Cyber crime grows into an industry
Symantec Corp
Symantec Corp senior VP for Asia Pacific Sanjay Rohatgi said the once a lone-wolf hacker phenomena has consolidated globally into hundreds of cyber criminal groups, which operate profit-making business entities.
“Digital era opens up new opportunities that cyber crime is now an industry beyond just for fun. They have an office, a human resources department, and offer full time ‘9-5’ jobs,” Rohatgi said in Kuala Lumpur yesterday.
Globally, Symantec has tracked more than 140 cyber crime groups. Many of them are based in the Middle East, Eastern Europe, Russia and North Korea, among others.
Symantec CTO Nick Savvides said there are a “number of groups” operating in South-East Asia.
Savvides said political and financial factors are the two main motivations behind their cyber crime activities, and the line between the two is getting blurred by state-sponsored groups’ operations.
While targeted attacks could be much harder and take a longer time to be delivered, low-level attacks such as the ransomware and crypto mining have seen “massive explosion” recently, Savvides said.
Symantec’s Internet Security Threat Report 2018 noted cryptojacking, or hacking one’s device to mine cryptocurrency, saw an astronomical rise by 8,500% in the number of incidents last year.
“Ransomware-as-a-service (RaaS) is a small player now,” Rohatgi said.
Savvides said RaaS can be obtained via the dark web for a fee as low as US$400 (RM1,624) a month with a complete support, including from a criminal security analyst for the intended illicit campaign.
Savvides said the entry barrier is very low presently.
“It is a gold rush. Who robs a bank anymore when they can do it on a computer,” he said.
A recent report by Microsoft Corp and Frost & Sullivan revealed that the potential economic loss in Malaysia due to cyber security incidents can hit US$12.2 billion, or close to 4% of the total gross domestic pro- duct of US$314.5 billion.
The study noted a large- sized organisation can possibly incur an economic loss of US$22.8 million, more than 630 times higher than the average economic loss for a mid-sized organisation of US$36,000.
However, Savvides said large enterprises have the capacity to endure a major cyber security attack compared to small and medium enterprises that may be crippled by it.
Companies in the developing countries are spending only 2% to 3% of the total information technology budget on cyber security compared to 10% among companies in the US and Europe.
Four threat entry points or vectors were highlighted, namely end points, email, web and cloud applications.
Savvides said individual security systems that do not “talk” to each other are among key gaps in an organisation’s security posture, in which Symantec is building an integrated cyber defence platform to address the issue.