Cybersecurity experts have shared their thoughts on the recent wave of cyber attacks. Here’s what they had to say.

Indonesian Data Centre Attack

“Protecting critical infrastructure from cyberattacks is as important as protecting it from physical attacks, because the consequences can be equally disastrous. The recent cyber attack on Indonesia’s national data centre serves as a reminder of this reality. This attack may not only have potentially compromised sensitive government data, but also put national security at risk. The tangible impact was evident, disrupting airport operations and highlighting how cyber attacks on critical infrastructure can have immediate and significant consequences for Indonesians.

Although the investigation is still underway into how threat actors were able to successfully deploy the Lockbit ransomware, human error remains a significant weakness for organisations, with the majority of breaches involving stolen credentials, phishing attacks, misuse or simple user error. When it comes to cybersecurity, organisations cannot afford to lose focus, as Keeper Security’s 2024 Future of Defence Report found an overwhelming 92% of IT and security leaders have seen an increase in cyber attacks year-over-year.

No matter how a threat actor accesses a network, the next step is to make sure they are unable to go any further. That’s why organisations of all sizes should implement a zero-trust architecture with least-privilege access, ensuring employees only have access to what they need to do their jobs.

Additionally, organisations should have security event monitoring in place. Privileged access management software can aid in controlling privileged accounts and sessions, managing secrets and handling employee passwords. By integrating a zero-trust framework within their network infrastructure, government leaders can better identify and react to cyber attacks and minimise potential damage.” – Anne Cutler, Cybersecurity expert, Keeper Security

“Ransomware attacks can be devastating to a company or in this case a government agency.  With systems inaccessible, critical government functions can be impacted which will in turn cause problems for citizens and users of those systems. Lockbit is a very well known cyber criminal organisation that has been launching attacks against large business and governments, the new variant of their malware may make it difficult for incident responders to save the data if the ransom is not paid.” – Thomas Richards, Principal Security Consultant within the Synopsys Software Integrity Group

“Threat actors using LockBit frequently use a double-extortion strategy in which they encrypt victims’ data and demand payment in exchange for not revealing the stolen information on their data leak site (DLS).

The usual payment requirements for victims are twofold – One for the decryption of their data and another to stop the leakage of their private data.

In addition, LockBit threat actors occasionally also deploy a third extortion approach called distributed denial-of-service (DDoS) operations, which target victims’ computers and increase the pressure to pay the ransom.

The victims of ransomware attacks are advised against paying the ransom as paying the ransom does not ensure that threat actors won’t release your data or that the data will be decrypted. Threat actors can also consider you as a soft target and launch another attack in the future.

The victim should instead focus their resources on recovery from the attack and improving their cyber security posture against future attacks.” – Kelvin Lim, Senior Director, Security Engineering, Synopsys Software Integrity Group

Filipino Fast Food Brand, Jollibee, Data Breach

“Data breaches are becoming far too common in recent weeks. Fortunately in this case, only customer emails were compromised and not private information. While the addresses may already be known publicly, this would allow an attacker to craft targeted phishing campaigns about this brand to elicit the targets to perform an action like reset a password on a malicious landing page resembling the official one. Customers should be diligent of any emails requesting immediate action as that is a warning sign of an attack.” – Thomas Richards, Principal Security Consultant within the Synopsys Software Integrity Group

“It is important to remember that no company is safe from cyberattacks in light of the recent Jollibee group data leak. Given the damaged caused by the attack, Jollibee will need to conduct a comprehensive investigation, put in place extra security measures, and advise customers of the measures taken to prevent such attacks in the future in order to win back their trust.” – Kelvin Lim, Senior Director, Security Engineering, Synopsys Software Integrity Group

YKGI, Parent Company of Chicha San Chen, Data Breach

“There is additional risk any time a company outsources and entrusts sensitive information with third-party providers. When an organisation does not own and operate the infrastructure that holds these resources, it not only lacks control, but also has reduced visibility in the event of a significant cyber incident. When choosing products and services, organisations are putting their trust in another organisation to handle their sensitive data with the utmost security.

Vendor selection, outsourcing, bringing in any third party products- all add layers of complexity to your defence strategy. Ensuring organisations select the correct vendors– via multiple facets including cost, functionality, usability, compatibility and security– has become increasingly important. A critical first step is to establish clear and comprehensive security requirements for vendors and insist on proof their security controls are sound. Only work with vendors that are SOC 2 Type 2 and ISO 27001 compliant or hold similar security certifications.

