Photo - Chinese New Year 2015 in Kuala Lumpur (from left) Michelle Ong, Country Manager, Fortinet Malaysia; and Derek Manky, Global Security Strategist, Fortinet, Inc.
Network security specialist Fortinet's 2015 information security outlook for Malaysia includes an expected increase of Ransomware and finance-linked threats.
During Fortinet's Chinese New Year celebrations in Malaysia included a cyber-threat outlook from Fortinet's Vancouver-based global security strategist Derek Manky, who said the report for the second half of 2014 showed an "unusually high degree' of Ransomware in Malaysia to the tune of 79 percent and was a huge problem".
This Ransomware increase warning is in line with an earlier announcement by the national infosecurity specialist agency CyberSecurity Malaysia.
"A botnet called FrauDrop, which is used to load Ransomware onto a victim's computer, typically asks for US$100 ransom to unlock the infected person's computer," said Manky.
"What is also interesting to note is the maturation of the dark or underground economy, as their business model includes 40 percent commission to the individual attacker for compromising each computer with Ransomware," he said. "This shows that five years on, there is now an infrastructure in the dark economy, and that cyber criminals are reinvesting some of their resources and illegal profits back into software development projects."
The Malaysia and APAC 2H2014 report also showed Malaysia held the number one position - with 33 percent of all hacking activity in the region, said Manky, adding that hacking (Open Flash) registered 1.1 million.
Detection is the problem
Malaysia's Ministry of Science Technology and Innovation (MOSTI) has recently announced plans to draw up short, medium and long-term plans to strengthen the nation's cyberspace from 2015 up to 2050, he said.
Manky added that the rising volume/complexity of advanced persistent threats (APTs), DDoS attacks and other cyber threats, coupled with the demands of emerging technology trends like IoT and biometrics, will continue to make IT's job more challenging.
"However, detection remains critical as you can only protect and mitigate what you can see," he said, adding that the company has more than 200 in-house experts as part of FortiGuard.
"The approach for our experts is to adopt an integrated learning," said Manky. "For instance, we just announced FortiSandbox 2.0, which is available as physical, virtual and new add-on cloud solutions, and working with FortiGate, offers the ability to quarantine compromised users and end points with one click. This delivers additional mitigation against zero-day and advanced threats."
Also present, Eric Chan, Fortinet's solution consulting director, Southeast Asia & Hong Kong, said: "The number one most exploited vector for attacks within an enterprise has consistently been through an organisation's emails.
"Our updated FortiSandbox 2.0 and overhauled Advanced Threat Protection Framework were engineered to shine a light on the dark places, like emails and attached documents, where many other security solutions just can't see," said Chan.
"The new solution also scans MS Office, PDF file types, unzips and scans compressed files, scans network file share locations, scans web page URLs, and is also able to export files for third party scanning," he said.
Manky said the "new solution also works as a complementary part of our integrated framework of protection, which differs to how security providers use sandboxes."
"A 99 percent detection rate is achieved by spreading the lifting of the load of detection across the steps from firewall to end point," he said. "We are integrating everything, we have also built everything in-house, and to bring about what is a self-healing network using a SDN [software-defined network] approach. This is an important mitigation strategy."
"Our UTM [unified threat management], NGFW [next-generation firewall] connected to a sandbox [FortiSandbox 2.0], as well as incident response processes, all help to learn from each other," said Manky. "This is a proactive, efficient approach to breaking the kill chain of advanced threats. You can only protect against what you can see and also use intelligence to recognise threats."
In 2015, the mandate for collaboration involves working with security agencies such as MyCERT in Malaysia and Interpol as well as in the US, the FBI and the US secret service, he said.
"However, we take personal privacy very seriously," said Manky, adding that the company removed all PII (personally identifiable information) before sharing relevant data to enforcement agencies.
Consolidating lead position
Michelle Ong, Fortinet's country manager for Malaysia, said the focus for the company this year will be to consolidate its number one position in Malaysia in the network security as well as building up its new regional centre, which is based in Kuala Lumpur.
The new centre in Kuala Lumpur, announced late last year, which will help to provide strategic security assessment and threat intelligence services to organisations in Southeast Asia, also includes a team of highly skilled networking and security professionals with state-of-the-art testing and simulation facilities.
The team will also share threat information with local threat intelligence authorities, and analyse them along with global threat landscape data picked up by FortiGuard Labs' global R&D team, which has labs in Malaysia, Japan, China, the US, Canada and France. CyberSecurity Malaysia has signed to be an early partner for the centre.
Sign up for Computerworld eNewsletters.