Written by Qurra Tul Ain Nisar & Daria Stepovaya (Edited by Guntur Ramadhan and Jenna Fung)
Since the Covid-19 outbreak, the problem of cyberattacks became the first in line to be discussed. The Check Point Research (CPR) report shows that the Asia Pacific region experienced a 168% year increase in cyberattacks in May 2021 compared to the same period in May 2020 (Check Point Blog, 2021). The most popular types of malware used were ransomware and remote access Trojans (RAT), which both showed an increase of 26% in May 2021 compared to the same period of the previous year. The next popular malware that showed a 10% increase was a banking Trojan and info stealer. ( Positive Technologies, 2021). Within the APAC the manufacturing industry followed by the government, education, technology, and healthcare sectors were mostly exposed to cyberattacks. The report points out that the critical infrastructures will continue to face significant security challenges in 2022. As confirmation of this statement, the Asia Insurance Review reports that the worldwide costs of ransomware attacks are expected to exceed US$20 billion in 2021, with Asia-Pacific region companies accounting for seven percent of the total in 2020. (JDSUPRA, 2021).
In 2021, the cyber attack was not only a heated topic of discussion but also the cyberattack incidents that fit the headlines. Below are just a few examples. In September in Malaysia, a web-hosting service was the target of a ransomware attack demanding US$ 900,000 in cryptocurrency. In May, four subsidiaries of an international insurance company in Thailand, Malaysia, Hong Kong, and the Philippines were hit by a ransomware attack asking for US$ 20 million. In September in Thailand, computer systems and data of several hospitals, companies, and organizations were encrypted and blocked. And that’s the ones of many. (UNODC, 2021)
Most of the malware incidents occurred in the form of Big Game Hunting (BGH), ‘Leak and Shame’ tactics, and ransomware-as-a-Service (RaaS). The first trend implies the targeting of large-scale corporate-controlled businesses, the second – the pressure of being publicly shamed with the release of sensitive information of a ransomware victim if the ransom is not paid, and the last one – implies the selling or lease of hackers’ ransomware exploit codes to associates. ( Munich RE, 2021).
The top countries to experience the largest increase in cyberattacks in the APAC region were Japan, Singapore, Indonesia, and Malaysia with a 40%, 30%, 25%, and 22% increase respectively (Check Point Blog, 2021). Since Japan encountered the highest increase in attacks, the case study focused on this particular country. In Japan, Ransomware has been identified as the biggest threat to local organizations. As per the recent report from IPA, the threat of ransomware has jumped from 5th ranking in 2020 to number 1 in 2021. It has had the least success at stopping attacks, with 95% of attacks resulting in the encryption of data. This implies lower defensive measures that result in higher success rates for attackers in comparison to the US (25%) and Germany (31%) respectively. Large and mid-corporates were largely targeted which also led to HBI losses and multiple data breaches, for example, in the cases of Honda, Canon, NTT Docomo, and Capcom. Regarding people living in Japan, as stated in the National Police Agency 2021 report, around 45% of respondents were concerned about suffering damage from cybercrime. 30% of respondents felt somewhat uneasy and only 10% of them didn’t feel any anxiety at all (National Police Agency, 2021).
The absence of limitations to the data collected by Industry and also how it will be used in the future is sensitive and alarming. Privacy is a human right, and compromising one’s privacy ultimately means that their right is being compromised. Getting posts regarding some instrument that you recently searched on Google or any other similar incident that makes you feel as if your device is spying on you can make one feel as if their privacy is not being respected. Rober G. Reeve, a privacy tech worker, in his tweet mentioned an incident that we all can relate to. He said that he went to his mother’s place for a week and then started getting ads for the toothpaste his mom uses. The toothpaste he had been putting in his mouth for a week. This happened because of how all sorts of data he’d provided to his device unthinkingly was later utilized by industry.
Robert explains in his tweet,
“First of all, your social media apps are not listening to you. This is a conspiracy theory. It’s been debunked over and over again. But frankly, they don’t need to because everything else you give them unthinkingly is way cheaper and way more powerful.” (Reeve, 2021)
Data collectors pay to aggregate data from everywhere. They match our purchases to our Twitter account as we give both of them our email address and phone no. and we agree to all that data-sharing when we accept terms of service and privacy policy. If a phone is regularly in the same GPS location as another phone, they take note of that. They start reconstructing the web of people one is in regular contact with. Your data isn’t just about you. It’s about how it can be used against every person you know, and people you don’t. To shape behavior unconsciously.
Data is a part of a user. It’s personal to each individual, and no one should be made insecure about it. Trust is an essential element to use electronic devices safely. Once this trust is broken, it can take years to replenish. It is important for. Now, the need of the hour is to think about how the data which will be created in the future can be saved. We need to define and take part in making regulations on how much and in what ways we allow the industry to use our information. For example, if we allow them to use the A B C portion of our data in A B C ways, then they should be held accountable for any violation of these limits.
References
Reeve, R. G. (2021, May 25). Tweet.
Check Point Blog. (2021, May). CPR: Asia Pacific experience a 168% year-on-year increase in cyberattacks in May 2021. Retrieved from https://blog.checkpoint.com/2021/05/27/check-point-research-asia-pacific-experiencing-a-168-year-on-year-increase-in-cyberattacks-in-may-2021/
Positive Technologies. (2021, September 22). Cybersecurity threatscape: Q2 2021. Retrieved from https://www.ptsecurity.com/ww-en/analytics/cybersecurity-threatscape-2021-q2/
JDSUPRA. (2021, July 27). Ransomware in Asia-Pacific: how to prepare. Retrieved from https://www.jdsupra.com/legalnews/ransomware-in-asia-pacific-how-to-4392830/
UNODC. (2021). Ransomware attacks, a growing threat that needs to be countered. Retrieved from https://www.unodc.org/roseap/en/2021/10/cybercrime-ransomware-attacks/story.html#:~:text=In%20September%202021%2C%20a%20Malaysian,asking%20for%20US%24%2020%20million.
Munich RE. (2021). Asia Pacific cyber incidents in 2020 hold big implications for this year’s cyber insurance market. Retrieved from https://www.munichre.com/topics-online/en/digitalisation/cyber/asia-pacific-cyber-incidents-in-2020.html
National Police Agency. (2021). Crime situation in 2021. Retrieved from https://www.npa.go.jp/english/Statistics.html