F-Secure is making a big push into the Asia Pacific region, using Malaysia as their launch pad. The F-Secure Tower in Bangsar South, where more than 170 F-Secure research and development engineers are based, is now the F-Secure cybersecurity hub for the whole Asia Pacific region.
The Asia Pacific F-Secure Cybersecurity Hub
In the F-Secure Tower, security engineers work around the clock to actively track malware in real-time. There is also a Customer Care Centre that provides 24/7 global support in the native language of its customers, such as Japanese, Spanish and all English speaking countries.
The security engineers in the F-Secure Tower currently track and analyse hundreds of thousands of threats on a daily basis. When a new threat is detected, these engineers immediately craft and issue new patches which are deployed to F-Secure customers around the globe.
New F-Secure CEO Samu Konttinen
The importance of the Malaysian F-Secure cybersecurity hub cannot be understated. It is, after all, F-Secure’s only security lab outside of Finland.
Just over 2 months into his appointment as F-Secure CEO & President, Samu Konttinen, made a point to visit the Malaysian F-Secure cybersecurity hub. In a press conference held yesterday, he gave us talk on how “Data Breaches Eat CEOs For Breakfast“. Check it out!
F-Secure Hosts AVAR 2016 Conference
Ingvar Froiland, Director and GM of F-Secure Asia Pacific, announced the forthcoming Anti-virus Asia Researchers (AVAR) 2016 conference, together with Norhizam Abdul Kadir, Vice-President of Infotech Industry Development, MDEC.
The AVAR 2016 conference will run from November 30 until December 2, 2016 at the Grand Hyatt Kuala Lumpur. There will be 19 industry speakers, including Mikko Hypponen, F-Secure’s Chief Research Officer.
Support Tech ARP!
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
Security as a Service offers business stronger cybersecurity profiles
The age of information technology has brought with it many business advantages. In fact, much of the world today is still constantly adapting to ongoing advances and innovation. Borderless trade and digital economies thrive and offer business large and small endless potential.
Yet the benefits of digital comes along with an ugly side – cyberthreats. Once merely the domain of bored young tech gurus, cyberthreats today have grown to become one of the largest dangers to businesses. From malware to ransomware, cybercriminals cost organizations billions of dollars in damages and lost revenue globally.
Gone are the days where simple anti-virus platforms could protect business systems. Yet with rapidly evolving and increasingly advanced cyberthreats on the horizon, how many organizations can create and maintain teams of cybersecurity experts to defend their systems?
Focus on innovating for business objectives
According to Amit Nath, Head of Asia Pacific – Corporate Business at F-Secure, Fundamentally, operational business issues and in-house technical limitations face uphill challenges compounded by malware, trojans, phishing, social engineering, ransomware and more. These threats occur at almost every single layer of all business verticals.
Even as technical departments struggle on increasingly limited budgets to innovate within the organization to support business functions, malicious hackers are spitting out variants of their harmful code on a daily basis.
“Even a few small tweaks to change a piece of malicious code needs to be recognized in order to be defended against. Chunks of code beings transferred to unknown destinations of the Internet through the dark web further escalates the problem,” said Nath.
The most frightful thought of all now is that ‘black hats’ are catering to the uninitiated and offering for sale destructive code in ready to use formats. Almost anyone who wants to cause trouble or mount advanced cyberattacks against any organization can do so; for a price.
Fight the war with Security as a Service
Knowing that cybercriminals are now offering what is essentially Cybercrime as a Service, organizations need to recognize that this is a fight they cannot win on their own.
“We are increasingly seeing that firms fail to protect themselves properly up to the extent that many don’t even realise when breaches occur. By the time they realise it, problems are often to the extent that they have no option but to outsource ‘cures’ to specialists for exorbitant fees,” said Nath.
This results in organizations paying to maintain their own technical teams, paying for outsourcing for problem clean-ups and yet still facing the potential financial and reputational damage from data loss!
“The situation is critical. So many backdoors are left poorly or totally unguarded. With increasing data privacy laws being enforced around the world the situation looks ire for many businesses,” he said.
Business today need to recognise that failing to protect themselves is no longer an option. However, they also need to realise that they don’t have to cope with these massive barriers on their own. Security companies today offers levels of protection that even malicious hackers find daunting, so the simplest solution would be to opt for Security as a Service as the most rational route of their predicaments.
