Cyberattacks exist in many forms. They employed different modes of attacks, but the goal remain largely similar – deliberate network or computer security breach for sensitive data.
Microsoft estimated that cybersecurity threats cost result potential loss of USD12.2 billion in Malaysian organizations. The study found that a large-sized organization is likely to suffer loss of USD22.8 million due to the lacked of preparedness. In 2015 alone, twelve cyberattack incidents were reported involving local corporations.
Timeless Tactics
Their terminologies may elude public consciousness but the tactics are not new. In addition, they continue to evolve sophisticatedly as public awareness slowly gain momentum. It is estimated that cybersecurity threats will result loss of USD6 trillion worldwide thus proving the issue will subsist.
Common Cyberattacks:
Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks
An attempt whereby system resources is overwhelmed thereby disabling its ability to handle service requests. This method stood out as it blocked out access to the website, Thus, the attacker wouldn’t gained any immediate benefit but merely from satisfaction of disrupting the website.
DDoS is not foreign to Malaysians. Election season hype saw that Radio Free Malaysia, Radio Free Sarawak, and Sarawak Report were taken apart in 2013. Intentional disruption on the distribution of information is to be blame. Bursa Malaysia also suffered a same fate in 2012. More recently, encrypted messaging service Telegram suffered a DDoS attack in the wake of anti-government protest in Hong Kong.
Man-in-the-middle (MiTM) attack
A MitM attack takes place when a hacker positioned itself between the client communications’ and the server.
Session hijacking: The attacker hijacks a session between a client and network server. IP address of the client will be substituted while the server continues the session.
IP spoofing: The system will be tricked into communicating with the attacker, and to provide the attacker with access to it.
Malaysia Airlines experienced this attack on their defaced website. While the domain name is not changed, visitors were directed to a different website. The CENTCOM incident were carried out by a concerted effort of hackers on multiple social media accounts.
Phishing attack
Phishing attack is an attempt of sending legit-looking e-mails to individuals with the goal of gaining personal information or motivate them to do something. The e-mail would try to trick users into downloading malware into PC or visit an illegitimate website. To accomplish successful phishing attack, a hacker would employ technical trickery and social engineering to trap users.
Users are usually advised to ignore to suspicious e-mails as highlighted by Bank Negara. The hackers impersonated the Central Bank and attempted to get users to visit dubious websites for malicious activities. In 2012 alone, Malaysians suffer RM2 million loss to phishing scams according to MCMC.
Password attack
A common rule we encounter – Password setup ideally should be a mixture of small and big capital letters, symbols, alphabets, plus numbers. This makes a strong password. Unfortunately, not many heed the advice. The Verizon Data Breach Investigations Report (DBIR) 2017 found that 81% of data breaches were caused by hacked passwords. In consequence, enterprises would likely face USD $5 million in data breach loss which is preventable in the first place.
How do the hackers succeed?
Brute force: Password-guessing technique employed to gain correct combination randomly. The attacker may attempt to use a person’s name, pet’s name, hometown, and others.
Dictionary attack: A dictionary of common passwords will be used to gain access. A correct password may be generated by cross referencing the encrypted file containing passwords with the aforementioned dictionary.
Malware
Malwares are often unwanted softwares that are installed in the PC without your consent. Users may encounter this during visit to less legitimate websites whereby they are invited to download a software.
The potential power of virus is demonstrated via WannaCry ransomware in 2017. It caused mass disturbance worldwide with financial loss estimated at USD4 billion. The cyberattack also crippled thousands of companies in China and Hong Kong. Variants of WannaCry soon ensue to overcome rising rectification measures against it.
Cybersecurity in Malaysia
Lack of talent in cybersecurity industry posed a major setback for enterprises nationwide. The digital economy demand greater manpower supply but the demand was not met due to insufficient manpower.
Interestingly, according to expert insight by AT Kearney, Malaysia is one of three global hotspots to be used as launchpads for cyberattacks. It was also noted that organizations in Asia face 80% chance of attack by hackers.
Prevention Better Than PR Meltdown
Cyberattacks do more than financial loss because it entails a series of mishaps for the unprepared. Forbes Insights’ Fallout: The Reputational Impact of IT Risk reported that 46% of companies were left with damaged reputations and brand value after a breach.
Hence, it is essential to sustain consumer trust in an enterprise. Lack of cybersecurity specialists may be a small setback. However, the offset is presented in professional training to develop new skills.
| Training | Date |
| CompTIA Security+ | 7-11 October 2019 |
| CompTIA Cybersecurity Analyst | 7-11 October 2019 |
| CompTIA Advanced Security Practitioner | 25-29 November 2019 |
| CompTIA PenTest+ | 21-25 October 2019 |
