13 August 2021
As local digital money transactions accelerated during the pandemic, the growth is a crucial period for the financial sector to integrate security and improve their threat intelligence capabilities, according to cybersecurity company Kaspersky.
“For the large majority of cybercriminals, easy money is the prime motivator. And the financial sector is uniquely positioned to be a target of attacks regardless of season because it’s always where the money is. The growth of digital financial services in the Malaysia, like in other parts of the region, is creating new and heightened risks for both service users and service providers. In this case, technology will be the game-changer,” said Yeo Siang Tiong, General Manager for Southeast Asia, Kaspersky.
Based on the MasterCard Impact Study 2020, Malaysia led Southeast Asia in e-wallet use, at 40 per cent uptick, compared with the Philippines (36 per cent), Thailand (27 per cent) and Singapore (26 per cent). The Ministry of Finance, under the recently launched MyDIGITAL, also aims to ensure that payments for all government services will be made on a cashless basis by 2022.
With continuing lockdown, increase in remote working arrangements and the full throttle push towards digital transactions, not all banks are prepared to handle cyber threats.
The restrictions also led to the use of digital payments and electronic money platforms skyrocketing in a short amount of time. The technological capabilities and operating models built to continue banking operations despite the lockdowns were considered vital pieces in ensuring business survival, maintaining controls and compliance, and increasing performance.
For instance, about 40 interested unnamed parties have applied for a digital license since Bank Negara Malaysia (BNM) launched the digital banking framework end of last year, with the central bank aiming to issue up to five digital banking licenses in 2022.
Although the speed of digital technology implementation is taken seriously by financial institutions, securing the platform and the users hold as much value as innovation.
Last year, an American digital banking app was attacked by a hacker group called ShinyHunters that resulted in more than 7.5 million users’ personal information like names and social security numbers being posted publicly on hacking forums.
With almost half of organizations having difficulties finding the difference between real threats and false positives, security teams are left “flying blind” instead of properly prioritizing actionable threats. This opens an organization to unexpected attacks.
“Digital transformation always presents new challenges, especially for the financial sector. Malaysia is at the forefront of a digital revolution where the use of online payment gateways and e-wallets is expected to expand. While it is a huge responsibility for banks and financial service providers to secure their virtual systems, investing in the most intelligent solutions is essential as they build their cyber defenses to better protect their customers and their businesses. From a cybersecurity standpoint, threat intelligence is an advanced, specialized framework that the financial sector will significantly benefit from,” Yeo added.
In Kaspersky’s recent IT Security Economics Report, it was found that threat intelligence is considered an area of investment for 41% of enterprises and 39% of SMBs in response to a data breach.
To secure ongoing efforts for digital connectivity, identification, and payments infrastructure, up-to-the-minute threat intelligence feeds play a vital role in keeping tabs on the cyberattacks that grow in both frequency and complexity.
Threat intelligence can identify and analyze cyber threats targeting a business. It’s about going through piles of data to examine it, to spot real problems and deploy solutions specific to the discovered problem.
But threat intelligence is not to be confused with threat data which is a list of possible threats. Threat intelligence is when IT specialists or sophisticated tools “read” threats and analyze them, and apply historical knowledge to know if a threat is real, and if it is, what to do about it.
With Kaspersky’s Threat Intelligence Services, organizations are supplied with data feeds that cover phishing links and websites, and malicious objects that target Android and iOS platforms.
Since users most of the time access digital financial services through smartphones, banks can easily warn clients against ongoing cyberattack campaigns that usually involve phishing links on emails posing as the bank.
This up-to-the-minute machine-readable threat intelligence in security information and event management systems also enable security teams to quickly launch an automated incident response and easily sift through which alerts must be escalated for further investigation and resolution.
This feed is a collection of data sourced from Kaspersky’s own cloud infrastructure called Kaspersky Security Network, web crawlers, an always-on unique proprietary platform called Botnet Monitoring, email honeypots, research teams, and the company’s global partners.
For industries like the financial services, how can threat intelligence be useful? There are three basic things:
- Prevent data loss – a well-structured cyber threat intelligence (CTI) program means your company can spot cyberthreats and keep data breaches from releasing sensitive information
- Provide direction on safety measures – by identifying and analyzing threats, CTI spots patterns used by hackers and helps businesses put security measures in place to safeguard against future attacks
- Inform others – hackers get smarter every day so cybersecurity experts share the tactics they’ve seen with the IT community to create a collective knowledge base to cybercrimes.
From January to April 2020 alone, the average daily instances of brute force attacks met a 24% increase. In fact, even healthcare organizations and other essential services are being targeted by advanced persistent threat (APT) groups. Not all APT threats are reported immediately, and some are not publicly announced.
Managing threats requires a 360-degree view of your assets. Here’s what to look for in a Threat Intelligence program:
1.IOC (indicator of compromise) – IOC is the basis of threat intelligence. Its evidence can be measured and recognized like a fever showing signs of a disease in the body. There are many IOC services. To choose the right one, you’ll need to know which threats you’re most likely to face.
2.Threat data feeds -These provide integrated intelligence by analyzing adversaries and the wider threat landscape. To choose the best one for you, ask: do we need an APT data feed if we’re not a likely target for APT groups? Where is the best place in the IT infrastructure to add the feeds? Should we block threats or just alert the team? Your answers will depend on your organization’s security posture and IT strategy.
- Threat intelligence platform– A threat intelligence platform lets you manage a range of specialist software that supports the different components. What you choose and how you integrate services comes down to your budget and business needs. Although there are open-source data feeds out there, you can buy more sector-specific intelligence. It’s essential to drill down when you purchase threat intelligence services to make sure the vendor provides a responsive service – both in the quality of data feeds and speed if they’re providing an incident response.
With careful planning, while choosing a vendor and a well-thought-out strategy, your SOC can benefit from the full protection and power of threat intelligence.
In conjunction with the introduction of Kaspersky Threat Intelligence Services to the Malaysian media, the attendees were hosted with an interactive virtual game, developed to assist the participants to understand and identify the cyberthreats.