covid-19 and cyber threats in southeast asia€¦ · the cyber security defenders those on the...

COVID-19and Cyber Threatsin Southeast Asia From phishing and malware to data leaks and Zoom bombing, this is a guide to help business leaders in Southeast Asia understand the enhanced risks for businesses and the necessary steps to elevate enter-prise cyber security during the Covid-19 Outbreak

Published by BSA | The Software Alliance

Contents:Introduction from BSA | The Software Alliance

The cyber security defenders

How to protect a distributed workforce

Blocking the dreaded meeting bomb

Cyberattacks are rising in Southeast Asia

Malware: 13% increase in threats to businesses in 2019

Data breaches could cost the ASEAN region billions of dollars

ASEAN cyber-attacks: looking at some examples

Guiding employees to secure practices

The importance of legitimate software and free trials

Cyber Security Glossary

1

2

3

5

6

8

9

10

11

12

13

....................................................

.................................................................................

......................................................................

..............................................................

.................................................................

........................................

............................

.................................................

..................................................................

..........................................

..........................................................................................

COVID-19 and Cyber Threats in Southeast Asia

IntroductionThe COVID-19 pandemic has intensely destabilized business as usual for virtually everyone.

As company leaders, we follow its develop-ment closely, alter our policies to reckon with it, and, in many cases, have both employees and management working from home as a safety measure.

To add insult to injury, since the virus’s spread began, we’ve seen cynically oppor-tunistic cybercriminals ramping up their activity to take advantage of the global confusion and concern about the virus.

For a lot of companies, the shift to primari-ly working from home has required major adjustment.

And amid all the concern for tracking pro-ductivity and maintaining teamwork, secu-rity can get lost in the shu�e.

Employees are receiving more emails and online requests in general, since things aren’t being done in person, which could lower their ability to notice an unknown sender or a suspicious �le.

Home o�ces are more likely to have weak-nesses such as insecure Wi-Fi networks, unencrypted networks, out-of-date soft-ware, and easily guessed passwords.

Of course, that’s what cybercriminals are counting on. With employees outside their organizations’ networks and no longer using devices under control of the IT department, many new opportunities are opening up for attackers to target busi-nesses.

Tarun Sawney Senior Director -

Business Software Alliance

“If there is one thing we encourage business leaders to do, it is to ensure that their employees are using professional quality software and platforms for business – and that no employees use consumer applica-tions to conduct their work.

Cyber security is no longer just something for the IT department to worry about – it is a C-level issue. And in this time of crisis, it’s more imperative than ever for business lead-ers to guide their companies to employ safe and secure digital practices. The survival of their companies through these di�cult times could depend on it.

Please be well and stay safe, and if we can do anything to support your security e�orts, please let us know. We would be honored to help.”

1


The cybersecurity defendersThose on the front lines of the �ght against cybercrime know that defending against attacks is crucial.

“Businesspeople must prepare their IT infra-structure for attacks. Cyber criminals could be thousands of miles away, but once they break into your system, even executives are at great risk. Preparation is the key. CEOs and corporate boards must make cyber secu-rity their issue.”

“Businesses in Vietnam and throughout the ASEAN region are facing more sophisticated attacks every day, and the destabilization caused by the COVID-19 crisis has made many of them even more vulnerable. It is vital that they take every measure to protect their data – not just for their own sake, but for their customers’ safety and the security of the country in this challeng-ing time.”

“We see Covid-19 as a war on several fronts. Of course, there are health, economic, and communication crises, but there is also the potential for a cybercrime crisis. Cybercrime is rising in tune with online activity, as the Covid-19 crisis has created a new culture of working from home – from which we may never entirely revert. For this reason, companies and the public must ensure they are aware of the need for cyber security. Online activities must be balanced with e�orts to maintain information securi-ty. This challenge is crucial to the recovery of our economy. We hope that companies take as many precaution-ary measures as possible to protect themselves and their customers from dangerous cyber attacks.”

