News
Fears of cyber hacking mount as more and more turn to internet transactions
With more and more people gaining internet access and online banking being encouraged in Sri Lanka, cyber security threats are also likely to increase in the coming years.
Over 2,200 social media related complaints were made to the Sri Lanka Computer Emergency Readiness Team (CERT) in 2016. Many of these incidents could have been avoided had users been more careful about sharing their personal information online for hackers to exploit, CERT officials told the Sunday Times.
Roshan Changraguptha, CERT’s Principal Information Security Engineer said, as in previous years, the bulk of the complaints related to social media sites, mainly Facebook and they were mainly about impersonation by hackers who had created fake accounts.
Nevertheless, when considering that several million Sri Lankans have social media accounts, the number of those who have been victimised is minuscule, Mr. Changraguptha pointed out. He attributed this to people now being more wary about having their personal information online. “There is lots of awareness now, in both print and electronic media about being safe online. Additionally, users themselves are regularly discussing online about adopting secure practices when using the internet,” he observed.
CERT has also received other hacking related complaints. These include online financial fraud, malware or ransomware infections and website defacements. But the numbers are minimal.
With more people turning to online banking there are concerns that hackers may exploit vulnerabilities in computer systems, or trick users into divulging sensitive information to get into their bank accounts.
Sri Lanka Banks’ Association Secretary General Upali De Silva told the Sunday Times that banks were taking all possible precautions. Banks and financial institutions have formed an umbrella organisation under SLCERT to counter cyber security threats. This organisation, FINCERT, covers both financial and banking sectors. Once a month the steering committee meets at the Central Bank chaired by a CB official At the meeting banks can bring upt any cyber security issues. Even cyber attacks reported by banks in other countries are discussed.
Banks and financial institutions also report any attempt by hackers to gain access to their systems, Mr De Silva said. The steering committee then prepares what’s known as a ‘sanitised report’ to be shared with other banks and financial institutions. The report does not name the institution whose systems hackers have attempted to penetrate, but it lays out exactly what happened and what efforts were taken to counter the intrusion. “Pre-advice is very important when devising measures to counter such cyber attacks,” Mr. De Silva stressed.
Stopping such cyber attacks completely is however impossible he said. “We can only manage it, be alert and do what is necessary,” the Secretary General observed, citing that the situation is more a back and forth activity between hackers and financial institutions. “We devise a new system to neutralise any threats and then there is a lull, until the hackers find a new way to attack us.”
Mr. Changraguptha from CERT asserted that website administrators and network security personnel have to always be alert to prevent cyber attacks. “Website or network security is a continuous process where one has to frequently check for any vulnerability. Taking necessary precautions will at least make the work of a hacker more difficult,” he said.
Meanwhile, the Microsoft Malware Infection Index 2016 (MII2016) released in June, 2016, ranked Sri Lanka among the top 10 countries in the Asia Pacific facing cyber security threats. Sri Lanka came in 9th in the list, with Pakistan, Indonesia, Bangladesh, Nepal and Vietnam making the top five. Each country in the list had an average of close upon 40 per cent or more computers encountering malware, compared to the worldwide average of only 20.8 per cent, as of the fourth quarter of 2015, up from 17.6 per cent in the firstt quarter of 2015, Microsoft Asia revealed.
‘Malware,’ short for ‘Malicious Software’ is designed to cause damage to a single computer, server or computer network.
According to Microsoft, the Asia Pacific region is especially vulnerable with emerging economies most at risk of malware threats.
The three most commonly encountered malware families in the Asia Pacific region were Gamarue, a worm which can give a malicious hacker control of your Personal Computer (PC); and Trojans Skeeyah and Peals, which can steal personal information, download more malware
or give hackers access to your PC.