By Goh Chee Hoh, managing director, Trend Micro Malaysia
In 2017, digital extortion was the first and foremost money-making modus operandi of cybercriminals. This was seen in the biggest digital extortion cases last year – WannaCry, EREBUS and PETYA. Even locally, nearly 20 Malaysian firms, ranging from government-linked corporations to financial investment firms, were hit by WannaCry.
An A.T. Kearney report said in recent years, with increased connectivity and technological innovation, the Southeast Asian region has been a prime target for cyber attacks. Without the right measures in place to tackle digital threats, the region’s top 1000 companies are estimated to lose about US$750bn in market capitalisation from data breaches.
We at Trend Micro believe the future outlook of digital extortion is a risk-filled one for enterprises and organisations. These big companies will continue to be targeted with ransomware designed to exponentially wreak havoc, especially in office settings.
It is not just ransomware that will be used for digital extortion. In addition to attacking a company’s business-critical documents, manufacturing plants and assembly-line robots will also be compromised. Malaysian manufacturers with their legacy systems and diverse hardware will face challenges to upgrade or patch in a timely manner, making them prime targets for attacks that exploit old vulnerabilities.
In these industries, attacks can halt production, resulting in losses. This happened during the Petya attacks when organisations such as Reckitt Benckiser lost an estimated 100m pounds.
We also see attackers using digital smear campaigns against celebrities and companies, especially those attempting to promote an upcoming product or movie. In this day and age where customer feedback and social media reception are key to success, attackers may resort to sharing fake news to tarnish the reputation of celebrities and companies – and to stop only when the victims pay a ransom.
Finally, we believe digital extortion will continue to feature phishing attacks and social engineering techniques to infect the computers and systems of unsuspecting company officers and executives with ransomware, or to establish a backdoor for data theft.
To read more about Trend Micro 2018 security predictions, visit https://www.trendmicro/com/vinfo/us/security/research-and-analysis/predictions/2018.