“Cybercrime in Thailand is growing daily, creating critical threats with large impacts on both the government and private sectors. Especially during the ongoing COVID-19 crisis, when online network and social media usage are growing rapidly, cybercriminals are seizing this opportunity to target both organizations and individuals to cause damage or steal sensitive data. Lost or stolen data is di�cult to recover, and criminals can exploit it for further illegal purposes. There-fore, government sectors, private organiza-tions, and the public must be aware of the methods to protect themselves against cybercrime. Using unlicensed software such as that which has been illegally obtained via torrent is one source of these risks. There-fore, we would like to engage organizations and the public to join us in supporting cyber-security awareness and protecting ourselves from cyber fraud by exclusively using licensed software.”

2

--Major General Nguyen Minh Chinh, Director of the Department of Cybersecurity and High-tech Crime, Vietnam.

-Atty. Anselmo B. Adriano, Chair and CEO of the Optical Media Board (OMB), Philippines.

Henri Subiakto, Expert Sta� of the Minister of Communication and Information of the Republic of Indonesia.

Pol.Maj.Gen.Maitri ChimcherdCommander of Crime Suppression Division

How to protecta distributed workforceWith so many people now working from home, executives must prioritze a process for enhancing cyber security in our new normal. And since it appears the Covid-19 crisis

Following are steps companies can take to improve cyber security, even while employ-ees may be distributed away from the o�ce.

will continue for the remainder of this year and into 2021, companies in Southeast Asia need a sustainable and long-term solution to build their cyber defenses.

1. Conduct training and createdocumentation

for employees to use software safely and securely, especially for new proce-dures related to working from home.

on all company computers and servers, and provide it for employees using their own devices. Ensure that this software is genuine, up-to-date, and active at all times. The software should allow remote erasure of sensitive data in case the device is lost or stolen. While mal-ware may still be downloaded even with such software, as long as it is a known threat it will most likely be detected and quarantined immediately.

2. Install business-calibersecurity software

3. Conduct all company commu-nications using one platform

to ensure that software is fully licensed, legally acquired, and up to date. Unli-censed software is not automatically updated, so it often has security holes that have been patched out of current versions. Additionally, pirated software is sometimes bundled with malware or designed to lack essential security pro-tections.

for those borrowing company devices to prevent installation of unapproved soft-ware.

4. Limit administratorpermissions

5. Perform an audit of allcompany devices

designed for business security. Disallow business-related conversations on con-sumer platforms, especially those with known security holes or which do not o�er end-to-end encryption.

3


This ensures that your communications can only be decoded by yourself and the intended recipients, and messages are not stored in readable form on outside servers.

to be used by all remote employees and require it to be activated before they can connect to the company network.

4


6. For company communica-tions, use only software that em-ploys end-to-end encryption.

7. Invest in a business-caliber VPN

to secure, encrypted servers.

8. Regularly back up all compa-ny data

to ensure that employees are who they say they are, rather than hijackers or thieves.

9. Use multi-factor authorization

for company �les, so that employees never have to download email attach-ments.

10. Use secure cloud storage

“Bombing” of public meetings has become popular among internet trolls. Ideally the program you’re using should only allow in those who are invited, but if you’re unsure this is another way to protect it.

11. Password protect your video conferences.

and put plans in place for potential crises such as malicious attacks and data breaches. Have the team practice and test the incident response plan via simulations or exercises. According to IBM, these are the �rst and third miti-gating factors that decrease the cost of a security breach, for an average savings of $680,000.

12. Create an incident response (IR) team

Blocking theDreaded Meeting BombThe move to working at home has seen a rise in “bombing” of video meetings by internet trolls. These uninvited invaders seek out unsecured video conference rooms using consumer apps (“Zoom bombing” has popularized the phrase) and enter them to expose the users to obscene language or videos. The same technique can also allow unauthorized persons to share mal-ware in chat or simply listen in and discover con�dential business information. Here are some tips to stop them:

Protect your video conferences with passwords or access codes, and change them regularly. One-time codes may even be necessary for particularly sensi-tive meetings.

