News Categories

APTs and Ransomware take center stage at the FireEye cyber security briefing

By Azizul Rahman Ismail - on 18 Nov 2015, 4:10pm

APTs and Ransomware take center stage at the FireEye cyber security briefing

Wias Issa, Senior Director, Asia Pacific Japan, FireEye

FireEye earlier today presented their report on the cyber threat landscape in Southeast Asia. The report shows that in Malaysia, 33 percent of observed organizations were targeted with advanced cyber attacks in the first half of 2015, while Thailand and Philippines tops the chart at 40 percent and 39 percent respectively.

The report also says that FireEye observed at least 13 Advanced Persistent Threat (APT) groups targeting national government organizations and at least four APT groups targeting regional or state governments around the world.

Wias Issa, Senior Director for FireEye Asia Pacific & Japan, in his talk highlighted APT 30 as one of the example of the 13 APT groups. He said that evidence found by FireEye shows that APT 30 has been active for more than a decade. He added that one of the most unique things about APT 30 is that they target specifically India and Southeast Asia countries.

“Software used by APT 30 are modular, self updating, localized, scalable, and is fully developed complete with a command and control set. We found that they target journalists, especially those who are critical of China. We found this out through reverse engineering,” said Wias.

He also said that APT 30, like many APT group,s are probably state-funded and are so sophisticated that they employ rouge freelance malware developers to build and maintain their arsenal.

Thomas S. Dougherty, Regional Legal Advisor for Cybercrime, U.S. Department of Justice, U.S. Embassy in Kuala Lumpur

Thomas S. Dougherty, Regional Legal Advisor for Cybercrime, US Department of Justice, for the US Embassy in Kuala Lumpur, emphasized the importance of international collaboration between countries to combat these threats as they are more often than not, happen across borders.

He cites the importance of the Budapest Convention, which is the first international treaty seeking to address Internet and computer crime by harmonizing national laws, improving investigative techniques, and increasing cooperation among nations.

Dougherty added that it is also important for the knowledge of cyber security threat be shared with those on the field such as law enforcements and prosecutors so that they thoroughly understand the crime if they see or catch it.

 Dr. Aswami Fadillah Bin Mohd Ariffin, Vice President, Cyber Security Responsive Services Division, CyberSecurity Malaysia

Presenting the Malaysian perspective was Dr. Aswami Fadillah Bin Mohd Ariffin, Vice President, Cyber Security Responsive Services Division, CyberSecurity Malaysia. According to his statistics, although APT is a big cyber threat in Malaysia, currently the biggest cybercrimes in the country are in the form of ransomware and scams.

“In early 2015 we had 365,000 threats and that number now grows to over a million. When it comes to malware, in 2013, we had 2.3 million infected IP and that number grew to 3.2 million in 2014,” said Aswami.

He explains that in Malaysia, like everywhere else, the weakest link in a cyber security system is the people, but to remedy that, CyberSecurity Malaysia, an agency under MOSTI, has developed MyCert, a computer security incident response service; and Cyber99, an emergency cyber security incident response team.

On Malaysia’s cyber laws he said “Our current laws are adequate to address cyber crime. We are also well prepared to not only defend against cyber attacks, but, to also help individuals and organisations. We can’t comment on our capabilities and activities against cyber terrorism, nevertheless, we are proactive.”

He highlighted that CyberSecurity Malaysia has developed a browser plugin called DontPhishMe to protect users from phishing or spoofing sites. According to him, it is the first of such initiative by a ministry in the world.

“We look forward to work with Microsoft to bring this plugin to their browser. We are currently developing version two of the plugin, which uses a whitelist system and other software to counter cyber threats,” said Aswami.

For more of the latest security news from FireEye, please click here.