Technology is undoubtibly a major part of the modern day world; with such widespread use and with more private information and data exchanged, the risks of cyber attacks increases – as does the damage levels which come as a result. As many different corners of the world are under constant threat by hackers worldwide, let’s take a closer look at one of the most dynamic technological landscapes – APAC (Asia Pacific) – and its’ areas under constant cyber threat.
Asia Pacific is quickly gaining on the rest of the world as a leader in information technology. According to Gartner, Singapore, Malaysia, Indonesia and Thailand are among the countries to invest the most in IT, in addition to quickly adopting technologies such as IT outsourcing, the hybrid cloud, and the Internet of Things, therefore putting the region as whole on the IT map. But with the huge increase in technology and internet usage, comes new and prominent cyber threats.
APAC is a top target for cyber attacks. Despite the various cybersecurity and data privacy protocols deployed throughout the region, the Mandiant M-Trends report (APAC) says that most countries in the region more prone to cyber attacks from outside sources, and are 80% more likely to be targeted by hackers than other parts of the world. The report also stated that many organizations in the region are not taking the adequate defence measures to prevent cyber attacks leading to a median time between a breach and its discovery being 520 days, which is three times the global average.
Let’s take a closer look at APAC’s financial industry: growing rapidly through the usage of modern technology along with an alarming amount of cyber threats and attacks coming from every direction. However, over the past year, this industry has woken up to the fact that they need strong means of protection in the light of recent hacks.
A hack which shook up APAC as a whole is known as the 2016 Bangladesh Bank Heist; where investigators say the lack of basic cyber defence was a key vulnerability. The hackers had used various SWIFT credentials belonging to Bangladesh Central Bank employees in order to send more than four dozen fraudulent money transfer requests to the Federal Reserve Bank of New York requesting the transfer of $951M of the Bangladesh Bank’s funds to bank accounts located in several countries around Asia. Even though the hackers installed malware on the bank’s network to prevent a quick discovery of the fraudulent transactions, Bangladesh Bank managed to prevent $850M in transactions from being sent in total, and yet, the financial loss proved to be devastating.
ATM breaches are a constant threat to many APAC countries, with large-scale heists having taken place in Taiwan, Thailand, and Japan. During July of 2016 the top eight banks in Taiwan, including Bank of Taiwan, Chang Hwa Bank, and First Bank, were forced to shut down multiple ATMs across the country after a large coordinated attack used malware to steal over $2M in cash; and in Bangkok, the Government Savings Bank closed over 7,000 cash machines as the thieves who targeted the machines and managed to steal over $300K.
In India, the rise in popularity of electronic wallet apps, such as Paytm, Freecharge & Mobikwik, have opened a whole new arena for hackers. Electronic wallets connect to user’s bank accounts and are used as parallel currency. Users can decide how much and when to recharge their application, and can then use this app to make payments and purchases. Taking advantage of the sensitive data shared on these apps, hackers have since flooded the local Play Store with fake electronic wallet apps, tempting users with free recharges and other perks, only to breach user’s bank accounts. And the powerhouse electronic wallet apps have since started taking the necessary measures to secure their own apps. In a recent case, just one day after Paytm released its new POS app, the app was recalled due to security concerns revolving around how personal bank credentials were handled.
As new attacks to APAC’s financial industry continue roll in, the fault lies with the basic software and application security protocols which have been sitting on the sidelines and that only a handful of organizations have gone over what should be done if they’re hit by a massive cyber attack. But one thing is sure – the financial industry will continue to grow using the latest technologies and this is happening at a rapid pace. And with such fast growth, the key to being prepared in the face of hackers is secure coding. One of the most effective ways in which organizations can keep secure coding on the forefront by applying secure SDLC to applications from the start and integrating source code analysis during all stages. Investing in paramount security solutions and securing SDLC today is the way to prevent attacks tomorrow.
This is part one of a three part series! Stay tuned for parts two and three.
To learn about our security solutions, click here.
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.