Turn on noti�cations for all attendees who join the meetings.

Create a speci�c chat room or waiting room for the host to approve before the meeting begins, and lock the meeting once all are in.

Request that participants outside your organization join your secured meeting using software with end-to-end encryp-tion.

Use business-grade software. Microsoft Teams, for instance, has many security options enabled by default, encrypts all communications, and does not allow new participants after a meeting has begun.

5

In the short time since the COVID-19 crisis reached pandemic status, large numbers of malicious actors have attempted to bene�t from it. Some of the most promi-nent scams directly capitalize on people’s interest in virus information. These include email phishing attempts that look like o�-cial statements on the virus and purport to come from organizations like the Centers for Disease Control (CDC), the World Health Organization, or national govern-ment health departments – including those in ASEAN – while in fact employing links or attachments containing malware designed to steal user and company data.

Disguised mobile apps have also become common, such as CovidLock, which claimed to track the spread of the virus, but in fact locked phones unless a ransom was paid. This escalated to the point that Google has now disabled searches relating to the virus in its Play Store. Coronavi-rus-related website names are 50% more likely to be malicious, such as those which track the virus on maps but also exploit browser mapping permissions to install malware and spy on users through their cameras and microphones. (1) And in just March and April, over 86,000 malicious web domains were created using COVID-19-related keywords to lure those seeking information on the virus. (2)


Cyberattacks are risingin Southeast Asia

6

7


Lack of preparation for cyberattacks could exacerbate the region’s current eco-nomic challenges.

In 2017, AT Kearney estimated (4) that the ASEAN region needed to spend $171 billion on cybersecurity by 2025. Instead, that year it spent only around $1.9 billion. AT Kearney estimates that this failure to prepare could cost the region’s top 1000 companies about $750 billion.

Even greater than the immediate costs are the long-term ones: loss of customers, decreased con�dence from potential investors, and threats to global supply chains. For this reason, malware attacks often go unreported by companies and ransomware fees are quietly paid, which hinders everyone’s ability to protect against future attacks.

Businesses in the ASEAN region are some of the least prepared to deal with these cyber threats. This is in part because they have not felt the need, since in the past the ASEAN region was less targeted than others. But that’s been changing for sever-al years now, and threats are rising throughout the region. In fact, in 2019 the Philippines entered the top 10 target countries for cyberattacks worldwide, and McAfee has found that Thailand is the 7th most-targeted country for COVID-19-related attacks, tied with Saudi Arabia and the UK. (3)

Malware: 13% increase in threats to businesses in 2019

Overall malware detections increased only 1% in 2019, this was due to a 2% decline in threats to consumers paired with a 13% increase in threats to businesses. (5)

In March 2020 alone, digital security com-pany McAfee Labs identi�ed several mali-cious Android applications abusing key-words connected to the pandemic in order to spread everything from ransomware samples to spyware.

Hacktools detections increased dramati-cally in 2019 – 224% targeting businesses and 42% targeting consumers. These allow hacking into a network by enabling addi-tional intrusion, data collection, and other malware. Some malware regularly depends on hacktools to operate. (6)

Malware doesn’t just target Windows and Mac Operating Systems – it is increasingly used on Android, often pre-installed, to steal data and attention, which is particu-larly a problem for mobile-focused ASEAN countries.

Many major attacks in 2019 used ransom-ware far more advanced than what had been employed before. Ransomware is a form of digital extortion where attackers use a trojan to gain access to a user’s com-puter and threatens to publish the victim’s data or perpetually block access to the victim’s computer unless a ransom is paid. These attacks are targeted not at speci�c industries, but at companies that the cybercriminals believe are willing to pay the ransom to recover their databases and avoid losing the con�dence of investors, trade partners, and the public. Ransom-ware is spread by diverse means, includ-ing hack tools, botnets, exploit kits, and manual infection.

It is now common for attacks to involve two types of malware. This two-pronged approach involves �rst using informa-tion-stealing malware to gain access to the company network, then using that information in a targeted ransomware campaign. These actions may be carried out by di�erent agents and separated by a span of weeks, as the initial information is sold to a second attacker which tailors its attack speci�cally for use against the (often high value) target.

