You step into the office, raring to start the week.
The first thing that pops up is an email from IT asking you to create a new username and password lest you get locked out.
You click on the link and receive a prompt to input your old account details; the moment you do so, your screen blanks out and your machine becomes unresponsive.
Congratulations, you’ve just fallen prey to phishing — and ransomware.
As the world becomes increasingly digitised, a disproportionately large percentage of an individual’s life is spent online. Hackers know this all too well.
With an ever-growing arsenal of cyberattack ammunition, these hackers exploit vulnerabilities in unprotected computer systems and mobile devices on a daily basis, extracting personal information and wreaking havoc.
“Just last year, in 2016, we found that there were 401 million unique malware programmes circulating on the Internet, out of which 357 million, or 89%, were seen for the first time” said Mr Matthias Yeo, Chief Technology Officer (Asia-Pacific) of Symantec, who was speaking at the one-north Festival 2017.
“On average, one million new malware are seen every day, so imagine the amount of new malware that could possibly be found on the Internet in just the few minutes we spent setting up the laptops for this seminar!”
Banking on Phishing
Humans are creatures of habit, but as technology advances, our habits also change.
For example, in the past, money was withdrawn from automated teller machines (ATM) and handed over to the intended recipient by hand.
These days, the same task can be performed on a smartphone, and the recipient can be halfway across the globe.
Along with this change in consumer habits, thieves have adapted their mode of operations to the digital space.
For example, in a method known as phishing, cyberattackers design fake bank websites or internet banking apps that are exquisite replicas of their real counterparts.
Unwitting consumers may key in their login details thinking that they are accessing their bank accounts, but in reality, they are granting a stranger access to their life savings.
“Financial systems are the main targets of phishing and spear-phishing [phishing directed at specific individuals],” said Mr Yeo.
“The financial markets of Japan, China, India, the US and Indonesia have been hit hardest.”
Clearly, hackers recognise that Asia is the next frontier of economic growth and are cashing in on the increasing affluence of its inhabitants, Mr Yeo added.
But how is Singapore doing on the cybersecurity front? Not too badly.
“The world standard of malware contained within emails is one in 131 emails. Singapore’s standard is about one in 150 emails, so we are just slightly better off. Similarly, the overall phishing rate is one in 2,596 emails, while Singapore’s standard is one in 3000 emails."
Despite malware being a rampant problem, consumers often take it for granted that their interactions online are secure.
Even if computers have antivirus software installed, their operating systems (OS) or software patches may not be updated frequently enough to fend off newer cyber threats.
The recent WannaCry attacks exemplify how cybersecurity experts had anticipated the release of the now-famous ransomware nearly two months before it released.
Yet, hundreds of thousands of computers worldwide were crippled by the cyberattack.
“In March 2017, Microsoft announced a vulnerability in the Windows OS and released a patch for it. On April 14, a hacker group called Shadow Brokers released an exploit called Eternal Blue — the basis of the WannaCry ransomware — that specifically targeted this vulnerability in the Windows OS."
"Symantec released the protection against this vulnerability on 2 May, but the widespread attacks still erupted ten days later,” explained Mr Yeo.
The problem is that consumers get overwhelmed by the frequency of patches and updates.
Cybersecurity companies are aware of this; Hence, they have incorporated automatic update functions in their software so that lapses in protection do not occur.
However, Mr Yeo noted that it is an individual’s responsibility to ensure that they have adequate cybersecurity measures in place.
“You need to have prudence and make sure you install cybersecurity software so that your devices do not get infected, or if they are already infected, do not spread the infection to other devices sharing your network."
Internet of Threats
Thanks to the Internet of Things (IoT), our smartphones and computers are no longer the only devices connected to the internet.
Mr Yeo noted that IoT is gaining traction, and homes could soon be equipped with smart appliances such as refrigerators and washing machines that can be controlled remotely via mobile apps. This makes it more urgent than ever to make sure that all these home appliances have a security component embedded within them.
“Imagine having your washing machine infiltrated by ransomware. Until you pay a certain amount of money, it is locked down and you can’t wash your clothes. Within a week I’m sure you’ll yield to the hackers’ demands!” said Mr Yeo.
Therefore, inventors and software programmers who are developing new IoT devices and cloud computing services ought to work closely with cybersecurity experts to ensure that these disruptive technologies do not disrupt the lives of users in the event of a cyberattack.
“Security doesn’t just affect information, it affects all our lives. We can tolerate messiness, disruption and chaos, but security should not be compromised,” Mr Yeo concluded.