Authored by: Gary Gardiner, Head of Security Engineering, APAC & Japan, Check Point Software Technologies
Received a weird message from a strange number with a link on your phone? Or an email claiming to be a Nigerian prince offering you millions of dollars if you help him with something? These are old and common tactics used by bad actors to phish for your information or bait you to click on a malicious link. You might think that you are savvy and won’t fall victim, but cyberattacks are trickier than you think, and they are always evolving.
This is in line with what Check Point Research has observed — the Asia Pacific (APAC) region has seen a 168% year on year increase in cyber attacks in May 2021. In Singapore, there was a 30% increase in cyberattacks between April and May 2021, and an average of 792 attacks per week were recorded in Singapore in May 2021. The same sentiment is also reflected in the annual Cybersecurity Awareness Survey by the Cyber Security Agency of Singapore (CSA) — 37% of Singaporeans surveyed are reported to have fallen victim to a cyber incident at least once in 2020, a jump from 28% in 2019. This goes to show that cyber incidents are becoming more prevalent, and can happen to anybody.
The good news is the general awareness of cybersecurity among Singaporeans has improved. Many of the respondents in the CSA survey could identify phishing emails, and know the basics of what makes a good password. However, the adoption of good cyber hygiene practices like changing to said “better password” or enabling two-factor authentication (2FA) remains low.
Traditional, password-based authentication systems are vulnerable to phishing attacks. A compromised password makes it possible for an attacker to gain unauthorised access to a user account. This includes social media accounts, emails and even chat messaging platforms. Many people have extremely weak password security due to password reuse or simply using weak passwords. This problem exacerbates the impact of phishing attacks and data breaches since it enables a single stolen password to be used across multiple accounts on different platforms. With 2FA, instead of requiring only a password for authentication, logging into a 2FA-enabled account requires the user to present an additional factor, making it more secure.
For businesses, segmenting employees and their access to certain data sets is key, along with setting up 2FA systems to ensure another layer of protection is in place. It is important to build a zero-trust mindset where everything must be verified and nothing should be assumed.
In today’s ever-evolving cybersecurity landscape, one can never be too careful. While 2FA has proven to be far more secure than just usernames and passwords, it is still not a fool-proof preventive solution. For instance, researchers from IBM discovered that TrickBot operators had developed a malicious app called TrickMo, which intercepts the OTP codes that banks send to customers for authentication, without the knowledge of the user.
Usually, this is a request for a password and a one-time access code. This one-time access code can be acquired in a number of ways. One common option is to have it sent as an SMS or email. However, this approach is vulnerable to interception or SIM-swapping attacks.
A more secure option is a Time-based One-Time Password (TOTP) algorithm. During setup, the authentication device (smartphone, USB key, etc.) shares a secret random seed value. Both the server and the authentication device then use a common algorithm to transform this seed over time. This means that, at any point in time, they agree on the version of this value. If a user attempts to log into a service, they provide the current value given by their authentication device to the site, which compares it to its current value and authorises the connection if they match. However, the space of possible values is large enough that an attacker is extremely unlikely to guess the correct code while it is still valid.
Therefore, it is important to combine 2FA with other preventive solutions, and adopt a multi-layered approach to prevent attacks that aim to abuse accessibility permissions and exfiltrate data from the device. There are mobile security solutions like Check Point Harmony Mobile that are robust, agile and can help prevent credential theft that bypasses 2FA. Look out for capabilities such as safe browsing and anti-phishing, malicious app analysis to determine whether the app has malicious content in it or not, even if the malware is in stealth mode. Should there be a malicious component installed on the device, the anti-bot capability feature will be able to block that communication.
The next attack can be prevented if organisations follow a few principles.
Maintain security hygiene: Make sure up-to-date security patches are maintained across all systems and software. Networks should be segmented, applying strong firewall and IPS safeguards between the network segments in order to contain infections from propagating across the entire network.
Principle of Least Privilege: User and software privileges should be kept to a minimum – is there really a need for all users to have local admin rights on their PCs?
Adopt a prevention approach: Not only can attacks be blocked, but they can be prevented, including zero-day attacks and unknown malware. With the right technologies in place, the majority of attacks, even the most advanced ones can be prevented without disrupting the normal business flow.
Cover all attack vectors including networks, mobile, cloud, endpoints, IoT
Keep your threat intelligence up to date: Keep your business up and running with comprehensive intelligence to proactively stop threats. Manage security services to monitor your network and incident response to quickly respond to and resolve attacks.