Singapore bids to snuff out APT fire as threats spell double trouble for APAC

big dataLast week APT and anti-malware firm FireEye announced the creation of a new Cyber Security Centre of Excellence (CoE) in partnership with the Singaporean government. It didn’t make many headlines outside of the city state but I think it’s worth a second look for a few reasons.

First up, FireEye is pledging 100 trained security professionals to this new regional hub, to provide intelligence to help the local government protect its citizens and infrastructure from attack as well as benefitting the vendor’s customers across APAC.

FireEye is one of the few infosec companies I’ve spoken to in this part of the world that is prepared to talk at length about the specific problems facing organisations in the region. More often than not when I try to go down this avenue with a vendor I’ll be told about how threats are global these days and attacks follow similar patterns no matter where you are on the planet.

While I know this is true to an extent, it was nevertheless refreshing to hear FireEye’s APAC CTO Bryce Boland tell me that the reason for building a team in Singapore was to have the necessary local language and cultural skills to deal with specific regional threats.

“We have a lot of countries here, many of which have tense relationships, so we see a lot of that boil over into cyber space,” he told me.

As well as the various hacktivist skirmishes that periodically hit the region, such as those between the Philippines and Indonesia or China and Japan, there are also more serious IP-stealing raids which stems from the fact that APAC represents more than 45 per cent of the world’s patents, Boland added.

As a result, regional organisations face almost twice as many advanced attacks as the global average.

Another reason the news of FireEye’s new CoE warrants attention is what it says about the approach to cyber security by the respective governments of Singapore and Hong Kong.

Although Hong Kong threw HK$9 million (£730,000) at a new Cyber Security Centre in 2012, my impression is that Singapore is more proactive all round when it comes to defending its virtual borders.

It was a view shared by Boland, who pointed to Singapore’s ability to attract and support infosec players looking to build regional headquarters there, as well as its efforts to attract globally renowned speakers to an annual security expo.

In my experience, what few events there are in Hong Kong are poorly attended, attract few speakers from outside the SAR, and rarely provide the audience with anything like compelling or useful content.

Advertisements

China set for Windows XP meltdown in 2014

big dataThis week news emerged that Beijing officials have been leaning on Microsoft to try and get it to extend support for Windows XP, due to run out in April 2014. I covered it here for The Register.

Now the arguments apparently made by Yan Xiaohong, deputy director of the National Copyright Administration, seem to be two-fold. First, he warned of a potentially huge security risk if Redmond stops releasing patches, with the archaic OS still accounting for over 50 per cent of Windows licenses in the Middle Kingdom.

Secondly, he seems to be saying the government has done its bit and led by example in ditching its pirated software for genuine licenses, so the least Microsoft can do now is support the still-popular OS. Oh yes, and Windows 8 is too expensive to upgrade to.

The second is a typically arrogant argument from a Beijing official. Microsoft has been trailing this switch off for years now so it should have had time to plan an upgrade path, or at least factor it into government plans to “go legit” with  its stock of software.

However the security issue is more valid and in reality could affect consumers and IT security bosses all over the world. According to Akamai, China was just pipped to first place in Q2 2013 in terms of biggest source of attack traffic by a late surge from Indonesia. It has a sizeable 33 per cent share while Indonesia’s stands at 38 per cent.

Not only will this percentage jump significantly higher post-April but if XP levels stay as high as they have been, we can expect a large number of new infected machines appearing in China in 2014. Why should you care? Because these machines will be remotely controlled by cyber criminals to do their bidding. A DDoS campaign or targeted attack against your organisation perhaps, or an information stealing Trojan designed to lift credit card credentials from customers.   

SC Leung, senior consultant at Hong Kong CERT, told me there’s no doubt that the OS will come under greater attack post April.

“If Microsoft ceases to support WinXP, that means service patches, hot fixes and support is no longer provided,” he warned. “If Win7 or Win8 vulnerabilities are shared by WinXP, hackers may reverse engineer the patch for Win7 and Win8 to find out the vulnerability they can use to exploit WinXP.

Attackers may even craft fake patches containing malware to trick users and infect their machines, Leung claimed.

There also exists a longer term problem for WinXP Professional for Embedded Systems, which will run out of support on December 31 2016.

“They are typically used in POS terminals and ticketing systems,” he explained.

“Hardware vendors providing devices using this embedded version of WinXP has to develop plan for upgrade. Changing development platform takes time. They should plan now.”

Unfortunately for many Chinese users and businesses time is not something they have.

“From an information security point of view, we advise users to use a more secure OS, by either upgrading to newer versions of Windows or use other OS that has continuous support,” Leung counselled.

Let’s hope that at least governments and businesses can stump up the extra cash to upgrade to a newer version before the deadline.

The last thing the global info-security industry needs is for infection rates of epidemic proportions to sweep the Middle Kingdom next year.