How does Security as a Service work?
[adrotate banner=”4″]
“The companies that rely on themselves very often find themselves in extremely defensive positions. It likens to an infantryman in a battle, where he sits in a foxhole and has no scouting support, simply dealing with attacks that come in one after the other. Sooner or later, the enemy will get through,” said Nath.
“We have for so many years built on the security business, evolving ahead of the threats. Our business is security and we not only deal with what we see, but work ahead to predict what we cannot see. Thanks to this mindset and capability, we are able to offer unprecedented degrees of robustness and resilience to organization,” he explained.
The path towards a safer future is a tough and long one and security-aware businesses soul adopt the right level of strategic planning. Options such a Security as a Service can offer protection not only from current, but also future threats.
“As businesses work towards digital transformation goals, they need to know that they have the option to ensure painless high-levels of security at any time, thanks to Security as a Service,” he concluded.
Support Tech ARP!
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
The use of the NanHaiShu Remote Access Trojan coincides with events leading to the recent ruling in the Philippines vs. China case.
The world has been undergoing remarkable transformation due specifically to the advancement of the cyber-age. This is due to increasingly strong digital infrastructure as well as the explosion in use of digital devices and technologies. However, it is that very advancement that has opened corporates and even government around the world to heightened scrutiny from cyber criminals.
While some cyberattacks are no doubt being aimed at global supply chains, yet more are becoming very specifically targeted in purpose, being utilised by anyone ranging from hacktivists to hostile governments.
“These groups have learned the layout of the new playing field, and are getting more competent in the way they are bale to exploit the vulnerabilities that corporates and governments are exposed to, due to increasing reliance on automated and digital systems,” said Amit Nath, Head of Asia Pacific, Corporate Business, F-Secure.
Governments under seige by NanHaiShu
As a strong case example, F-Secure Labs very recently found a strain of malware that appears to be targeting parties involved in the recently decided Philippines vs. China case. This portion of the South China Sea dispute has recently been of high profile, given the favourable ruling towards the Philippines under arbitration provisions of the United Nations Convention on the Law of the Sea (UNCLOS).
The malware itself, dubbed NanHaiShu by F-Secure researchers, is a Remote Access Trojan that allows attackers to exfiltrate data from infected machines. More significantly is what the Malware represents; That geopolitics is just as relevant as ever in the face of threats related to cybersecurity.
According to Nath, the Malware associated with the incident appears to targeted organizations that are related to the case and is specifically designed to do so.
“NanHaiShu was spread using phishing emails and contained content-specific keywords that had the exact targets in mind. The objective of the Malware seemed to be to enable to designers to gain greater insight on status of the legal proceedings in the case,” said Nath.
An F-Secure study released regarding the NanHaiShu incident state that targets included the Department of Justice of the Philippines, the organizers of the Asia-Pacific Economic Cooperation (APEC) Summit and an international law firm representing one of the involved parties.
[adrotate banner=”5″]
Cybercriminals evolve, realise true value of information
Nath feels that wherever geopolitical rivalries occur today, so too are cyber exchanges increasingly prevalent. “This is especially true in cases where cyber criminals have the leverage of targeting countries that have cyberspace infrastructure but are weak on governance,” he Nath.
The technical analysis exposed the malware’s notable orientation toward code and infrastructure associated with developers in mainland China. Owing to that, and to the fact that the selection of organizations targeted for infiltration are directly relevant to topics that are considered to be of strategic national interest to the Chinese government, F-Secure researchers suspect the malware to be of Chinese origin.
Although the NanHaiSHu Malware was utilised mainly for intelligence gathering, other such Malware seldom are, and cybercriminals of today have been known to cause operational shutdowns, equipment damage, reputation damage and more.
“These criminals have advanced to the point that they are not only highly competent in terms of their technical ability, but they have even become very uch aware of the real value of their ill-gotten gains,” said Nath.
“They know exactly how to monetize what they steal, and in fact are not beyond even being able to use the information to influence business dynamics,” he said. As an example, Nath mentioned the case where market-sensitive information was stolen from more than 100 companies, to be traded or profits on the stock market.
With these examples, it is clear that cybercriminals of today have become a formidable force and it is only with the aid of highly experienced and skilled cybersecurity professionals such as F-Secure that a semblance of normalcy can be maintained.
Support Tech ARP!
If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!
