Cyber hygiene more important now than ever: cybersecurity experts

  • TECH
  • Tuesday, 31 Oct 2017

A commuter uses his mobile phone in New York, December 12, 2013. REUTERS/Eric Thayer/Files

KUALA LUMPUR: It was reported earlier that at least 46.2 million Malaysian mobile phone numbers including subscriber details and device information have been leaked online.  

Sensitive information such as home addresses, MyKad numbers and even SIM card information are possibly jeopardised, and could be vulnerable to social engineering attacks or worse, cloned phones. 

In 2016, InfoWatch Analytical Centre registered 44 mega leaks, each compromising more than 10 million personal data records. This figure is twice the number of cases recorded in 2015. The report showed that 73.8% of the data leaks that hit South-East Asia in 2016 used either browsers or Cloud networks. 

“If we take the leaked 46.2 million phone numbers, it seems fair to assume that such enormous data volume leakage via the network channel was caused by either an intrusion or a malicious insider,” said InfoWatch Group international business development chief Vladimir Shutemov. 

“The owners of leaked phone numbers may become easy targets for social engineering and phishing activities, such as annoying ad calls, spam, and fee-based subscriptions they are unaware of,” he said in an email. 

Kaspersky Lab global research and analysis team chief security expert Aleks Gostev says that the damage could be worse. 

He believes that as more people rely on their mobile phones as the repository of their data, and the mobile phone number becomes a key identifier, the risk associated with leaked mobile phones numbers increases.  

“If an attacker knows your phone number it would be possible to intercept all your communication and transmitting information including bank accounts, two factor authentication SMS, text messages, mobile messenger and geolocation data. Not just your digital life is at risk – with geolocation data you can easily be tracked or stalked,” said Gostev in an email. 

Gostev added that cyberattacks on organisations can be subtle and go undetected especially when the attackers have identified the precise information that they want.  

A well-planned concerted attack on the right target, he says, can siphon off valuable data in one go, or can keep siphoning data continuously until the hack is discovered and the vulnerability that allowed the intrusion is patched. 

As for leakage prevention, Shutemov says that it’s an easy task for any content filtering system to intercept unauthorised transmissions of phone numbers via various channels.

“The database leakage just demonstrates how poor the information flow control is, because any properly configured data leak protection system can block such a leak,” he said. “Such a large-scale transmission of data, including millions of phone numbers, can be identified if there is a government system in place to control traffic in the network.” 

Companies which suffer data leaks must immediately notify their customers of the incident and the risks related to the loss of their personal data, said Shutemov, adding that this can be done by educating the users on the core principles of cyber hygiene.  

“Users should neither click links nor open attachments in emails received from unknown sources, while remaining heads-up in the case of an apparent fraud,” he explained.

Shutemov added that it would pay to attentively monitor any calls, SMS or banking operations using that particular mobile phone, as well as constantly monitor all banking accounts. 

“Also, if there are other applications that are connected to this phone, like GPS tracking of your family members or pets, you must pay attention to them,” he said.

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
Join our Telegram channel to get our Evening Alerts and breaking news highlights

Next In Tech News

FBI Director Wray urges companies stop paying ransoms to hackers
National antitrust watchdogs want more say in enforcing EU tech rules
French court sets date in Apple case over App Store developer contracts
Brazilian Senate to hear Google, Facebook, Twitter in pandemic probe
Software startup Sprinklr shares fall in NYSE debut, valued at $3.7 billion
El Salvador bitcoin plan "bulletproof", president says
CD Projekt continues to improve Cyberpunk after Sony store comeback
Spain High Court allows John McAfee's extradition to the U.S
EA buys 'Golf Clash' creator Playdemic for $1.4 billion
Mediaset investors agree to move company legal base to the Netherlands

Stories You'll Enjoy