KUALA LUMPUR: There has been a dramatic increase in the volume and frequency of cyberattacks in Malaysia, says the United States Federal Bureau of Investigation (FBI).
The attacks are not only perpetrated by profit-motivated cybercriminals, but also by rogue nation-state actors who are trying to obtain both economic and strategic advantage without considering the amount of damage that their actions will cause.
In an effort to contain such threats, FBI director Christopher Wray recently visited Malaysia to strengthen cybersecurity collaborations and deepen the partnership between the bureau with local law enforcement and security agencies, among other things.
This visit is a pivotal moment as Wray is the first FBI director to set foot in the country since 2002.
Speaking to the New Straits Times, Wray said he decided to make the trip as the FBI considered Malaysia as one of its most important law enforcement and security partners.
"I found that it is vital in my role as FBI director to visit our most important law enforcement and security partners like Malaysia.
"The goal of that is to deepen our already strong partnership and to do even more together against the dangers that affect both countries... things like cybercrime, counter terrorism, counter intelligence threats, child predators and so forth.
"Getting here was a priority and I was very enthusiastic about making the trip. I am the first FBI director to visit Malaysia since 2002," he said in an exclusive interview at the United States embassy here.
Wray said his stopover in Malaysia speaks loudly about the importance of FBI's partnership with law enforcement agencies in Malaysia.
"I am very grateful to our partners here... the Malaysian police, Malaysian Anti-Corruption Commission and the Attorney-General's Chambers (A-GC), among others.
"Of course, we also met the home minister and I am grateful to all of them for their hospitality and for the close working relationship we have to keep both countries safe," he said, describing the meetings as very productive and that they had reinforced the bond between the FBI and security agencies here.
Wray, who became FBI director in 2017 after being nominated by president Donald Trump, also spoke at length on cybersecurity issues. The following is an excerpt of the interview.
Question: Cybersecurity threats in Malaysia have been rising in frequency and severity. What do you think is the primary driver of this? And how is the FBI helping out to counter such threats?
Answer: At the FBI, we've observed a really dramatic increase in the volume and frequency of cyberattacks. And these are driven by economically or profit-motivated cybercriminals and also by rogue nation-state actors, who are motivated by strategic and economic gains. It should come as no surprise that Malaysia's growing tech-savvy economy is making it a target for economic and profit-motivated criminals — cybercriminals.
These cybercriminals target businesses and citizens with ransomware attacks, with phishing schemes, as well as different kinds of cyber-based scams like business email compromises or investment scams.
The cybercriminals operate from many regions, including Eastern Europe, parts of Africa, parts of Asia, and they use the reach and anonymity of the Internet to prey on victims.
Contrast that with cyber threats posed by nation-state cyber-actors, where only a small number of rogue nation-states are responsible for the vast majority of attacks.
And so we are increasingly seeing our international partners targeted by states like Russia, North Korea and China using attacks to steal intellectual property, to steal citizens' personally identifiable information and stealing sensitive government data to gain competitive or strategic advantage.
And of that group, China by far, does the most damage because of the sheer size of their hacking operations.
They have a bigger hacking programme than that of every other major nation combined. And China's not just hacking on a huge scale, but they're causing indiscriminate damage to get what they want, so sometimes hitting thousands of victims in a single cyber campaign.
We've seen that the Chinese government is also adept at employing criminal hacking groups. Think of them almost like cyber-mercenaries in their cyber campaigns — using those criminals to hide the true purpose of the attacks, things like intellectual property theft. It can cause immense economic damage; stealing data, technology, undermining confidence in vendors and supply chains. So those hacking operations kill jobs, kill investment and kill innovation.
ALSO READ: Chinese embassy: U.S. accusations baseless
At the FBI, we see success when we focus on making it harder and painful for hackers to succeed.
We have a three-part approach. We go after the actors, the criminal actors, and I mean that broadly, not just the ransomware administrators and affiliates, but also those who launder their money, their bulletproof hosting providers... So that's the actors.
The second, we go after their money, the hackers' money. Typically that's following and seizing their cryptocurrency, the stolen cryptocurrency and essentially hitting them where it hurts, which is their wallet.
Lastly, we go after the hackers' infrastructure; their servers, botnets, domains and so forth. If you do all those three things together, you can maximise the impact.
At the same time, we're putting a lot of effort into giving victim businesses and victim governments, and potential victim businesses and governments, actionable intelligence so that they can better defend themselves. So we do all of that by working with our partners like the Malaysian police to conduct joint, sequenced operations against both criminals and nation-state hacking groups.
