Share This

Showing posts with label Cybersecurity. Show all posts
Showing posts with label Cybersecurity. Show all posts

Saturday, August 10, 2024

No banking on hacked phones

 


PETALING JAYA: Customers with compromised devices will be temporarily restricted from accessing banking apps as banks in Malaysia roll out a feature that detects high-risk malware and suspicious remote access.

In a statement yesterday, the Association of Banks Malaysia (ABM) and Association of Islamic Banking and Financial Institutions Malaysia (Aibim) said the feature, called malware shielding, will be embedded within the banks’ native mobile banking apps.

Both organisations stated that the feature is designed to prevent unauthorised transactions, protect customers’ funds, and shield them from malware scams.

“It will essentially alert or block customers from conducting banking activities on compromised devices,” said the statement. 

Banks that have enabled the feature on their mobile banking apps include Alliance Bank, AmBank, Bank Muamalat, Bank Simpanan Nasional, CIMB Bank, HSBC Bank, Maybank, MBSB Bank, OCBC Bank, Public Bank, RHB Bank, Standard Chartered, and UOB Bank.

“Emphasising customer privacy, malware shielding is only activated upon the customer launching the mobile banking app and does not run in the background 24/7,” said ABM chairman Datuk Khairussaleh Ramli in the statement.

He added that customers’ banking information and personal data will remain confidential.

Bank Negara governor Datuk Seri Abdul Rasheed Ghaffour said the fight against online scams is a shared responsibility, welcoming the move by banks to enhance online banking apps with added security features.

“This helps to create a more secure banking environment for all Malaysians. We also urge members of the public to remain vigilant against requests to download apps from unofficial sources,” he added.

Customers are advised to reach out to their banks’ 24/7 fraud hotline for assistance should they encounter a temporary restriction.

When contacted, National Cyber Security Agency (Nacsa) chief executive Dr Megat Zuhairy Megat Tajuddin said the measure is well-suited to address specific challenges faced by users in Malaysia as cyber threats are becoming increasingly sophisticated and prevalent.

“In 2023, 40% of the total incidents monitored by the National Cyber Coordination and Command Centre (NC4) were malware-related. In 2024, up until June, the NC4 handled 34% of incidents related to malware,” Megat Zuhairy said.

While the temporary restriction is regarded as an important preventive step, Megat Zuhairy said its effectiveness is also dependent on users.

“They need to adhere to recommended cyber hygiene practices such as to only download apps from official platforms and avoid performing online activities through unsecured WiFi networks,” he said.

Malaysia Cybersecurity Community rawSEC chairman Ts Tahrizi Tahreb said the malware shielding technology could potentially prevent several types of banking malware that are used by hackers to infiltrate devices and perform unauthorised financial transactions.

“Some of them include Cerberus which can mimic legitimate banking app interfaces to capture user credentials and one-time passwords through overlays and screenshots,” he said.

Tahrizi added that another type of malware called Gustuff has been known to target over 100 banking apps and can automate bank transactions on compromised devices.

“These malware types often exploit vulnerabilities in mobile banking applications, making them prime targets for shielding technologies,” he said.

Malaysia Cyber Consumer Association (MCCA) said the initiative represents a proactive approach to addressing the growing threat of cyberattacks on financial systems.

“However, MCCA also emphasises the importance of implementing this feature with caution, transparency, and a strong focus on user education,” its chairman Siraj Jalil said.

He added that the criteria used to define a “compromised device” must be transparent and precise.

“The effectiveness of such a solution hinges on its ability to accurately identify compromised devices without generating false positives. A significant number of false positives could lead to legitimate users being locked out of their banking apps, causing unnecessary frustration and potential financial disruption.

“If users find themselves frequently locked out of their apps, they might resort to using web-based banking solutions, which may not be as secure as the mobile apps, or they could turn to unofficial methods to bypass the restrictions, further exposing themselves to risks,” said Siraj.

Tahrizi said banks can further enhance security and customer protection by implementing some additional measures.

“Banks should regularly test their apps through application security testing (AST) and infrastructure security testing (IST). All identified issues should be tracked, with priority given to remediating critical and high vulnerabilities,” he added.

