Cybercrime: In late January, Bank Indonesia, the Republic of Indonesia’s central bank, reported a Ransomware attack that almost crippled its networks. While the attackers stole non-critical data, the message, though unsaid, was clear: If we want, we can hurt you next time!
In December 2021, Southeast Asian governments and private organizations were attacked by hackers, allegedly with Chinese links. According to Insikt, a cybersecurity firm, specific targets included the Indonesian Navy, Malaysian Ministry of Defence, Philippines Navy, the Thai Prime Minister’s office and the army, Vietnam’s National Assembly and the central office of its Communist Party.
Kaspersky, a global cybersecurity firm, believes increasing data breaches, advanced scams and attacks on government institutions and businesses are among the top trends to be wary of in 2022.
By 2025, the Association of southeast Asian Nations (ASEAN) will likely become one of the world’s top five digital economies and will add an estimated US $1 trillion to regional GDP by 2030. Around 125,000 new users are coming on the internet every day.
While this is an indication of progress, it also exposes the region to cyber-attacks, potentially endangering national security.
Interpol highlighted this dangerous, emerging trend in January last year. Its ASEAN Cyberthreat Assessment 2021 report outlined how cybercrime is spiralling, with organized cybercriminals sharing resources and expertise to their advantage.
One of the Report’s key strategies to offset cyber threats is a collaboration between law enforcement agencies and the private sector. Cybercrime researchers and legislators will play an important role, too.
In an interview given to Computer Weekly recently, Teong Eng Guan, regional director for Southeast Asia and Korea at Check Point Software, reiterated the urgency of the matter.
“Cybercrime criminals can enter a network through mobile, cloud, e-mail and web browsers, launch attacks from different angles,” he said, adding, “It’s stealthy and you don’t even know you’re being attacked.”
“We need to lift the cyber security awareness of companies and public institutions in the region and address their cyber security pain points,” he added.
The region’s growing strategic significance makes it a prime target for cyber-attacks, but its cyber resilience is low. Cybercrime firms in and around the region are focusing on developing systems that specialize in detecting and nullifying threats.
Adoption of analytics is central to this objective.
Cyber Threat Analytics (CTA), a ‘cyber-solution’ provided by Wynyard Group, is designed to address this rising cyber menace in the region. A critical component of CTA is the Network Virus Management System (NVMS), which, upon detection of intrusion, automatically initiates the shutdown of systems and critical infrastructure while effectively quarantining the threat.
For instance, the malware used to hack the various Southeast Asian governments in 2021 exploited the latest Log4j or Log4Shell vulnerabilities. According to the Singapore-based company, NVMS can reverse-engineer cyber threats in a sand-box environment to facilitate the development of an effective countermeasure.
In Southeast Asia, most cybercrime secuurity firms are concentrated in Singapore and Vietnam.
CYFIRMA, an external threat landscape platform management company based in Singapore, just last week launched DeFNCE, a mobile app designed to secure networks.
“The mobile internet and mobile apps, besides being used to check email or watch videos, is also a way to find news, connect with friends and family, and do business on the go. But it’s also full of unknown threats that can turn your digital footprint into a real-world crime scene.
These threats can take many forms – from cybercrime criminals who are out to steal your identity, phishing campaigns to lure you into divulging confidential data, and even state-sponsored attacks trying to collect sensitive information,” said Kumar Ritesh, Founder and CEO, CYFIRMA.
“That’s why we created DeFNCE to be that mobile device bodyguard for the everyday mobile user”, he added.
No single entity can fight cybercrime effectively. Public-private partnerships have long been a mainstay of national cyber security strategies across the world. In southeast Asia, though, this crucial linkage is missing. Critically, discussions on PPPs must move beyond loose plans to merely collaborate and instead get serious on the logistics, operational details and meaningful engagement to ensure national security, among other things.