Logo of Phnom Penh Post newspaper Phnom Penh Post - Sharing intelligence helps us beat cybercriminals

Sharing intelligence helps us beat cybercriminals

Content image - Phnom Penh Post
To best capitalise on new attack strategies in Southeast Asia like botnets, cryptojacking, and ransomware, cybercriminals collaborate through a variety of networks. For example, less tech-savvy criminals simply buy ransomware services or kits from more technical hackers. UNSPLASH

Sharing intelligence helps us beat cybercriminals

Covid-19 has changed the way the financial services industry operates in a very short time. The digitisation of financial products and services has accelerated, and operations, most of which had previously taken place in traditional office and bank branch settings, have rapidly gone remote.

Both trends have increased the attack surface of the industry, giving cybercriminals new avenues to target sensitive customer and company data. Indonesia is particularly vulnerable to these new threats. The country has already been in the midst of rapid digitisation of financial services, with new payment platforms like Gojek’s GoPay and OVO.

GlobalWebIndex reports that Indonesia also has the highest rate of e-commerce use in the world – an overwhelming 90 per cent of internet users between 16 and 64 years old say they shop online.

New, rapidly growing digital platforms and customers who are inexperienced in transacting online are ripe targets for cybercriminal networks, and the pandemic has offered a whole new set of lures. For example, more than 98,000 high-risk domains were created with a Covid-19 theme from January through the first week of April, according to DomainTools.

Financial Services Information Sharing and Analysis Centre (FS-ISAC) found more than 1,500 financially-themed domains offering Covid-19 related credit, loans, insurance and more. The bulk of the domains were created in March. By the second week of April, the numbers of new high-risk domains were down 92 per cent following a crackdown by domain registrars. The sudden rise and fall of this tactic shows how threats are constantly evolving, with cybercriminals quick to exploit a vulnerability and then change tactics once defences are built.

To best capitalise on new attack strategies in Southeast Asia like botnets, cryptojacking, and ransomware, cybercriminals collaborate through a variety of networks. For example, less tech-savvy criminals simply buy ransomware services or kits from more technical hackers. Criminal groups are now not simply holding stolen data for ransom and returning it to the victim after payment, but also posting it online for other threat actors to use and even auctioning it off on the dark web.

Many cybercriminal networks run like formal, legitimate companies, with diverse functions and organisational roles like CEOs, recruiters and even customer service agents who, for example, guide victims through how to pay to recover their data or regain access to their systems.

Now more than ever, the only way to stay ahead of these sophisticated criminal networks is for us to work together as well. In financial services, this is especially crucial, since large-scale attacks on financial institutions could damage overall customer trust in the financial system, which has ramifications for the whole industry as opposed to just the individual victims of the attack.

Sharing cyber intelligence is one key way to reduce cyber risk. Organisations like information sharing and analysis centres (ISACs) facilitate sharing in a trusted environment using a secure member portal, a set of guidelines for how information can be shared, and smaller circles of trust for specific communities within different sectors and regions.

ISACs enable intelligence sharing for the global financial services industry. FS-ISAC in Singapore, for example, serves member institutions across Asia-Pacific, giving them a platform to share country-specific threat activity and cybersecurity best practices in areas such as incident response and third-party risk management.

Through a wide variety of events and meetings, FS-ISAC helps build trust in the community and between members. It also offers resiliency exercises to build our industry’s capacity to protect and defend against new types of attacks.

While financial institutions may be wary of sharing intelligence with their competitors, the faster the intelligence is shared, the higher the chance for other firms to put up defences against the threat. This prevents cybercriminals from using the same attack strategy multiple times, forcing them to find a different approach or at least build new attack infrastructure, lowering their return on investment and making cybercrime more expensive.

As cybercriminals constantly evolve and become more sophisticated, the need for intelligence sharing is more important than ever. The cyberattacks related to Covid-19 have proved how quickly new attack vectors can emerge.

Since no institution can anticipate every threat all the time, the financial services industry needs to learn from the threat actors themselves and build trusted relationships within the industry through peer-to-peer intelligence sharing. Only by collaborating as they do can we beat cybercriminals at their own game.

Brian Hansen is executive director Asia Pacific at FS-ISAC.



  • ‘Kingdom one of safest to visit in Covid-19 era’

    The Ministry of Tourism on January 12 proclaimed Cambodia as one of the safest countries to visit in light of the Kingdom having been ranked number one in the world by the Senegalese Economic Prospective Bureau for its success in handling the Covid-19 pandemic. In rankings

  • Ministry mulls ASEAN+3 travel bubble

    The Ministry of Tourism plans to launch a travel bubble allowing transit between Cambodia and 12 other regional countries in a bid to resuscitate the tourism sector amid crushing impact of the ongoing spread of Covid-19, Ministry of Tourism spokesman Top Sopheak told The Post on

  • Reeling in Cambodia’s real estate sector

    A new norm sets the scene but risks continue to play out in the background A cold wind sweeps through the streets of Boeung Trabek on an early January morning as buyers and traders engage in commerce under bright blue skies. From a distance, the

  • Quarantine site in north Phnom Penh inaugurated

    A four-building quarantine centre in Phnom Penh’s Prek Pnov district was formally inaugurated on January 6. The centre can house up to 500 people, according to Phnom Penh municipal governor Khuong Sreng. At the inauguration ceremony, Sreng said the municipal hall had cooperated with the Ministry

  • More than 5K workers rush from Thailand amid outbreak

    Following the recent outbreak of Covid-19 in Thailand’s Samut Sakhon province, Cambodian migrants working in Thailand were gripped by worry over the situation and many rushed to return to their homeland. Over the past 10 days, more than 5,000 migrant workers have returned from Thailand through

  • ‘Beware of WhatsApp fraudsters’

    The Ministry of Posts and Telecommunications warned members of the public who use WhatsApp to vigilantly guard against a new trick employed by hackers that involves the use of six-digit codes sent to potential victims via the popular messaging app. The ministry said hackers could