In just 10 short months between January and October 2020, Indonesia’s National Cyber And Crypto Agency (Badan Siber dan Sandi Negara/BSSN) has detected a whopping 324 million cyber attacks targeting Indonesia alone. Cyber attacks on a global level has also increased tremendously in 2020. BSSN reports that the number of cyber attacks have increased nearly six-fold compared to the numbers detected in 2019. The top 3 types of attacks are PhishingPhishing, Distributed Denial-of-Service (DDoS), and Ransomware. The other types of attacks include malware and web defacement attacks.
In May 2020 during the worsening pandemic, Indonesia became the second most targeted country in Southeast Asia for phishing attacks. Phishing attacks mostly targeted Small-To-Medium Enterprises (SMEs) and the number of phishing attacks increased by 56% from the previous year. A major contribution factor to the increased attacks was the Work-From-Home policy that was increasingly adopted across SMEs since the beginning of the pandemic. The proactive online searching about COVID-19 related information by Indonesian citizens, coupled with a lack of enhancement of cybersecurity controls are both contributing factors to the exacerbation of the situation.
There has also been a massive increase in the number of web defacement attacks in Indonesia targeting government and public sector websites. As of 12 April 2020, there were 159 web defacement attacks reported to BSSN and these attacks commonly occurred during weekends and national public holidays. The perpetrators of these attacks were also Indonesian.
Notable 2020 Cyber Attacks In Indonesia
- Emails with malicious attachments and malware were sent out with the subject line “Corona Virus Latest Update”.
- Phishing emails consisting of malware Trojan Hawkeye Reborn, Trojan, Blackwater
- Phishing emails impersonating the World Health Organization and COVID-19 medical news
- Phishing emails propagating through executable .rar files
- Malicious websites containing BlackNET RAT
- Malicious websites posing as COVID-19 authorities
- Malware propagation through affmote.com targeting financial institutions
- Spyware with the capability to send and read SMSes, monitor locations, and exfiltrate data
- A fake Zoom installer that was being spread around via adware. Once the victim downloads the fake application, they inadvertently download malware as well.
In order to combat the increased number of cyber attacks in the midst of a pandemic, organizations should start to assess their current maturity level and build a strategy to protect themselves against a cyber attack, as well as an incident response plan in the unfortunate event that the attack is successful.
Security Awareness Training
Humans are undoubtedly still the most targeted attack vector in various types of cyber attacks, particularly the attack types that require human interaction such as phishing which often leads to malware and ransomware. Organizations need to ensure that their employees are educated and equipped with the ability to know how to respond when they are being targeted, and to report any suspicious activity that could lead to a cyber incident. It is recommended for organizations to provide security awareness training for new employees and provide a refresher training annually.
Establish Cyber Incident Management Capabilities
Organizations need to have a comprehensive cyber incident response plan that consists of policies, procedures, and guidelines to prepare the assigned team to handle cyber incidents at various stages of its lifecycle:
- Identifying root cause
- Recovering impacted system
- Documenting lessons learned
Human Resources are also considered as one of the important factors in handling cyber incidents. At the minimum, the incident response team should consist of:
- Incident response team manager
- Cybersecurity analyst
- Threat researcher
- Digital evidence first responder
- Communication lead.
When the incidents are considered to be law violations, a digital forensic analyst and legal representation are also needed in the team.
Implementation of Solutions
There are some solutions and tools that are recommended for organizations to implement to detect, analyze, and remediate cyber incidents:
- Security Information and Event Management (SIEM)
- System Log
- Intrusion Detection Systems (IDS) - Network & host based
- Netflow Analyzers
- Availability Monitoring
- Vulnerability Scanners
As a cybersecurity company, Horangi provides the service of assisting organizations in providing security awareness training for employees and establishing their cyber incident management capabilities. Horangi also provides a virtual CISO service which is massively beneficial to organizations in helping them to confront and assess their current security posture, build strategy plans, and have a consulting body through the implementation of solutions to ensure that they are aligned with the organization’s cybersecurity and business objectives.