Across the Asia Pacific, cyber security communities are sharing information about malicious actor techniques from other regions, in hopes of avoiding copycat attacks. In one case, data theft from a US government agency exploit was foiled when individual users repeatedly asked IT to have their malware-ridden laptops re-imaged. It turns out, it wasn’t just malware that was the security issue – the malware was a cover up for a sophisticated ring of insider data-stealing activities. Each time the externally-based ring leader thought their data stealing attempts might be discovered, the malware was inflicted on internal users to force a reimage and cover their tracks.
The case speaks to the ongoing need for multiple layers of security, but also highlights how eliminating malware from your environment can allow your resources to address larger concerns. It was thus surprising for us to hear at the Australian Information Security Association national conference (#AISA2016) in October that antiquated signature-matching techniques are still the norm for “fighting malware” in some Asia Pacific enterprises.
Newer techniques such as isolation could quickly remove the need for endpoint upkeep and reimaging machines, keeping risky sites and code away from end users to begin with. Isolation works by providing only safely rendered content to users, as you can read about here. Similarly for links in email, isolation removes the threat of phishing.
What are the Threats?
As we heard from local cyber security professionals at the AISA conference, Australian banks are still handling fall-out from the RIG exploit. Booth visitors mentioned how banking employees continue to access news and ecommerce sites, which often have as many as 20 scripts running in the background.
The Australian Computer Emergency Response Teams (CERT) responded to more than 14,000 security incidents between July 2015 and June 2016 in Australia alone, according to a new threat report released by the Australian Cyber Security Centre. These are just the threats that are reported and/or detected.
There are also ongoing concerns about ransomware. Vulnerable web infrastructure, malicious spear phishing email campaigns and legacy anti-malware software are all contributing to ransomware’s prevalence throughout the region.
Over 20% of Top Sites Run Vulnerable Code
Analysis of top ranking Web sites, as Menlo Security performed on site at the AISA conference, turns up high-risk CVEs that warned about everything from DNS flooding vulnerabilities to servers running 10-year old software. You can see our analysis on top 50 Australian sites, which shows 26% of the sites were running vulnerable versions of web software code at the time of testing.
Isolation can serve as bullet-proof glass to keep enterprise employees productive on essential web and email activities, yet safe from malware and phishing.
For certain, there are cutting-edge companies in the region who are prioritizing security and leveraging either on-premise or cloud-based solutions to stop malware, such as the Menlo Security Isolation Platform. We talked to large entertainment groups leapfrogging their old IT infrastructure to leverage cloud and mobile with integrated network and physical security, for example. Meanwhile AISA is helping to raise cybersecurity awareness and skill sets throughout the region, and we met many attendees keen to pilot new isolation techniques.
But considering the high volume of individual targets across the region and the limited investment made in cybersecurity to date, as CNBC has noted, we expect IT security professionals to be busy. Our perspective is to remove the cost, hassle, and obsolete approach of signatures to immediately protect your business against malware and phishing attacks. Check out our isolation demo to learn more, or see why our customers, such as JPMorgan Chase, select Menlo Security for innovation awards.