Red alert: Singapore to suffer from more cybercriminal attacksBY MARC BOWN
Earlier this year, National University of Singapore (NUS) confirmed that hackers had infiltrated the university’s backend systems and stolen a trove of information – including staff usernames, domain information and hashed passwords.
Even though the affected data was not deemed confidential by NUS, the university had to work carefully to inform the public and reset the passwords of all the affected accounts.
Then, in March 2012, Deputy Prime Minister and Singapore’s Coordinating Minister for National Security, Teo Chee Hean, cautioned all Singapore citizens that greater interconnectivity and access to technology will create a “new reality”, in which the country will suffer more cyberattacks and social extremists.
As an open society in a highly globalised world, Singapore encourages its citizens to access new technologies at the expense that the city-state becomes more prone to cybercriminal attacks.
Singapore is no different than any other nation in terms of the threats faced from perpetrators motivated to gather information about government-sensitive information. Similarly, Singapore organisations withvaluable information may also find themselves targeted by scheming attackers.
Different attackers have varying motives, choosing techniques and victims based on their specific objectives. There are three main goals behind all computer-based attacks – financial gain, ideology, and information gathering. By far, the most common motive for cybercrimes is financial gain.
Attackers seeking financial gain most often target credit-card data or other data-based commodities for which there are pre-established black markets interested in buying the information. These attackers do not care who their victim is, so long as that victim has access to data of interest.
In contrast, attackers who focus on a specific target tend to be driven by an ideology or the desire to learn more about that target.
In our experience, the cybercriminals behind these targeted attacks are presently favouring e-mail based attacks sent to individuals in the target organisation. Firstly, the attackers identify a relevant individual through profiling.
Next, an email is devised to pique the interest of the target, hoping to entice the victim to open a malicious attachment or click on a deceiving link. It is this human element that makes targeted attacks so much more difficult to defend against.
In general, attacks usually take advantage of known flaws in common software components – e.g. Microsoft Word, Adobe Acrobat or Adobe Flash – though other methods for targeted attacks do occur.
So, how can organisations better protect themselves from targeted attacks? The best protection against targeted attacks is a well-rounded information-security programme, designed to work across many levels.
Controls surrounding patch management – especially for desktop applications that are more difficult to patch, like Adobe Acrobat and Flash – and user awareness are especially effective against e-mail borne attack vectors. Gateway controls like e-mail and web-content malware detection, as well as filtering, are also key protection technologies.
Organisations should assume that they will eventually fall victim to a determined attacker, and should implement strong detective controls to facilitate a rapid response.
Unfortunately, attackers are often highly motivated to make a significant investment in compromising their target – so that even the best defended organisations can fall victim to targeted attacks.
However, organisations that have multiple layers of preventative and detective controls in place are most likely to prevent themselves against motivated attackers.