Customers also need to be constantly reminded of the latest potential online scam attempts.

“Ongoing education and awareness of safe mobile banking practices, such as recognising phishing attempts and avoiding suspicious downloads, can empower customers to protect themselves, and this is a very effective first line of defence,” he said.

Source link 

Related posts:

THE FIGHT AGAINST CYBERCRIME IN FINANCIAL SERVICES


EXCLUSIVE On top of the scams list: Beating the cheats

 


Wednesday, July 10, 2024

Hackers grow more sinister and brazen in hunt for bigger ransoms

 

Cybercrime crews are increasingly turning to more sinister techniques to try to bend major companies to their will, abetted by new technology. — Image by freepik

A hack on a London hospital has left hundreds of millions of health records exposed and forced doctors to reschedule life-altering cancer treatments. In North America, a gang tried auctioning off data about LendingTree Inc customers after finding credentials in another breach. And in the recent compromise of car-dealership software provider CDK Global, hackers took the brazen approach of attacking not just once, but twice.

These recent high-profile incidents show how cybercrime crews are increasingly turning to more sinister techniques to try to bend major companies to their will, abetted by new technology.

"They’re becoming more aggressive in the ways they try to make money,” said Kevin Mandia, co-founder of Ballistic Ventures and the former chief executive officer of Google’s threat intelligence firm Mandiant. "It’s trying to create more pain so they get paid more, or they cause more disruption.”

The one-two punch approach used in the CDK incident indeed delivered a blow to its customers: Auto dealerships throughout the US were slowed for days. If a ransomware victim isn’t quick to pay an extortion fee, the logic goes, a second hit could be crippling enough to blackmail them into paying up.

Tactics like leaking sensitive records and double-hacks aren’t completely new, but have become more common and represent an evolution from traditional ransomware attacks, when scammers simply would encrypt data, demand a payment and then move to the next victim.

These days, when hackers ask for money, they’re sometimes refusing to negotiate ransom demands, according to one expert not authorised to speak about the matter, and they are insisting on extraordinary sums. The Russian-speaking hackers in the London hospital attack demanded US$50mil (RM235.92mil). UnitedHealth Group Inc made a US$22mil (RM103.80mil) payment to a cybercrime group after a February hack on the insurance giant’s subsidiary Change Healthcare.

Those kinds of demands point to hackers putting significantly more pressure on victims. The average ransom payment was US$381,980 (RM1.80mil) in the first quarter of this year, according to the incident response firm Coveware. 

Another reason hackers are growing more demanding: They’re getting smarter about picking their targets, homing in more often on victims whose systems are critical to entire supply chains. The so-called ransomware-as-a-service model has made this strategy easier. A core hacking group will develop and lend its malware to other scammers, known as affiliates, in exchange for a cut of their ransom proceeds.

This is a favourite technique of the group known as BlackCat, according to the blockchain analysis firm Chainalysis Inc. That’s one reason known ransomware payments exceeded US$1bil (RM4.71bil) in 2023, a new record, Chainalysis determined.

Harassing researchers

Hackers have also started to harass the researchers who investigate them.

One especially ruthless group is generating fake nude photos of them with artificial intelligence, said Austin Larsen, a senior threat analyst at Mandiant, a unit of Google Cloud. Similar groups have been alerting police to false emergencies at researchers’ addresses and publishing private information about them online, he added.

Recently, Larsen said his colleagues have taken what was for them an unprecedented step of removing their names from research reports they have written about some of the nastiest gangs.

Some extortionists make phone calls to executives who work at victimised organisations to try coaxing them into paying a fee. In other cases, attackers have called executives by spoofing the numbers of their children – a new tack that Charles Carmakal, chief technology officer at Google’s Mandiant.

"As these tactics get bigger and more aggressive, they’re going to be more disruptive to people’s ordinary lives,” said Allan Liska, an analyst at Recorded Future Inc, who compared the extortion methods to real-world violence like the kind in mafia movies.

"If you send somebody a finger, they’re more likely to pay a ransom,” he said. "This is the equivalent of that.”

