Russian hackers hit US and Europe. Is Asia the next target of a Massive Attack?

The region has a high instance of automated attacks, though despite accusations from the US, China is more victim than perpetrator
With Japan, Australia and the Philippines hosting most of the regional bad guys, it may be time for an IT clampdown

Neil Newman

Published: 7:00am, 12 Jul 2021

Why you can trust SCMP

UNFINISHED SYMPATHY

I am the first to admit that I have password fatigue. When poked and prodded to create a new password, and when I’m not using an old one or adding special characters and upper case letters and all the other things the IT people want me to do these days, I sometimes rebel by using something silly like “Overr!de!” (miscreants will be disappointed to find this is only a hypothetical example). And still, I got hacked by the Russians after I downloaded a recipe for Rougail Saucisse and I was swamped by hundreds of emails a day from “[email protected]”. What did I do to deserve that?

Long gone are the days of Nigerian officials emailing me to share millions of dollars swiped from the nation’s coffers. I’ve received pleas for cash from mates stranded without their wallets on a trip, though I know they are at the Foreign Correspondents Club, or get pestered by emails telling me I’m being blackmailed for my bitcoins for watching dirty videos. Right. No bitcoin here, pal, I’m old-school and I don’t think “Dirty Dancing” counts. Delete. But those are the obvious ones. The cyberattacks of today have become more complex and almost impossible to prevent.

So, after my little hack I’ve found new sympathy for heads of IT in offices everywhere trying to keep us safe by pestering us with internet “best practices”. When so many of us got stuck working from home amid government lockdowns, using our personal devices and networks for work as well as recreation, we were not well prepared to handle the security risks away from the office firewall.

After the massive attack on supply-chain businesses on July 2, company IT departments will have their work cut out.

05:22

Huawei founder on cybersecurity and maintaining key component supply chains under US sanctions

TEARDROP

A group of hackers led a global ransomware attack on more than 1,000 companies in what appears to be one of the largest and best coordinated attacks ever on global supply chains – an important target that, when frozen, creates the most chaos and the highest chance of being paid off.

By compromising the servers of technology management software providers, the criminals were able to shut down entire businesses, leading to panic buying of essentials such as fuel and closing down grocery store chains. The basic way in which the attackers do this is to gain entry to a network and encrypt data on the computers they can access. Businesses are then left dangling until the ransom is paid.

It was the United States that first pointed the finger at the Russian government for being behind the attack and with President Joe Biden handing President Vladimir Putin a list of 16 critical infrastructure sectors that should be off-limits to their hackers, Biden waved a red flag in front of any savvy Russian hacking bull. The two waves of attacks were attributed to the notorious ransomware gang REvil and the cybercriminal collective DarkSide, which targets the financial sector, both thought to be in Russia and possibly partners.

Will AI pricing lead Hong Kong’s shoppers to virtual insanity?

However, it is interesting to note that according to LexisNexis Risk Solutions, the greatest increase in attacks, both human-initiated and those originating from automated internet robots, or bots, in 2020 came not from Russia, but from Japan and the Netherlands – with one large attack also coming from the Philippines. Attacks from Russia actually declined. The European Union’s executive branch, the European Commission, also has something to say, noting that ransomware attacks in Europe have risen sharply and are now a national security threat, noting the Republic of Ireland has been a specific target.

Microsoft has accused a Chinese hacking group of attacking its mail server, and Goldman Sachs-backed cyber-intelligence firm Cyfirma claims Chinese state-backed hackers attacked India. Whether this is accurate, China is certainly on the receiving end, with Chinese internet security company 360 saying that 40 or more attacks by high-level overseas hacker groups and more than 2,700 advanced cyber incidents have taken place in the past few years against Chinese interests.

This is a global problem, not just something between old, or new, cold war rivals.

01:40

Chinese PLA officers charged with stealing personal data of Americans in Equifax credit agency hack

I AGAINST I

Since the beginning of the coronavirus pandemic, there has been a surge in cybersecurity issues reported by the Federal Bureau of Investigation, which notes that usually there’s a near-zero chance of catching and prosecuting anyone. IT managers are facing a long slog patching security holes in software as the losses from global cybercrime mount – it is thought by McAfee and the Center for Strategic and International Studies to annually exceed US$1 trillion globally.

So, where are we most at risk? I picked these thoughts up from Security Magazine:

Social engineering, like those scary emails threatening me to cough up my phantom bitcoins. Or, more likely to succeed, an email from someone pretending to be your boss or colleague asking you to take a look at an attachment, or not-actually-grandma forwarding a link to a cooking website. Once they’ve tricked you into downloading a dodgy sausage recipe you have inadvertently left open a door for attackers. Cisco say this is about 95 per cent of all breaches.

Ransomware, like the attack on July 2 and the one on Britain’s National Health Service in 2017. Hackers encrypt data and immobilise computer systems until the ransom is paid. This can be particularly nasty, as people die when hospitals are targeted, as happened last year in Germany.

Distributed denial of service (DDoS) attacks are where a company or organisation’s website or email services are targeted and swamped by traffic from networks of individual computers across the internet, without the owners of those computers knowing what’s going on. DDoS is now turning into a war between two artificial intelligence opponents: one that creates the problem and one that tries to detect such malicious web traffic and cancel it. Heaven knows what happens if the two become self-aware and team up.

Third-party software. This is where an organisation’s IT systems connect to other systems, any of which may have a critical security weakness that can be found by a hacker and exploited upstream. According to Verizon, almost half of hackers access their target through web applications, and this has affected the likes of Spotify and Instagram.

Cloud computing. Breaches of cloud accounts rose 250 per cent from 2019 to 7.5 million incidents with hackers specifically looking for cloud servers without passwords.

SAFE FROM HARM

The longer-term impacts of all of this would be well worth considering for investors, as there may be more opportunities in the already-expanding computer hardware and software market. Specifically:

New network infrastructure with bulletproof hardware and software. Firms like Cisco Systems for wired local area networks, and Alcatel-Lucent, Ericsson, Huawei, Samsung, NEC, etc, for wireless networks. There will also be sustained investment to modernise existing computer infrastructure, leading to demand for new servers and network technology. For those, Supermicro, Dell, IBM, HP and Lenovo come to mind.

The currently dirt-cheap cost of cloud computing is likely to rise, which may benefit US companies in the near term, and up-and-coming competitors in the longer run. Watch this space. At the moment Amazon Web Services (AWS), Microsoft Azure, Google Cloud, Alibaba Cloud and IBM Cloud currently lead.

Existing IT budgets are likely to be mainly spent on tackling cybersecurity challenges for some time, which is probably best approached for investment through ETFs, as many companies are new and growing fast: Global X Cybersecurity ETF (BUG), the First Trust NASDAQ Cybersecurity ETF (CIBR), the iShares Cybersecurity and Tech ETF (IHAK), and the ETFMG Prime Cyber Security ETF (HACK).

As for your own net surfing at lunchtime, munching on a sandwich while downloading new sausage recipes, expect more training from your employer to update you on the latest cybersecurity best practices, constant monitoring of activity and strict firewall blocking of websites not relating to work. Unfortunately, the ever more complex rules on passwords and trying to remember them without using yellow stickies, is here to stay.

Neil Newman is a thematic portfolio strategist focused on pan-Asian equity markets