Q: Ransomware attacks are also reportedly on the rise in Malaysia. How concerned are you about ransomware and how do you see the threat evolving?
A: Unfortunately, I am not surprised that ransomware attacks are on the rise in Malaysia.
We have seen the rise in ransomware attacks occurring for some time in the US, certainly, and in other countries with the actors initially targeting businesses.
In the US, we are now seeing them expanding their victims to escalate the harm. So by that, I mean we've seen ransomware actors in the US, for example, going after hospitals, schools and emergency service providers.
It's not just a question of the financial harm, but it's potentially a public safety issue as well. And I think you could expect to see something similar in other countries as well, potentially including Malaysia.
We're also seeing ransomware actors evolving their tactics. They're expanding their victims. They're not encrypting the victim's data and demanding money for the decryption key anymore.
Now, it's becoming much more common for such actors to also engage in piecemeal or even wholesale exfiltration of data — essentially stealing the data itself and, in addition to encrypting it, threatening to release or sell it to others, all as a way to double... we call that double extortion, as a way to sort of increase the harm to the victim.
And we're seeing ransomware actors looking for ways to go even beyond that. We're also seeing them engaging in sophisticated targeting. So they will do things like researching the victim's cyber insurance policy.
If they see how much insurance the victim has, that's something they will use to figure out who to target. If they see that the victim has paid a ransom before, that may make them more likely to target the victim because they know this is a business or organisation that has shown a history of paying ransom.
And all of that has also contributed to higher ransom demands as well. How concerned are we?
Of course, very concerned. And so at the FBI, we're trying to take the fight to the ransomware groups, and we're evolving our approach, too.
It's an approach that's both partner-focused and victim-focused, and trying to create the greatest impact not only on ransomware actors, but also on the ransomware ecosystem.
A good example is a recent 18-month-long disruption campaign that we pursued against the Hive ransomware group, which you may have heard of, which essentially resulted in us dismantling the group's infrastructure and taking it offline.
Hive was one of the larger, more active ransomware groups that the world knows of, targeting businesses and other victims in over 80 different countries, demanding hundreds of millions of dollars in ransom.
And in July last year, the FBI gained clandestine persistent access to Hive's control panels.
Essentially, think of it as us hacking the hackers.
And so from July last year to Jan 23, we repeatedly used that access to get Hive's decryption keys and identify victims.
We were able to offer those keys to something like 1,300 different victims around the world, including some victims here in Malaysia, so that those victims could unlock or decrypt their networks without paying the ransom, thus preventing at least US$130 million in ransom payments. We did all of that without the Hive catching on.
Q: This US$130 million is overall or is it specifically to Malaysia?
A: Overall.
Q: What's your advice for victims of ransomware?
A: I recognise it's a difficult decision for a company or business in that situation. We discourage paying ransoms for a couple of reasons. One is, of course, the more ransom that gets paid, the more ransomware there's going to be. Second, the victim has no real assurance that the bad guys are not going to return and demand for more.
But most importantly, my advice to businesses is regardless of whether they're going to pay or not, the most important thing is to reach out to law enforcement first.
Q: What are some of the ways that you have been successful in addressing cybercrime? What are some of the approaches that you have taken?
A: I think probably the most important thing is partnerships and sharing information.
And by that, I mean acting together with foreign law enforcement and foreign intelligence services... with the private sector, which has a very important role to play here, and other entities, and not worrying about who's going to get the credit.
The whole point is to have interplay between those partners. So we take information from private sector partners, government partners, and we try to figure out how we can collectively best stop or degrade the adversary, and then share information with whoever is best suited to put it to use. So that might mean that we've got information, and we share it with the Malaysian police and they are able to make the arrests.
Ideally, we're taking down the hackers' infrastructure in some countries, and then other countries are taking infrastructure in their own countries. Different countries are making arrests.
We're all working together to seize the proceeds. We're all working together to warn the business community and the public. To us, cyber is, we like to say, cyber is the ultimate team sport.
Q: Are you planning to intensify your partnership with the Malaysian police? Are there plans to intensify the relationship and cooperation?
A: Well, we've already spent a certain amount of time here on this visit talking about ways to heighten our joint work and to elevate the work that we're already doing. I expect that to grow.
We have got a number of good ideas about how we can do that from both agencies. We're going to be working even more closely together.