Heaptalk, Jakarta — As cyber threats continue to grow, Indonesia needs to take a more proactive stance in prioritizing cyber security. Cyber attack vulnerabilities can emerge at any phase, spanning design, development, production, distribution, acquisition, deployment, as well as maintenance. The attacks can affect multiple parties, ranging from the government and companies to society.
Information and communication technology (ICT) supply chain attacks rose to a high level in the past year. A global cybersecurity company Kaspersky discovered a Trojan package dating from the June 2020 period while investigating supply chain attack artifacts on the website of the Asian government certification authority in 2021. Later, Kaspersky’s researchers identified a plugin being deployed using the PhantomNet malware on the thread. Further analysis revealed similarities to the previously analyzed CoughingDown malware.
Head of Public Affairs and Government Relations for Asia Pacific & the Middle East and Turkey & Africa at Kaspersky Genie Gan explained that the real targets of the threat actors were government entities. However, as the certification authority is the weaker link in this supply chain, the actors decided to take advantage of the trust between the government and the certification authority.
Genie delivered, “Supply chain attacks exploit a relationship of trust, which can be a relationship between a leading agency and a government or between a small software supplier and a company. Similar attacks have critical consequences for all parties affected, on governments, companies, and quite possibly individuals like you and me.”
To prevent the attacks, Genie suggested defense players must operate on the basis that their systems have been compromised and look for signs of attack rather than assuming the prevention can be done utilizing traditional products.
On a broader scale, Kaspersky has detected as many as 22,886,032 different cyber threats on the internet on the computers of Kaspersky Security Network (KSN) participants in Indonesia in the first six months of 2022. In addition, the Kaspersky Anti-Phishing system in Indonesia has blocked 1,548,716 phishing attempts during the first half of this year.
Cyber resilience itself has the potential to support local business growth, drive the latest digital opportunities, and reduce harmful risks to the country’s economy. Therefore, Kaspersky executives urged countries to collaborate with neighboring countries and private companies to build greater cyber resilience. Genie added that although Indonesia’s cybersecurity landscape is different from that of other Southeast Asian countries, the country still has some linkages with its regional neighbors in many ways.
“This is why we encourage government regulators to start increasing capacity building and cyber cooperation efforts. These two things are the building blocks of cybersecurity. The recent passage of a personal data protection law in Indonesia is also a good stepping stone for better digital defense,” said Genie in her closing statement.