Hackers gaining more tools to disrupt lives – experts

Chris Schnabel
As everything from cars to planes are getting connected, cyber criminals now have the ability to hack into them to create chaos

THREAT. “The more we rely on technology the more we become exposed to cyber criminals," says Trend Micro Philippines Director of Marketing Communications Myla Pilao. Image from Shutterstock

MANILA, Philippines – As technology continues to draw the world closer through new advances like the “Internet of Things,” hackers are gaining more and more tools with which to disrupt our daily lives, warned global security firm Trend Micro.

“The more we rely on technology the more we become exposed to cyber criminals. Today, we are  living such a digital lifestyle that we have to assume anything connected to the Internet will be a target,” Trend Micro Philippines Director of Marketing Communications Myla Pilao said at a briefing held on October 7. 

This was highlighted by Trend Micro’s latest report entitled, “A Rising Tide: New Hacks threaten Public Technologies,” an in-depth look at hacking trends globally through to the second quarter of 2015.

The report found that hackers are taking more strategic approaches and are also beginning to hack technology that affects all of society such as gas pumps, automobiles, planes, and government databases

This was driven home by the massive data breaches in the US Internal Revenue Services (IRS) in May  and the US Office of Personnel Management (OPM) in June. The OPM breach was the largest of its kind to date and exposed the personal information of 21 million people.

On June 21, the Polish Airliner LOT confirmed that 10 of its planes carrying roughly 1,400 passengers were grounded due to a a hacking that congested its systems.

New cars with smart systems are also exposed with investigations showing that parts of its system, including its brakes, can be hacked and remotely controlled through connecting to a car’s built-in WiFi. The discovery of a bug that can control the brakes in its Cherokee model prompted American manufacturer Jeep to recall 1.4 million vehicles.

Automated infrastructure that the public uses such as automated gas pumps at gas stations are also increasingly becoming a target with Trend Micro data showing that 4of 10 US hackers specifically attack them due to their vulnerability. 

The hacking of adultery website Ashley Madison also illustrated how hacking can not only affect our security and work but also our personal lives by exposing the previously confidential information of its participants.

At the same time, the report noted, ready-made hacking tool kits are becoming increasingly available online for around $35 (P1,425) that make it easy for would be criminals and widening the global threat.

Hacking trends in the Philippines 

Pilao said that the latest report found that there were over 1 million malware detections in the Philippines for the second quarter alone.

One of the most vulnerable industries in the country is the retail sector, she said.

The main target for hackers is the point of sale (POS) systems. These are systems that facilitate transactions using debit or credit cards such as the tablet like device seen in many checkouts, according to Pilao.

The increasing number of attacks has placed the Philippines in the top 4 globally in terms of number of attacks on POS systems in 2014, and third in Asia-Pacific in 2015 based on Trend Micro’s data.

While POS systems used to be customized and costs millions before, the technology has cheapened to an extent that lets any small to medium enterprise owner buy them off the shelf. 

They are becoming cheaper and more common but not a lot of hardware is being put into them, especially the cheaper ones, to provide robust security against attacks, Pilao said.

The reason for POS systems vulnerability is that it offers hackers multiple entry points to attack as most new systems are always connected to a digital device, and that a lot of the information they process is often stored on an in-house server that hackers can infiltrate, she explained.

“It’s not just the card that consumers use, the system where the data is stored or the gadget that is used to swipe the card are also vulnerable,” she said.

The challenge the country faces is that a lot of financial institutions in the country still don’t honor EMV cards, equipped with both a PIN and  chip for added security, she added.

The rapidly growing online banking space is another risk as it is used widely for the growing ecommerce trend and attacks are likely to increase as the Christmas season rolls, Pilao warned.

NEW RULES. Trend Micro's Myla Pilao explains the new threats the public faces from hackers who can tap into anything from your phone to your car. Photo by Chris Schnabel / Rappler

Updating legislature

Crucial to combating this is to make sure that the country’s security infrastructure is equipped to deal with the new reality.

One key area is updating legislation to deal with the evolving threat, Pilao said. “Public disclosure is very important and we should make it mandatory for firms who have been attacked to let people know [if they have been] attacked [and] how [they] can deal with it,” she said.

Pilao said that there are existing laws, such as the e-commerce law, that address cyber risks but advised that it should be updated to take into account attacks that could happen throughout the ecosystem such as on the suppliers and merchants.

 “Just like every other country, the Philippines is not totally prepared to deal with these new threats so the best for every firm and individual to be vigilant,” she said. – Rappler.com

$1 = P 45.98