Tech-Savvy Hackers Could Move Beyond Laptops And Mobiles To Infiltrate Networks, He Says

When cyber-security expert Etay Maor tested a hacking tool in his home, he was surprised to discover 16 household appliances trying to connect to his Internet. Upon expanding the range to the nearby vicinity, it easily picked up more than 100 devices in the neighbourhood, from Bluetooth devices to fitness trackers, all connected to the Internet.

Innocuous as they may seem, these “smart” appliances could give cyber-criminals a playground to wreak havoc by taking control of your devices, or eventually provide a gateway into stealing personal information in your home system.

Mr Maor, 37, who is IBM Security’s executive adviser and who was in Singapore for a conference earlier this week, warned that with people being increasingly plugged in to smart devices, tech-savvy hackers could move beyond laptops and mobiles to infiltrate their networks.

“With companies offering more (services) like online banking, and with the Internet of Things, there’s going to be (greater) threats and attack vectors for criminals,” he told TODAY.

Earlier this month, the Cyber Security Agency here reported that Singapore was a “prime target” for cyber-criminals, with 16 waves of online attacks hitting the Republic’s shores since April last year. This comes even as there is an outcry over the move to disallow Internet surfing on civil servants’ work computers that are used to access the Government’s internal networks.

Attacks may come in many forms, ranging from “overlay attacks” which replicate applications such as banking apps, to malware that records videos of users’ screens, Mr Maor said.

While the malware used is still largely the same, what has changed is how readily tools are available online, and cyber-criminals may get them “for sale or rent within seconds”, he added.

Attacks are also increasingly being customised to local contexts, where criminals design malware using the local language, or conduct intelligence operations to suss out how companies work.

Now, even ordinary individuals without specialised skills may band together to form a “collaborative and supportive community” to create sophisticated attacks. Remaining anonymous, they exchange tips freely, seek advice in underground forums, and rate each other’s skills, said Mr Maor.

Increasingly, these shady figures are going beyond targeting financial institutes to stealing personal data or records from healthcare organisations and insurance firms, he added.

Stressing that there is no total foolproof protection, Mr Maor said that companies should still educate employees on the basic threats, such as not clicking on links in phishing emails, or updating their software and passwords regularly. “Whether you’re a director (in the firm) or an employee, you’re a door into those networks and you have to be vigilant,” he warned.

Secure systems also need to be in place to protect devices, as well as “crucial” procedures such as having an incident response team — something many companies still do not have, he observed.

A recent IBM and Ponemon Institute study found that the average cost of a data breach for about 400 companies surveyed worldwide is US$4 million (S$5.3 million). Breaches in highly regulated industries such as healthcare are typically costlier (at US$355 per compromised record) than in other companies (US$158). It also found that it takes 201 days to identify a breach and 70 days to contain it.

The biggest challenge is still in overturning perceptions that such measures are an “inconvenience”, rather than an enabler, especially for resource-strapped smaller businesses, Mr Maor pointed out.

“People often think it’s annoying to lose a credit card, but when your identity gets stolen, it’s a much tougher situation to handle,” he said.

“And with more devices getting connected, almost everything you do online can be susceptible to an attack ... We should get into the mindset of (needing) security right now, before (the threat) becomes greater.”

Source:
courtesy of TODAY

by Toh Ee Ming

If you have any stories or news that you would like to share with the global online community, please feel free to share it with us by contacting us directly at [email protected]