In light of the recently released McAfee Labs 2019 Threats Predictions Report, which went in depth into how the threat landscape will look like in the coming year, CSA was able to get in touch with Ian Yip, McAfee’s CTO for the Asia Pacific region, to get his views from an APAC and ASEAN perspective.
All the focus and media reports on ransomware over the past couple of years have definitely helped create more awareness on the issues pertaining to ransomware as well as cyber threats in general. But according to Ian, the threat of ransomware is showing no signs of letting up.
He explained, “Based on the telemetry that we see, ransomware is still pretty big. It’s one of the key ways that cybercriminals monetise globally. Ransomware, based on the stats that we’ve seen, is up about 57% year over year compared to this time last year. Malware itself is up by about 34%. So based on the trends, there’s a lot more malware that is ransomware strain than others. Mobile malware (up by about 42% y/y) is also quite prevalent in APAC because a large portion of APAC is mobile native, particularly if you look at the emerging parts of the region.”
However, one threat that has shown a huge spike and has grown significantly in 2018 is coin mining or cryptojacking. While it was almost unheard of last year, Ian mentioned that the year over year growth for coin mining threats has gone up by about 2600%.
As to why ransomware and cryptojacking have become such huge, prevalent threats, Ian said they’re the most direct ways that cybercriminals can get paid, without the need of a middle person. The rapid rise of the crypto market has been a large contributor, making it much easier for cyber threat actors to monetise their efforts while remaining largely anonymous.
Moreover, due to the impactful nature of ransomware attacks, while Ian thinks the percentage isn’t high, victims who are caught unprepared are still paying ransom in the hopes of recovering their systems.
In terms of Ian’s own predictions for the upcoming year, his comments mirrored those mentioned in the Threats Predictions Report, in that we’ll likely see more sophisticated and blended methods of attacks as cybercriminals continue to refine their techniques. They will also work together, consolidate their efforts and employ more advanced technologies like AI to be more effective in their attacks and evade detection.
Threat actors will also be using more agile methodologies, adapting their attacks or attacking from different fronts to find the best way of breaching an organisation’s cyber defences. While attacks used to be more clear cut, whereby companies had to deal with either a ransomware attack, virus or phishing attacks, according to Ian, things started to change this year and will change even more next year.
“You could have a sophisticated attack that could be classified as different kinds of attacks at the same time – so a combination of phishing, there could also be ransomware or cryptojacking in there. We’ve seen cybercriminals start to write code where they can make real-time decisions based on the company and the environment they’re attacking. The weaponisation of malware is a lot more sophisticated now and will continue to be more blended in 2019.”
While it’s a lot easier to protect against a very clear threat, dealing with a combination of different attacks at once means organisations will have to put more thought into how they defend against such attacks.
To counter the evolving threat, he believes we’ll see that regulation will start to come to the fore. Countries like Singapore, Australia, India and Malaysia are already working on their own cybersecurity legislations and the more that cybersecurity becomes an issue at a global scale, we’re going to see more and more regulation will be put into place to try and tackle it.
“The second part is influence from other parts of the world, things like the GDPR in Europe, is forcing the world to care about privacy and data. So governments will have to realise that they need to help their constituents and organisations in their country to deal with the impact that a data breach might cause.” Ian continued, “I think we’ll see more collaboration or cooperation efforts as well, particularly between governments and public/private sectors of the world because I think that’s really one of the key ways to be able to tackle the systemic issue that is cybersecurity.”
Since many countries in APAC and the ASEAN region are looking into smart city, IoT-type initiatives, his view is that we may be seeing IoT-related threats more so that other parts of the world. IoT is becoming an attractive target globally because IoT devices are still being manufactured with little consideration to security and privacy.
Therefore, Ian opines that some of the less developed or emerging markets in ASEAN may be bigger targets because the nature of their IT infrastructure might not have the defence in depth designed into how their security protections are implemented. On the contrary, in the more developed nations, there may be more security capability built around to be able to mitigate some of the threats that IoT devices might introduce.
Nevertheless, all is not lost, and Ian believes there’s cause to be optimistic. Awareness on cybersecurity issues is growing and that’s important because it allows people to be more responsible for the way they behave in cyberspace.
Security organisations like McAfee are always studying the threat landscape to try and keep ahead of the attackers. Ian gave the assurance that they are working with partners and others in the industry to make sure they’re always keeping pace with the threats and understand how advanced threats are evolving.
Defence in depth, he said, is paramount. Organisations have to look at cybersecurity much more holistically in terms of making sure that all the various ways they defend against cyber-attackers are implemented in a prioritised, logical way, focused on risk. They also have to understand what the most important things they should try to protect are, so that resources can be properly allocated and deployed, instead of trying to protect absolutely everything.
He ended with the following words of advice. “The key word I think to remember is to be focusing on resilience. In the past, some perhaps made the mistake of trying to secure everything instead of securing the important things and making sure that they can keep functioning and operating in the midst of an attack. The truly resilient nation or organisation is one that can keep functioning and available when it is being attacked.”