8


Data breaches are now caused by mali-cious attacks 51% of the time, after their share has grown 21% in 6 years compared to human error and system glitches. They take longer to identify and contain and are signi�cantly more costly than breaches due to other causes: $4.45 million vs $3.5 and $3.24 million, respectively. (8)

Breaches hit smaller organizations harder. Large organizations who had their employee data compromised lose $204 per employee on average, while for small organizations it costs $3,533 per employ-ee. For those small businesses already struggling to stay a�oat in the current di�cult climate, this could easily be their death knell. (8)

Globally, organizations are 31% more likely to experience a breach than 5 years ago.

The average cost of a data breach in the ASEAN region is US $2.6 million.

The ASEAN region is unprepared to respond to data breaches, which are esti-mated to cost the region as a whole $180-365 billion between 2017 and 2025, according to an IBM-commissioned study by the Ponemon Institute. (7)


Data Breaches could cost the ASEAN region billions of dollars

9

In December 2019, phishing emails sent malware to a third-party company working with the Singaporean govern-ment, which led to personal data (full names, NRIC numbers, contact numbers, email addresses, and residential address-es) of 2400 members of the Singapore Armed Forces and the Ministry of Defense being put at risk. Fortunately, these were caught before they could be leaked. (9)

Indonesia has faced 15 percent growth in malware attacks each year, but its most notorious case was in 2017, when two of the country’s biggest hospitals su�ered from the WannaCry malware, which locked their IT systems, patient medica-tion records, and billing (10). The healthcare industry is one of the most prone to attacks, due to its massive store of patient data, as well as being the most crucial in the �ght against the novel Coronavirus.

In January 2019, the email servers of the massive Philippine-based pawn shop and remittance company Cebuana Lhuilli-er were breached, causing the data of about 900,000 clients to be compro-mised, including dates of birth, address-es, and sources of income. (11)

In March and April 2019,the GandCrab ransomware spread widely around Vietnam (12) via documents attached to emails pretending to be sent from the Ministry of Public Security. It locked down the data of so many Viet-namese companies that the Vietnam Computer Emergency Response Team (VNCERT) issued a high alert. Those whose devices were locked were instruct-ed to pay $400-$1000 in cryptocurrency to restore them, though there was no guarantee that the data would be returned.

10


ASEAN cyber-attacks: looking at some examples

Guiding Employees to SecureDigital PracticesBusinesses must regularly communicate with employees regarding potential malicious attacks and train them on secure device operation. It’s important to ensure employees know how these attacks are conducted, exactly what measures to take to defend against them, and the consequences if they fail to do so. Here are some things you can say:

or those from unfamiliar senders, and turn o� the email option to automatical-ly download attachments.

11


even if they seem familiar. Clever imper-sonators may use an address that is just one letter di�erent.

2. Read messages and checkthe addresses carefully

1. Do not click on links, open attachments, or respond to unsolicited emails

especially on company devices. If you don’t know the site, search for it rather than following a direct link.

3. Avoid visiting unfamiliarwebsites

for any email that requests payment or important documents

5. Contact the sender through other means to double-check that they sent it.

from news sites and o�cial government sources rather than via email.

6. Check for COVID-19information

4. Do not reveal personal orcompany �nancial information by email

The Importance of LegitimateSoftware Cybercriminals often depend on security vulnerabilities in software, so fully licensed software across the entire company network is a crucial step in protecting against malware attacks. Software creators regularly patch security vulnerabilities, but these updates are only avail-able to licensed users. This goes doubly true for security software, which should be automati-cally updated and constantly active to protect against attacks. Of course, some companies have decreased their IT budgets at this time, which can make legalizing software seem pro-hibitively expensive. For this reason, many software providers are now o�ering free or discounted access to their software during the crisis.

