PETALING JAYA, April 17 — Malaysia is likely being targeted in online espionage operations due to interest in the country’s growing economic and political importance, cybersecurity firm Kaspersky’s principal security researcher Vicente Diaz said.
When asked at a media briefing today to explain why there were more reports of alleged operations in Asean, Diaz said a country’s exposure to online spying risks is not usually tied to how technologically advanced it is.
“It’s more about the economy,” he told reporters at the briefing on cybersecurity in Malaysia.
“But in countries like Malaysia, I think that it’s because Malaysia is becoming a more interesting country in terms of geopolitics, economy, the companies are becoming more successful.
“So this is why some of these targeted attacks are focusing in this country,” he said.
Diaz named two examples of cybercriminal groups — Naikon and Hellsing — that target countries within Southeast Asia with malicious software or malware aimed at stealing data.
In the immediate aftermath of Malaysia Airlines’ Flight MH370’s disappearance, Naikon gained notoriety when it sent out emails purporting to contain details related to the aviation tragedy to government officers and investigators — including those from Malaysia, Vietnam and Indonesia.
Hellsing has been found to target government and diplomatic organisations in Malaysia, Indonesia, the Philippines and Indonesia, as well as foreign diplomatic organisations in the US.
Diaz said those who fund such costly and complex online espionage campaigns are likely governments of other countries, citing several factors such as the need for highly skilled experts to produce the malware, identify specific victims and the knowledge to use the stolen data.
“So it’s a complex approach. Who do you think could be behind such an operation, who do you think has the capabilities to access all this information, to prepare all this infrastructure, to put in the money? Who do you think is interested in this information that they are getting from big companies, government, ministries, research facilities?
“Usually, many of these attacks are state-sponsored, meaning some state has some interest in preparing such attacks and getting this information from the target. That is why geopolitics comes into play, because it’s not randomly doing these kinds of attacks, there is someone behind, there is some reason,” he said.
A decade ago, the language found within the malware’s code would be a tell-tale sign of the attackers’ origin, with the use of Mandarin words linking them to China, for example, Diaz said.
But such information is no longer reliable and can be “faked very easily”, with many online spies masking their origin and shifting the blame to China by using Mandarin words, he said.
“What we find more revealing about the attack is what are they targeting and what kind of information they are trying to get,” he said, as he noted the geopolitical flavour that online attacks were taking on.
But probes into online spying campaigns aimed at stealing data are notoriously difficult, Diaz said, explaining that many attackers quickly wipe out all traces of their activities once investigations start.
The damage inflicted on Malaysia by online espionage activities depends on the nature and sensitivity of the information stolen, he added.
When online espionage campaigns are identified, Diaz said cybersecurity firms like Kaspersky would contact law enforcement agencies and national computer emergency response team (NCERT) in the relevant countries — CyberSecurity Malaysia in Malaysia’s case.
On Wednesday, CyberSecurity Malaysia told Malay Mail Online that it has no information on the alleged spying activities on Malaysia by purported China-backed hackers as reported by US cybersecurity firm FireEye Inc, also confirming that it would not carry out a probe as no complaints were received.
On April 12, FireEye Inc claimed in its report that the state-sponsored hackers dubbed “APT30” have been targeting governments, companies and journalists across Southeast Asia — including Malaysia — for over a decade to gather intelligence on regional political, economic and military issues.