Health-sector attacks

The attacks in the health sector show that some of hackers’ increased brazenness is apparent in the types of targets they’ve put in their sights.

Hospitals in London for weeks have struggled to overcome a hack that forced doctors to turn away patients. Seeking to further maximise their leverage, the gang behind the breach threatened to publish data stolen in the incident, ultimately making good on that promise.

In the Change Healthcare hack, thieves from the BlackCat cybercrime group caused outages and delayed payments at pharmacies and health-care organisations for weeks. Even after UnitedHealth made a payment to BlackCat, it had little visibility into whether patient data was safe.

A 2022 attack on Medibank, one of the largest health insurers in Australia, represented a transformative moment in digital crime tactics, said Carmakal of Mandiant. In that case, scammers demanded roughly US$15mil (RM70.78mil) in exchange for not going public with patients’ most sensitive health records. When Medibank declined to pay, extortionists leaked information about Australians who had undergone abortion procedures, and hackers called patients in hospitals in a coordinated harassment campaign.

Cybercrime campaigns have continued despite more action from international law enforcement. The problem is that hackers often work from countries that protect them from extradition to the West, Liska said. "They don’t fear retaliation,” he said.

US President Joe Biden has vowed to take on ransomware, and the Department of Justice has created its own ransomware task force to tackle such aggressive attackers. That effort has led to more arrests, Liska said, but not enough to keep pace with the proliferation of new groups.

That’s in part because it has become easier to conduct such campaigns. Hackers can find pre-made ransomware kits on the Internet, paying as little as US$10,000 (RM47,190) to attack US companies, according to Liska.

"Go mow the lawn for the summer and you'll make enough money to start your first attack,” Liska said. – Bloomberg

Related stories:

US offers $10 million bounty for info on 'Blackcat' hackers who hit UnitedHealth

Hackers roil entire industries with attacks on IT supply chain

Sunday, January 7, 2024

Balancing between data’s potential and its security

IN an era where data is king, the launch of Malaysia’s Central Database Hub (Padu) marks a significant milestone.

For the first time, the government will be collecting personal data on an unprecedented scale – everything from IC numbers and addresses to bank details and property ownership – into a single repository.

While revolutionary in its potential to streamline government services and target subsidies effectively, this initiative raises profound concerns about the security and privacy of our data.

Currently, we have the Personal Data Protection Act on the books. However, under Section 3(1) of the Act, this law does not apply to the government. 

Personal Data Protection Act 2010

Does this mean the extensive data collected through Padu is not afforded the same protections as it would if it was collected by private entities?

Previous data misuse and breaches in government systems only exacerbate our fear.

Cybersecurity firm Surfshark has listed Malaysia as the eighth most breached country globally in Q3 2023, with 494,699 leaked accounts. This represents a 144% increase in breach rate compared to Q2 2023.

According to its midyear threat landscape report, leaks from the government sector constituted 22% of total security breaches from January to June 2023.

The fundamental questions cannot be avoided: Can we trust the government with so much of our personal information? What assurances are there that it will be protected against misuse and theft?

The answers, according to most analysts and experts, lie in reforming the Personal Data Protection Act (PDPA) to encompass government data handling.

Amending the PDPA to include the government and all its agencies would be a significant step toward securing public confidence.

It would ensure the same rigorous data protection standards applied to private entities are also binding upon the government.

Such an amendment would not just be a legal formality; it would be the government’s commitment to the people, a reassurance that our personal information is valued and protected with the highest standards of security and privacy.

It would demonstrate a recognition of the principle that with great power comes great responsibility, especially when that power involves access to the extensive details of one’s financial and personal life.

While Padu presents an opportunity for public administration in Malaysia to take a huge leap forward, it also poses a significant risk to personal privacy if not appropriately managed.

The need to amend the PDPA to apply to data collected by the government is not just a regulatory necessity but a critical step in building trust between the citizens and the state.

Only with such legislative safeguards can the government assure its people that their data, their most personal and sensitive information, is in safe hands.

.  Source link

Related posts:

PADU to help govt identify eligible targeted subsidy