To improve cybersecurity efforts, organisations should transition to a zero-trust security model, in conjunction with least-privilege access, Role-Based Access Controls (RBAC), a Single Sign-On (SSO) solution, and appropriate password security utilising an enterprise-grade password management solution and Multi-Factor Authentication (MFA).

Privileged Access Management (PAM) solutions are a trusted way to establish a zero-trust framework and enforce least privileged access, limiting the likelihood of a data breach and minimising impact if one were to occur. An effective PAM programme will not only ensure that the right people and systems have access to the right data at the right times on the right devices, but also that there is a record of this activity to give total visibility to administrators.

In cases where personal information is stolen, the impacts of a data breach are felt long after it’s been discovered and contained. Those impacted in this breach should take proactive steps to protect themselves from cybercriminals who may aim to use their personal information for identity theft and targeted attacks.

With the breach compromising login credentials – along with names, mobile numbers and email addresses – users should immediately prioritise changing their passwords for Chicha San Chen, as well as any other websites that use the same password or a version of that password. Strong, unique passwords that are at least 16 characters long and consisting of a random assortment of upper and lowercase letters, numbers and special characters are recommended. A password manager can help create high-strength random passwords for every website, application and system. Further, it enables strong forms of MFA, such as embedded authenticator capabilities, to add layers of protection to your accounts and make it significantly harder for bad actors to gain unauthorised access. Victims should also sign up for a dark web monitoring service that can provide instant alerts if their information shows up on the dark web so that they can take immediate action.” – Patrick Tiquet, VP of Security and Compliance, Keeper Security

“This incident at Chicha Sen Chen involved unauthorised access to a vendor’s shared server, highlighting the vendor’s responsibility to secure the application and platform, ensure compliance, and maintain physical security. We are seeing more and more of such attacks due to third-party breaches. Following Chi-cha Sen’s advice, we also urge all members to immediately change your password and update it for any other websites where you may have used the same credentials. Also stay informed by following updates from the affected organisation regarding the breach and any additional steps you may need to further take. Watch out for fake emails, suspicious messages, or unusual activity on social media from this breach.

As supply chain issues become more frequent, it is essential for service providers to integrate secure-by-design and secure-by-default methodologies when building CRM systems. This includes implementing rigorous security controls throughout development, testing, and production stages, aligning with zero trust architecture, and conducting continual security assessments.

Vendors offering hosted software services possibly can consider implementing the following security measures if they are not already in place:

• Assess and manage security risks associated with third-party vendors and service providers that access or process sensitive data on behalf of the SaaS provider.
• Strong Data Encryption in transit and rest
• Implement access controls and authentication mechanisms, such as single sign-on (SSO) and multi-factor authentication (MFA).
• Incorporate prevention based cyber security checkpoints throughout the entire software development life cycle, ensuring endpoints, mobile devices, email systems, collaboration apps, and all access points to customer data, applications, assets, and services are secured. Implement granular network segmentation across different customer segments to enhance protection and control.
• Ensure seamless integration of all security controls to detect any gaps and respond promptly and effectively.
• Integrating automated remediation on to compliance & regulated frameworks
• Conduct regular security assessments and penetration testing.
• Maintain a robust incident response plan outlining procedures for detecting, responding to, and recovering from security incidents, and test the plan regularly through simulated exercises.
• Closely monitor updates and patches.
• Hold quarterly cybersecurity tabletop exercises to enhance readiness.

Businesses in the industry need to focus on reducing risks from vendors and supply chains to strengthen their cyber security. They should also thoroughly vet third-party vendors to ensure they follow strict cyber security rules and create clear contracts specifying vendors’ cyber security responsibilities, including regular security checks.

For businesses without in-house cyber security experts, outsourcing to external experts is advisable. It’s important to monitor vendor activities and promptly address any issues. Ongoing evaluations, such as external attack surface management, supply chain assessments, and similar reviews, are crucial for identifying and mitigating potential vulnerabilities. These proactive measures can significantly enhance overall security posture and help prevent future breaches.” – Abhishek Kumar Singh, Head, Security Engineering, Check Point Software Technologies

“Many data breaches that are suffered by firms are down to external companies’ failings due to lack of a mature software security initiative. Firms who do embrace software security reduce their risk of breach by having the robust software practices and security controls in place to prevent these kinds of breaches. However, if their suppliers do not commit to similar policies the risk of breach remains. It’s so important that we scrutinise suppliers’ practices on security, since ‘trusted partners’ are just that; we must know that their security practices are as good or better than our own. The Synopsys Software Integrity Group’s BSIMM framework tracks, trends, and follows mature firms practices around software security and has done since 2008.” – Adam Brown, Managing Consultant, Synopsys Software Integrity Group