransoms.”
For more information on Resolve’s playbooks, visit our WannaCry playbook here.
Security automation and orchestration can be the secret ingredient to an effective incident response program, but many teams overcomplicate it or feel overwhelmed by trying to automate every activity in the workflow.
When getting started with security automation and orchestration, think agile:
- Prioritize business drivers
- Identify key stakeholders and process owners
- Examine automation opportunities
- Define requirements with a workshop
- And more