PETALING JAYA, Dec 21 – If you think that a cyber attack like what happened to Sony Pictures Entertainment could only happen in Hollywood, think again. It is a sign of what’s to come globally in 2015, say cyber security experts. In the attack on Sony on Nov 24, the attackers hacked the company’s network and took terabytes of private data, deleted original copies from the company’s computers and left messages threatening to release the information if Sony did not comply with their demands. Nigel Tan, director of systems engineering for software security firm Symantec Malaysia said the prominent data leaks of 2014 would keep cyber security in the spotlight in 2015.
“With the interconnected nature of a global Internet and cloud infrastructures, cross-border flow of data is unavoidable and needs to be appropriately addressed. “Malaysia was affected in the data breaches this year and will continue to be affected next year,” he said. Tan recalled a hack last month by a site called Insecam, which downloaded and displayed images from unsecured webcams of CCTV and simple IP cameras around the world, including from Babycams. Symantec expects more mega data breaches next year, especially with the rising use of mobile devices for e-payment and the cloud computing technology for storage of personal and confidential information.
“Mobile devices will become even more attractive targets for cyber attackers in 2015 as mobile carriers and retail stores transition to mobile payments. “Mobile devices are also used to store troves of personal and confidential information. They are left switched on all the time, making them the perfect targets for attackers,” said Tan. He said the growing use of smart home automation, like smart televisions, home routers and connected car apps had also increased the potential of cyber attacks as more devices were being connected to the network. Cyber law expert Dr Sonny Zulhuda agreed that the idea of synchronisation and interlinking of smart home automation (or the Internet of things) would be too tempting for both users and “abusers”.
“Users need to balance the use of these devices and smart technology with the efforts to preserve security, privacy or confidentiality. “Just imagine how many mobile users are concerned about installing a good malware scanner on their devices. In the mind of the criminals, on the other hand, this will make their work even easier.” Dr Sonny, who is assistant professor at the law faculty of the International Islamic University Malaysia, said it would come to a point where people would get too tired with the intrusion and abuse of their privacy. “In Malaysia, for example, more people are being aware about the need to protect personal data thanks, to the enforcement of the PDPA 2010 (Personal Data Protection Act).
“Perhaps it is timely now to consider the development and penetration of cyber insurance as a new product for our insurance industries,” he said. Imam Hoque, managing director of business analytics software and services company SAS said another reason why more cyber criminals target mobile devices was the increasing number of corporations embracing the “bring your own device” (BYOD) to work policy. “This coupled with a general trend for business to provide more methods of interaction with consumers using mobile devices opens up further opportunities for hackers. “The emergence of more mainstream malicious software kits for these mobile devices will accelerate the number of attacks on the mobile channel,” he said.
Hoque said that the continued trend to store data within the cloud, coupled with the high-publicised data losses from corporations such as Sony would encourage more hackers to consider large data loss exploitation. “This in turn will lead to higher levels of identity theft and the ability of hackers to compromise the relationships between individuals and the institutions with which they interact,” he said. CyberSecurity Malaysia CEO Dr Amirudin Abdul Wahab said while malware would continue to rise steadily on mobile devices to attack individuals, cyber criminals would also exploit the mobile device for advanced persistent threats (APT) on specific targets, resulting in high impacts on security, prosperity and public safety like critical infrastructure and big corporations.
“We foresee sophisticated APT carried out using a combination of technical sophistication, excellent planning and coordination, and social engineering,” he said, adding that another major cyber threat next year was the increasing influence of social media. “Social media can be exploited to propagate political and racial radicalism as well as religious extremism that could destabilise our national security and societal harmony which we have taken for granted all these years.”