Here are some of these o�ers from BSA members:

Microsoft Teams is a uni�ed communi-cation and collaboration platform that combines workplace chat, audio confer-encing, video meetings, and �le storage to enable remote work. Microsoft is now o�ering a freemium version of Teams for individuals, while businesses can sign up for a 6 months free O�ce 365 E1 package, which includes full Teams access.

Adobe is providing free 90-day access to Adobe Connect to help government agen-cies and businesses enable virtual environ-ments for real-time work and online train-ing. They also o�er free tools that are valu-able for working at home, including Adobe Acrobat Reader DC, Adobe Scan, and Adobe Document Cloud, which allows for signing and sending forms electronically.

Autodesk is o�ering free access to select 3-D design and construction prod-ucts and services, including BIM 360 Docs, BIM 360 Design, Fusion 360, Fusion Team, AutoCAD Web and Mobile, and Shotgun – all for commercial use.

12


Glossary of Cyber Security Terms

References

Cybercrime - any criminal activity that takes place using computers and a network. Cybercriminals use techniques such as malware, phishing, and social engineering (AKA fake news).

Malware - “Malicious software” that is designed to harm or steal data from the device it runs on or “infects”). There are several types, including:

Adware - Malware that hijacks attention by displaying unwanted ads, sometimes for fraudulent services. Hacktools - Not technically malware, these enable access to �les not normally available to unauthorized users and can act as a gateway for malware. Ransomware - Malware that encrypts or in order to persuade the victim to pay for the device to be unlocked. Spyware - Malware designed to covertly observe its victims in order to steal their data. Virus – Malware which attaches itself to other software in order to function. Viruses come in many forms and may have the ability to corrupt data and damage hardware. Worm – Malware which replicates itself and damages the network

Data encryption – the translation of digital information into “ciphertext” which can only be decrypted and read by an authorized party. Encryption is usually used to protect data, but may also be used by cybercriminals to lock victims out of their own data.

End-to-End (E2E) Encryption – A security feature for digital communication, in which messages are encrypted at all points between the sender and receiver and not stored in readable form on a central server. E2E ensures data cannot be read even if a server is hacked.

Phishing – a form of email fraud which promises interest-ing or relevant content to lure individuals into revealing account information or downloading malware �les.

Data Security Breach – an instance in which the private information of a company or individuals is made available to persons outside the company, either as the result of an attack or human error.

VPN (Virtual Private Network) – Software that encrypts all online activity and routes it though a remote server to ensure data privacy.

Zoom Bombing – The practice of uninvited users enter-ing public meetings on the Zoom app, usually with the intent of causing disruption and chaos rather than data theft.

Smishing – phishing which uses SMS text rather than email.

13


( 1 ) https://www.cnet.com/how-to/coronavirus-stimulus-scams-are-here-how-to-identify-these-new-online-and-text-attacks/( 2 ) https://unit42.paloaltonetworks.com/covid-19-cloud-threat-landscape/ ( 3 ) https://www.mcafee.com/blogs/other-blogs/mcafee-labs/staying-safe-while-working-remotely/( 4 ) https://theaseanpost.com/article/ransomware-could-cripple-asean( 5 ) https://resources.malwarebytes.com/�les/2020/02/2020_State-of-Malware-Report.pdf( 6 ) https://www.ibm.com/security/data-breach( 7 ) https://theaseanpost.com/article/intensifying-aseans-cybersecurity-e�orts( 8 ) www.todayonline.com%2Fsingapore%2Fpersonal-data-2400-mind-ef-saf-personnel-potentially-a�ected-data-breach&usg=AOvVaw0u-1O3AKQTxTszWyunOyhk( 9 ) https://www.thejakartapost.com/news/2019/02/22/businesses-as-risk-experts-sound-alarm-on-cyberthreat.html( 10 ) https://theaseanpost.com/article/intensifying-aseans-cybersecurity-e�orts( 11 ) https://www.vir.com.vn/ransomware-gandcrab-attacks-vietnam-58065.html

covid-19 and cyber threats in southeast asia€¦ · the cyber security defenders those on the...

Documents