APAC cyber security landscape to be more tumultuous in 2019
Amid growing cyber threats, the Asia-Pacific cyber security landscape will not get any rosier in 2019 unless organisations start shoring up their cyber hygiene
As 2019 approaches, the security landscape will get more tumultuous, going by the predictions of cyber security experts, many of whom expect Asia-Pacific organisations to continue facing tough security challenges arising from the shortage of security talent, new cloud vulnerabilities and the proliferation of surreptitious malware that stays under the radar, among other developments.
William Tam, director of sales engineering at Forcepoint Asia-Pacific, noted that with companies in Southeast Asia facing a shortage of manpower to deal with the barrage of cyber threats, there is a misconception that artificial intelligence (AI) can fill the void – but that will not happen any time soon.
While AI is about reproducing cognition, Tam said today’s cyber security offerings utilise machine learning, requiring humans to upload new training datasets and expert knowledge. “This still requires intensive and high-quality inputs from cyber security professionals, proving that organisations cannot rely heavily on AI technology alone to protect their critical data,” he said.
In the case of industrial IoT, attackers will target the underlying cloud infrastructure as millions of devices are connecting to the cloud for updates and maintenance, said Tam. “The access to these multi-tenanted and multi-customer environments will help attackers launch widespread attacks and bring much bigger rewards,” he added.
Although consumers in Asia have not been punishing organisations affected by cyber security breaches, Tam expects things to change as people become more aware of the impact of those breaches.
“An organisation’s cyber security culture will drastically impact its ability to foster customer loyalty or business relationships,” he said. “Organisations need to ensure that good cyber security hygiene is maintained at all times to remain competitive, and is as visible as any top industry accreditations or certifications, since breaches and poor cyber practices can no longer be hidden.”
We expect that attackers will continue to focus on network-based enterprise attacks in 2019, as they provide unique visibility into a victim’s operations and infrastructure.
Sherif El-Nabawi, Symantec
Nilesh Jain, vice-president for Southeast Asia and India at Trend Micro, said that with the public cloud market predicted to grow by 17.3% globally in 2019, at least two breaches will be a direct result of misconfiguration during cloud migration.
This is largely because each cloud migration is unique in terms of scope and pacing, and best migration practices need to be tweaked to suit a company’s specific needs.
Also, with the rise of DevSecOps and use of containers, more security loopholes will be discovered in the cloud, said Jain. Today, up to one-third of containers are laden with vulnerabilities, and developers that pull these infected containers run the risk of introducing vulnerabilities into their software or systems.
“Currently, there is already some container vulnerability-scanning technology on the market,” he said. “We should see an increase in awareness and adoption in this arena in the coming year.”
Malware stays under the radar
In 2019, there will be more attacks using malware that has been designed to avoid detection and maintain persistence, said Jeff Hurmuses, area vice-president and managing director at Malwarebytes Asia-Pacific.
“Malware that’s difficult to remediate, also known as ‘under the radar malware’, is growing in sophistication and frequency – a cause of concern for business today and in the future,” said Hurmuses. “It has already been increasing this year, with the Philippines being one of the most targeted countries in the region.”
In 2019, new high-profile breaches will push the security industry to finally solve the username and password problem, said Hurmuses.
He said the ineffective username/password conundrum has been a big concern in Asia-Pacific, particularly in Singapore, where weak numeric password systems have contributed to three of the biggest data breaches, including the SingHealth attack.
“There are many solutions out there – asymmetric cryptography, biometrics and blockchain – but so far the security industry has not been able to settle on a standard to fix the problem,” he added. “In 2019, we will see a more concerted effort to replace the password solution altogether.”
Supply chain attacks to grow
An increasingly common target of attackers is the software supply chain, with attackers implanting malware into otherwise legitimate software packages at its usual distribution location, according to Sherif El-Nabawi, vice-president for sales engineering and service provider sales at Symantec Asia-Pacific and Japan.
In a typical scenario, the attacker will replace a legitimate software update with a malicious version in order to distribute it quickly and surreptitiously to intended targets. Any user receiving the software update will automatically have their computer infected, giving the attacker a foothold in their environment.
“Such attacks are increasing in volume and sophistication, and we could see attempts to infect the hardware supply chain in the future,” said El-Nabawi. “For example, an attacker could compromise or alter a chip or add source code to the firmware of the UEFI [Unified Extensible Firmware Interface] before such components are shipped out to millions of computers.
“Such threats would be very difficult to remove, likely persisting even after an impacted computer is rebooted or the hard disk is reformatted.”
In 2019, we will see a more concerted effort to replace the password solution all together.
Jeff Hurmuses, Malwarebytes
“We can expect increasing attempts to gain access to home routers and other IoT hubs to capture some of the data passing through them,” said El-Nabawi. “Malware inserted into such a router could, for example, steal banking credentials, capture credit card numbers or display spoofed, malicious web pages to the user to compromise confidential information.”
On the enterprise side, there were numerous examples of data-in-transit compromises in 2018. The attack group Magecart stole credit card numbers and other sensitive consumer information on e-commerce sites by embedding malicious scripts either directly on targeted websites or by compromising third-party suppliers used by the site.
Such “formjacking” attacks have recently impacted the websites of numerous global companies. In another attack targeting enterprise data in transit, the VPNFilter malware also infected a range of routers and network-attached storage devices, allowing it to steal credentials, alter network traffic, decrypt data and serve as a launch point for other malicious activities inside targeted organisations.
“We expect that attackers will continue to focus on network-based enterprise attacks in 2019, as they provide unique visibility into a victim’s operations and infrastructure,” said El-Nabawi.
