adimas - Fotolia

Cyber attackers up the ante on embattled IT teams

Opportunistic threat actors are pouncing on embattled IT teams that are under pressure to expand remote work arrangements

The hastening pace of digital transformation across Asia-Pacific has drawn opportunistic threat actors to capitalise on the expanding attack surface from remote work and weak links that have surfaced as IT teams come under pressure.

That is the common thread that underpins the region’s cyber threat landscape unveiled recently by Ensign Infosecurity, a Singapore-based cyber security service provider that provides advisory, architecture design, systems integration and managed security services.

Steven Ng, CIO and executive vice-president of managed security services at Ensign, said over the past year, IT teams have been struggling to expand work-from-home arrangements and when they come under pressure, misconfigurations and the loss of visibility over IT assets can occur, creating more vulnerabilities that attackers are exploiting.

In fact, Ensign’s telemetry data in Singapore showed a whopping 360% increase in port scanning activities by threat actors looking to gain entry into remote working tools. These could also be part of broader threat campaigns that include social engineering attacks which have intensified at the same time.

According to Ensign’s Cyber threat landscape 2021 report, social engineering attacks have been rampant in the financial services sector with the increased adoption of online banking. This has led threat actors to ramp up their social engineering attacks by faking banking websites and mobile applications to deceive bank customers into disclosing their credentials.

Employees working remotely are more likely to fall prey to social engineering attacks, even for those from companies with mature remote work practices and good cyber hygiene. “Cyber security awareness actually dropped as a result of work-from-home and isolation,” said Ng.

“In an exercise we did with a client, we found that the number of people who clicked on phishing links increased by 10% over the past year,” Ng revealed. “The isolation is something that people are not used to – and therefore vigilance goes down.”

Read more about cyber security in APAC

  • Regional e-commerce giant Lazada is looking to uncover more vulnerabilities that could compromise data security in a public bug bounty programme.
  • Security experts at Black Hat Asia 2021 discuss the state of ransomware and supply chain attacks, two of the most common attack vectors that offer high returns for threat actors.
  • Australia’s Channel Nine was taken off the air by a cyber attack on its IT systems that disrupted live broadcasts out of its Sydney broadcasting facility.
  • Security operations teams in India and Japan see the increased volume of cyber threats as their biggest challenge amid the Covid-19 pandemic.

Adding to the stress of IT and security teams is the rise in supply chain attacks against technology providers which continue to be lucrative targets for threat actors as organisations become increasingly reliant on digital technologies to support their business operations and position themselves for the future.

“If threat actors can successfully compromise just one of these companies’ systems, it can create a ripple effect that will impact large groups of organisations across industries and geographies,” said Ng, adding the firmware exploits will also be trending in the year ahead.

The aftermath of the SolarWinds attack, which has been a chilling reminder of the supply chain vulnerabilities that every organisation is exposed to, has left organisations wondering if they can even stand a chance to fend against sophisticated supply chain attacks.

To that, organisations will need to recognise that as their cyber supply chain ecosystem expands and diversifies, they will also need to take additional steps to mitigate the elevated cyber risks that come with it. This includes increasing the organisation’s situational awareness by maintaining a complete inventory of the software, hardware, and information assets that are within their network, and those managed by their partners and suppliers.

Such measures are part of overall efforts to strengthen an organisation’s cyber security posture and data security practices. “In many cases, the measures you've taken, such as having defence-in-depth, is likely to help you figure out that you are under threat and disrupt the kill chain in some way, even if it’s a supply chain risk situation,” said Ng.

Read more on Hackers and cybercrime prevention