Cyber criminals are stepping up their game to trick companies and digitally extort consumers.

MALAYSIA is moving up the target list of the world’s cyber criminals, says cybersecurity company Symantec Corporation.

According to Symantec’s recent Internet Security Threat Report 2015 (ISTR 2015), the growing number of cyber attack cases – from malicious code to spam and bot-infection – has pushed Malaysia’s ranking in Worldwide Threat Activity from 33 out of 157 countries in 2013 to 31 last year (No.1 has the highest number of attacks).

And coming at the heels of the 2015 Worldwide Threat Assessment of the US Intelligence Community, which identified “cyber” as the top global threat of the year, the ISTR 2015 findings should make us review our cyber security practices.

As Symantec country director for Malaysia and Thailand Nigel Tan warns, in today’s hyper-­connected world, it is no longer a question of if you will be attacked – but when.

“One main reason for the high rate of cyber attacks in Malaysia is because Malaysia is getting more connected. The MCMC (Malaysian Communications and Multimedia Commission) reported that the smartphone penetration in Malaysia is now 60% and rising.

Symantec country director for Malaysia and Thailand Nigel Tan.

“ISTR found that some 37% of mobile devices in Malaysia experienced attempted or successful malware infection last year,” he says.

Another security threat on mobile devices that rose here in the past year was ransomeware, jumping as high as 113% (an estimated 4,530 ransomware attacks were recorded here) to make Malaysia the ninth highest in the region and 40th in the world with cases of digital extortion.

The year 2014 also saw the first crypto-ransomware on mobile devices attacking Android.

“Notably, there were 45 times more victims of crypto-ransomware attacks than in 2013.

“Instead of pretending to be law enforcement seeking a fine for stolen content, as we’ve seen with traditional ransomware, the more vicious crypto-ransomware attack style holds a victim’s files, photos and other digital content hostage without masking the attacker’s intention,” adds Tan.

Interestingly, other reports indicate that the more global these attacks become, the more “localised” cybercriminals are making their ransomware – customising their malicious software using the local language to target a larger and newer base of victims in Asia.

Once a computer is compromised, the ransomware reportedly displays a message in the local language based on the location of the compromised computer’s IP address, instead of the universal English: “Warning – we have encrypted your files with CryptOLOcker virus.”

To recover their files, the victim is asked to pay a minimum of 1.8 bitcoins (approximately US$400 or RM1,429.70).

The emergence of ransomware attacks specifically targeting non-English speaking countries is significant as it shows that ­attackers are waking up to the vast potential of these markets and the increasing wealth of this region.

It may be early days for this variant, but there is every chance of it multiplying; worryingly, a breakdown of the countries being targeted by this ransomware shows Malaysia getting 15% of the attacks after South Korea with 71% and Japan 14%.

A screengrab of a ransom message in Japanese shown on a compromised computer in Japan.

Another indication of Malaysia’s rise in the eyes of cyber criminals according to the ISTR 2015 is Malaysia’s average for spreading scams through social media at 84%, which is higher than the global average of 70%.

Says Tan, while email remains a significant mode of attack for cyber criminals, social media is growing popular as they increasingly experiment with new attack methods across mobile devices and social networks to reach more people with less effort.

“Cyber criminals are taking advantage of unwitting users to proliferate their scams. For 2014, Malaysia is ranked fifth in the Asia Pacific and Japan region for the number of social media scams.

“The majority of such scams, up to 84%, were shared manually as attackers took advantage of people’s willingness to trust content shared by their friends.”

Crucially, Tan notes, that is not the only human behaviour that attackers are exploiting to speed up and increase their threats.

“We are seeing a dramatic shift in the mode of attacks. Attackers have stepped up their game by tricking companies into infecting themselves through Trojanised software updates, hiding their malware inside software updates of programs used by target organisations. This enables cyber criminals to gain full access to corporate networks without the need to make any forced entry.”

This ruse of getting victims to “update” an infected legitimate piece of software is simple but effective.

Once the unsuspecting employee clicks “download,” a Trojan horse would give hackers a free ride into company networks, where they could have “unfettered access”.

Advanced hackers also used a company’s own infrastructure against it, the report says.

In one instance, they used company management tools to move stolen intellectual property around a company network. Once inside the network, some hackers built custom attack software using the company’s own servers while avoiding anti-malware tools.

Symantec research reveals that it took software companies an average of 59 days to create and roll out patches last year – up from only four days in 2013.

Due to these tactical shifts, hacker attacks on large companies worldwide went up 40% while five out of every six large companies with more than 2,500 employees in Malaysia were targeted with spear-phishing attacks last year.

How lucrative cyber crime is growing is evident in how much cyber criminals are willing to pay for a single custom malware in the underground market – up to US$3,500 (RM12,510).

“If the cyber criminals are willing to fork out such amounts, the return on their investment must be much higher. A company would lose US$3.5mil (RM12.7mil) on average per security breach,” says Tan.