PETALING JAYA: The hack on Sony Pictures Entertainment might have been one of the most incredible cyber attacks ever, but it was carried out in one of the most common modus operandi of cyber crime.
As reported on Friday, US investigators had evidence that hackers stole “the keys to the entire building” of Sony Pictures by getting the password of a top-level information technology employee in the entertainment company.
Security experts in Malaysia have warned that we are also vulnerable to similar attacks with low level of awareness of cyber threats and security measures.
Cyber criminals exploit “users’ ignorance”, along with the rise of social media and mobile devices, to mount attacks against them,” said CyberSecurity Malaysia CEO Dr Amirudin Abdul Wahab.
He said more cyber criminals were using a combination of technical sophistication and social engineering - a non-technical method of intrusion that relies heavily on human interaction – to trick people into breaking normal security procedures and giving up their personal data.
Nigel Tan, director of systems engineering for Symantec Malaysia, cautioned that user behaviour will continue to be big target points for cyber crime next year.
“Sometimes the weakest link is the person behind the keyboard. If they visit dodgy websites, click on unknown links in fake emails and download apps or malicious software, cyber criminals will take advantage of this to siphon off information like passwords for online banking or e-mails.”
Tan said as most people still tend to use the same password for all their online transactions, services and websites, a stolen password can give the thief access to the victim’s whole life.
“And once they access your email, they can reset all your passwords and take over your identity,” he said.
Imam Hoque, managing director (Fraud and Security Solutions) with business analytics software firm SAS said the growing number of online services has created a goldmine for cyber criminals.
“If you think about how many different services you interact with over web and mobile channels, the numbers are forever growing.
“You need to consider what a hacker would need to know to compromise your accounts and then what damage they could do,” he said, stressing that hackers tend to go for the weakest link and then work their way from there.
Tan highlighted the case of a group of hackers in August who claimed to have stolen 1.2 billion usernames and passwords belonging to more than 500 million e-mail addresses in a hack described as the “largest data breach known to date”.
“They did it by targeting every site their victims visited, instead of focusing on one large company,” he said.
Cyber law expert Dr Sonny Zulhuda said cyber criminals tended to exploit people’s greed to attack them.
“While it is important to equip ourselves with some technical knowledge about the risks and threats to security, we also need to use our common sense when facing possible threats.
“One thing we need to understand with technology is the law of economy – why would people provide you mobile apps for free? Or any online service for that matter, for free?”
“How do they make profit if not from the access to users’ information that they acquire when you install such a free app? If one is keeping this in his mind, then he will be more mindful and careful in using the mobile devices.”
Dr Amirudin warned local computer experts not to be seduced by the seemingly easy but lucrative reward of cyber crime.
“Cyber crime is preferred by criminals due to its profitability, convenience and low risk, and their ‘success’ has boosted the global underground economy. It has even become a money-making profession for some computer experts.
“If this trend affects Malaysians, our own experts could be recruited to join the lucrative international underground economy, while our general public become their potential victims.”