Photo - (From left) Law Chee Wan, Manager, Technical Sales, Trend Micro; and Goh Chee Hoh, Managing Director for Malaysia, Singapore and Indonesia, Trend Micro.
During a Chinese New Year briefing in Kuala Lumpur, security solutions firm Trend Micro unveiled top-level findings from its annual TrendLabs Security Roundup report, "The High Cost of Complacency", which confirmed that cybercriminals were showing increasing tenacity and cunning.
Trend Micro's managing director for Malaysia, Singapore and Indonesia, Goh Chee Hoh said there has been an unprecedented rise in the number, scale and sophistication of cyber-attacks during last year with more to come in 2015.
Speaking on 4 March 2015, Goh said the scale of attacks were illustrated by breaches in the retail sector such as Target and Home Depot, which were the result of point of sale (POS) attacks against weak systems with an intelligent strategy of using insider vulnerabilities.
Organisations seemed to show a certain complacency in not managing such inside threats, he said, while Heartbleed and Shellshock showed the wider vulnerabilities across different operating systems.
In addition, 2014 peaked with the Sony breach with 100 terabytes of compromised data and up to US$100 million in damages, said Goh.
The findings include confirmation of Trend Micro's late 2013 prediction that one sizable data breach would occur every month-further solidifying the need for organisations to protect their networks and implement intrusion detection.
"The past year was unprecedented in terms of the size and scope of cyber-attacks as evidenced by the Sony situation," said Goh. "Unfortunately, this will most likely be a 'sneak peek' of what is to come."
Trend Micro's manager, technical sales, Law Chee Wan, detailed some important points from the report, which include:
§ No threat is too small. It does not take a sophisticated piece of malware to cripple a target. Attackers are using a simple wiper to breach a company's defences with devastating effects.
§ PoS RAM scrapers came close to becoming a mainstream threat in 2014, as several high-profile targets lost millions of customer data to attackers month after month.
§ New attacks showed that no application was invulnerable in 2014 as attackers branched out into new territory.
§ Online and mobile banking faced bigger security challenges and are proving that two-factor authentication was no longer enough to secure sensitive transactions.
§ Ransomware became a bigger and more sophisticated threat across regions and segments. And unlike older variants no longer just issue empty threats but actually encrypt files.
"In the coming months, more cyber criminals will be turning to darknet and exclusive access forums to share and sell crimeware such as exploit kits," Law said. "They are reinvesting the funds they have stolen into developing more successful attack tools and strategies."
He said exploit kits were expected to double attacks on Android powered devices. "Also, 2015 will see a continuing increase in Ransomware. [This was also recently flagged by Malaysia's national security speciality Cyber Security Malaysia.] Ransomware variants showed an increase of 27.35 percent in 2014 over the previous year. More severe online banking and financial services related threats will also surface."
Speaking of the Internet of Everything/Internet of Things (IoE/IoT), Law said: "Technological diversity will save IoE and IoT devices from mass attacks but the same won't be true for the data they process, of course. This security environment will be the new norm for businesses to operate in."
"All in all, it's a combination of identifying what's most important, deploying the right technologies, and educating users. It is everybody's job-not just those of IT professionals-to ensure that the company's core data stays safe," said Goh.
He added that 2014 had been a good year for the company. "Trend Micro performance in 2014 was so positive that stock has continued to rise in double digits since results were unveiled a few weeks against."
"In Malaysia, 2015 includes a move to a new, better situated office sometime in April denoting our optimism for company's performance in the year ahead," he said.
Sign up for Computerworld eNewsletters.