March 4, 2015 — We were invited to the Trend Micro 2014 Annual Security Roundup & CNY Media Luncheon. Take a look at the cybersecurity threats Trend Micro tackled in 2014. Prolific cyberattacks against Sony capped off one of the biggest years on record for cyber security. Approximately 100 terabytes of data were compromised and up to $100 million in damages were inflicted during this headline-grabbing incident as the Trend Micro Incorporated (TYO: 4704; TSE: 4704), annual security roundup report, “The High Cost of Complacency,” analyzes this and other notable activity throughout 2014. The year’s happenings reinforced that cybercriminals are relentless with ever-increasing levels of sophistication and tenacity. “All in all, it’s a combination of identifying what’s most important, deploying the right technologies, and educating users,” said Goh Chee Hoh, Managing Director for Malaysia, Singapore and Indonesia, Trend Micro. “It is everybody’s job–not just those of IT professionals–to ensure that the company’s core data stays safe.” Additional findings include confirmation of Trend Micro’s late 2013 prediction that one sizable data breach would occur every month—further solidifying the need for organizations to protect their networks and implement intrusion detection. “The past year was unprecedented in terms of the size and scope of cyber attacks as evidenced by the Sony situation,” continued Goh. “Unfortunately, this will most likely be a ‘sneak peek’ of what is to come.” Report highlights include: No threat is too small. It did not take a sophisticated piece of malware to cripple a target. Attackers are using a simple wiper to breach company’s defenses with devastating effects. PoS RAM scrapers came close to becoming a mainstream threat in 2014, as several high-profile targets lost millions of customer data to attackers month after month. New attacks showed that no application was invulnerable in 2014 as attackers branched out into new territory. Online and mobile banking faced bigger security challenges and are proving that two-factor authentication was no longer enough to secure sensitive transactions. Ransomware became a bigger and more sophisticated threat across regions and segments. And unlike older variants no longer just issue empty threats but actually encrypt files. Malaysia Specific Threats Landscape In 2014 1. Throughout Q4 2014, the Trend Micro Smart Protection Network detected the following in Malaysia: a. A total of 1 million malwares. b. 8.7 million hits to malicious sites from Malaysian users/endpoints. c. More than 507,000 hits to malicious sites hosted in Malaysia. d. About 10% of the total online banking infections in APAC in 2014 are from Malaysia. This translates to about 3% of overall (global) online banking infections in 2014. e. Only about 1% of ransomware infections in APAC in 2014 are from Malaysia. While it is still quite low compared to other countries, we have seen ransomware and cryto-ransomware like CTB-Locker) spread into new territories, including APAC. f. 20.9 million malicious email queries/spam-sending IPs i. Malaysia registered a growth in the number of spam although it decline in most countries in the region. Malicious URLs and spam activities are prevalent in Malaysia may be attributed to zombie computers that may be present in the country. As seen in the full Trend Micro 2014 Security Roundup, Malaysia is the 7th top country that has the most C&C connections in 2014, at 5.27%. ii. As it name suggests, command-and-control C&C servers are used to remotely send often malicious commands to a botnet, or a compromised network of computers. 2. Top 10 Malware Families in Malaysia for 2014 are as follows: a. DUNIHI b. Sality c. DOWNAD d. GAMARUE e. KEYGEN f. DORKBOT g. AGENT h. ACTIVATOR i. VB j. RAMNIT These malware are similar to the top malware in South East Asia in 2014. It is mostly worms that spread via an old Windows vulnerability (DOWNAD aka Conficker) or removable drives (DUNIHI, RAMNIT, VB) and file infectors/viruses (Sality). Overall, the threat landscape in the region indicates the continued presence and prevalence of insufficiently secured removable storage devices and unpatched operating systems (OSs) and/or applications.
