grandeduc - Fotolia

Top cyber security predictions in APAC in 2018

Cyber criminals will ramp up efforts to mine cryptocurrencies, while mobile malware will rear its ugly head across the APAC region in 2018

2017 was a watershed year in cyber security in the Asia-Pacific (APAC) region. Major organisations – from Singapore’s leading universities and Ministry of Defence to Australia’s national broadcaster and Malaysia’s telecoms operators – had fallen prey to cyber attacks, with personal data stolen in some cases.

While the affected organisations shore up their defences and recover from the attacks, those that were relatively unscathed should not rest on their laurels.

After all, in cyber space, where threat actors know no boundaries, any organisation is susceptible to attacks by resourceful hackers who are becoming more ambitious by the day. We take a look at the top cyber security trends that are likely to dominate the threat landscape in 2018.

AI cyber attacks

The same artificial intelligence (AI) and machine learning (ML) capabilities available to organisations to automate workflows, improve processes and detect cyber threats are equally accessible to cyber criminals.

In 2018, AI and ML will be used by cyber criminals to conduct attacks, according to Sherif El Nabawi, senior director of system engineering at Symantec Asia-Pacific.

“It is the first year where we will see AI versus AI in a cyber security context. Cyber criminals will use AI to attack and explore victims’ networks, which is typically the most labour-intensive part of compromise after an incursion,” he said.

Meanwhile, enterprises are not standing still. In 2018, those at the forefront of using AI for cyber defence will take the next significant step, according to Sanjay Aurora, managing director at Darktrace Asia-Pacific.

“We will see the accelerated adoption of proven autonomous response technology, which is uniquely capable of taking precise, targeted action to neutralise novel cyber attacks as they emerge,” he said.

Fileless malware attacks intensify

For decades, enterprises and consumers alike have been relying on antivirus software to fend off pesky hackers who use malware to wreak havoc on corporate and personal computing devices. The problem is, for traditional antivirus software to work, it needs to know the malware that it is guarding against.

As such, it is rarely successful in detecting unknown and so-called fileless malware that remains in the memory of computers without leaving a footprint on the hard drive to escape detection. Ditto for malware-free attacks that make use of scripting tools like PowerShell to access and control victim computers.

Symantec’s El Nabawi said like the early days of ransomware, where early success by a few cyber criminals triggered a gold-rush like mentality, more cyber criminals are now rushing to use fileless malware against their victims.

“Although fileless malware will still be outnumbered by orders-of-magnitude as traditional style malware, they will pose a significant threat and lead to an explosion in 2018,” he said.

Gold rush for cryptocurrencies

With the price of bitcoin surging, it is hardly surprising that cryptocurrency mining activity by cyber criminals looking to make a quick buck has ramped up in recent months.

But instead of building their own mining machines and incurring high electricity costs to mine cryptocurrencies like legitimate users would, cyber criminals would try to compromise legitimate websites and devices of unsuspecting internet users to do so.

In one day alone this year, Malwarebytes blocked 11 million connections to cryptocurrency mining sites.

Across the APAC region, emerging markets such as the Philippines, Thailand and Indonesia were the top targets for cryptocurrency mining activity, according to Malwarebytes’ telemetry data from October 2017.

While none of the APAC countries topped the list of drive-by mining activity globally, Malwarebytes expects far more activity in the region in 2018 as the value of cryptocurrencies continues to grow.

Better cyber security posture

Malwarebytes said the ASEAN region will likely see a more concerted effort by local governments to shore up cyber security capabilities for both the public and private sectors.

With Singapore having recently announced plans to table a new cyber security bill, other regional nations are likely to follow suit, it added.

“Malaysia has also recently announced plans to augment its cyber security talent pool, while Indonesia launched a national cyber agency recently. We anticipate that by the end of 2018, overall levels of cyber security in the region will improve through government-led collaboration in the region.”

Mobile malware on the rise

With the rising mobile penetration rates and weak cyber regulations in developing markets in the region, smartphones are becoming more attractive to hackers as opposed to PCs.

Malwarebytes said countries such as the Philippines, Malaysia and Indonesia are already seeing widespread usage of mobile banking and social media through smartphones.

The problem is exacerbated by the lack of regulation over third-party app stores selling malicious apps, as well as the use of counterfeit software that may come with malware.

“Outdated prevention security, use of pirated software, lack of remediation or response and poor cyber hygiene will continue to contribute to increasing levels of mobile malware in the region, Malwarebytes said.

Blockchain gains maturity

Interconnected supply chains and industry ecosystems will continue to drive blockchain maturity for trust and verification, according to Håkan Eriksson, Telstra’s chief technology officer, who noted that the decentralised nature of blockchain makes it inherently less vulnerable to attacks.

“To alter any individual entry, hackers would need to compromise 51% of that entry’s copies, providing tremendous security. These features – the multiple verifications, the lack of a single server to attack – make blockchain ideal for use in enterprise security tools,” he said.

Read more about IT in APAC

  • Singapore’s Ministry of Defence is getting white hat hackers to identify loopholes in its internet-facing IT systems in the country’s first government-led bug bounty programme to combat growing cyber threats.
  • Australia has matured in its use of technology in 2017, but more investment is needed for it to continue its good run and to combat cyber threats.
  • Malaysia’s digital economy is set to contribute 20% of the country’s GDP by 2020, up from 18.2% in 2016, according to the country’s deputy prime minister.
  • An ageing submarine cable that links Australia to Southeast Asia was cut for the third time this year, underscoring the urgent need for a more robust connection to support the region’s growing internet traffic.

Read more on Hackers and cybercrime prevention

Data Center
Data Management