The rise of digital banking and accelerated digital transformation have brought about new security concerns. Criminals are turning their attention to gullible online users, creating ever-so sophisticated scamming schemes to defraud them. At the enterprise level, threat actors are opportunistically using the shifting work environment to adopt tactics to infiltrate organisations.
Statistics1 from the Commercial Crime Investigation Department at the Royal Malaysia Police show that cybercrime is skyrocketing as consumers shift to online channels.
Between 2017 and June 20, 2021, Malaysians suffered losses amounting to about RM2.23 billion (US$533 million) from cybercrime frauds.
Of the 67,552 cybercrime cases reported during the period, e-commerce scams topped the chart with 23,011 cases. Meanwhile, complaints on online transactions surged 112% between 2019 and 2020, indicating that cybercriminals are looking to capitalise on the surge in e-commerce activity and rapid consumer adoption of digital financial solutions amid the new normal brought about by the COVID-19.
The pandemic forced consumers to turn to online retailers to buy groceries and e-wallets to pay their bills. A survey conducted2 by Kaspersky and research agency YouGov found that out of the 1,600+ respondents in Asia-Pacific (APAC) polled, 90% indicated having used mobile payment applications at least once in the past 12 months. Around 15% of the total survey respondents said they began using digital payment methods during the pandemic.
At the enterprise-level, cyber threats are exploding as well. The 2022 IBM Security X-Force Threat Intelligence Index, released3 last month, revealed that Asia has become the most attacked region globally, with over one in four cyber attacks recorded by the tech firm last year targeting users in the continent.
Asia saw more cyber attacks than any other region in the past year, the report says, with financial services and manufacturing organisations in particular experiencing nearly a combined 60% of attacks in Asia.
Server access attacks, where the attacker gains unauthorised access to a server, was the second-most common attack type observed, making up 11% of all incidents IBM’s X-Force IR team remediated in 2021. The majority of these attacks occurred in Asia, and in many cases the threat actors were successful in deploying malware or employing penetration testing tools on a server, the report indicates.
The pandemic has accelerated digital transformation and forced people to change the way they worked, transacted, and banked. This unprecedented speed of digital transformation is putting stress on banks’ IT systems, compromising real-time data analysis, and creating storage and security issues.
A recent survey4 of 305 global bank COOs and CTOs conducted by data-monitoring and management company - ITRS Group, found alarmingly weak operational resilience at financial institutions in the wake of COVID-19.
84% of respondents stated that their IT environment has changed more in the past 12 months than over their company’s lifespan, with digital transformation, work-from-home arrangements, cloud adoption, and more sophisticated security threats cited as the top drivers of change in banks’ IT environment. The figure stands even higher for APAC-based institutions where the velocity of IT change was found to be the greatest.
Globally, 79% of respondents indicated that it has become increasingly difficult for their institution to maintain their SLAs, or service-level agreements, with more than half stating that they suffered at least one business day of unplanned downtime every year.
Additionally, 94% stated that digital transformation has resulted in a significant increase in the volume of data, leading to challenges in analysing data in real-time (65%), storing data (62%), and difficulties in securing data (62%), creating a concerning trend.
As more people rely on digital payments and get accustomed to digital services, awareness of cyber risks and crime is also on the rise.
In fact, security is becoming consumers’ top concern, with 67% of Southeast Asian respondents polled by Kaspersky and YouGov indicating that they hope for the implementation of one-time passwords (OTPs) through SMS for every transaction.
After OTPs, two-factor authentication was named the second most preferred security feature (57%), while 56% of respondents said biometric security features, like facial or fingerprint recognition, should be added for digital banking and e-wallets.
Going even further, a considerable proportion of consumers believe that financial services providers should play a bigger role in protecting their customers from being defrauded. In fact, 40% of respondents indicated that banks and mobile wallet companies should “start preventing frauds/scams automatically based on spending behavior and/or transfer history.”
With increasing international cooperation and the establishment of multiple task forces to trace ransomware gangs, Kaspersky experts believe the number of such attacks will decrease in 2022.
Instead, cybercriminals will turn to more advanced scams and social engineering as they seek to exploit human and system vulnerabilities. These scams will leverage all sorts of tools and channels, ranging from SMS and automated phone calls to messaging apps and social networks, and will be fueled by the availability of advanced technologies such as deepfake and voice synthesis, the experts said, quoted5 by Vietnam News.
In Thailand, nearly 40,000 people were scammed with their bank accounts and credit cards showing inexplicable transactions. In Malaysia, scammers used fake bank websites to steal customers banking details. And in Vietnam, criminals impersonated top e-commerce platforms to trick users into sending money.
Kaspersky experts predict a significant wave of attacks on cryptocurrency businesses, a trend that started in 2019 and which coincides with the beginning of the cryptocurrency market’s bull run.
Figures from blockchain data platform Chainalysis show6 that cryptocurrency-based crime, including scams, ransomware, and stolen funds, hit a new all-time high in 2021, with illicit addresses receiving US$14 billion over the course of the year, up 79% from RM32.91 billion (US$7.8 billion) in 2020.
Kaspersky experts said they have already witnessed advanced persistent threat (APT) groups rising to attack the cryptocurrency business aggressively, and they anticipate that this activity will continue as criminals increasingly exploit flawed security and resort to advanced techniques including manufacturing and retailing rogue devices with backdoors and social engineering campaigns to steal cryptocurrencies. Cryptocurrencies are particularly attractive to criminals, considering the anonymity they provide.
Southeast Asia could be more vulnerable than other countries, considering that consumers in these locations are known for being avid adopters of cryptocurrencies and non-fungible tokens (NFTs). Among 20 countries surveyed by Kaspersky, the Philippines was found to have the highest adopter rate of 32% of Filipinos indicating owning digital assets. This is followed by Thailand (26.2%), ranked second, then Malaysia (23.9%). Vietnam (17.4%) was fifth and Singapore (6.8%) 14th.
The urgency of addressing the relentless surge of cyber threats impacting both the public and business sectors is a fundamental step to enabling a sustainable, safe and successful digital society. As a key player in digital transformation for companies across industries, TM One's commitment to cybersecurity helps to create a safe and secure online environment for businesses and protect consumers from fraud and identity theft.
TM One has collaborated with CyberSecurity Malaysia, the national cybersecurity specialist agency, to elevate the nation’s cybersecurity network and ecosystem while strengthening Malaysia’s self-reliance in cyberspace.
“At TM One, we understand that new technologies are driving the accelerated digital transformation for many industries, allowing players to respond quickly to changes as well as provide customers with better digital experiences. Having a strong cybersecurity foundation will benefit Malaysian financial institutions not only mitigate cyber risk, but boost performance. Our Managed Security Services are designed to meet the specific needs of financial institutions and take their digital transformation forward to effectively improve operations, address compliance requirements, and enable open ecosystems,” said Muhammad Ghadaffi Mohd Tairobi, Director of Sales for Banking and Financial Services at TM One.
Do you know what are the key sources of cyber risk in Malaysia? Click here to download the infographics.
This article was first published by FinTech News Malaysia