2022 – A Year of Cybercrime Gone Wild in Sri Lanka
Most will agree that 2022 was a pretty bleak year globally, with grim economic recession, climate related disasters, the perils of Covid lingering, political turmoil and endless human disasters around the world.
On the tech front, Cybercrime related incidents were at an all-time high. Hackers were on the rampage throughout the year, casing fear and chaos. And then there was the Elon Musk Twitter debacle to close off the year!
Sri Lanka’s ‘Annus Horribilis’
In Sri Lanka, online payment gateway PayHere suffered an attack and went offline for 36 hours?in what was possibly one of the most serious data breaches the country has seen.
On April 18, 2022 the Sri Lanka Police website was subjected to a cyber-attack. According to Ceylon Today, the website had been hacked but had been quickly restored. Rumours claiming that the website was hacked by Anonymous, a decentralised international hacktivist collective were denied.
Amidst #Aragalaya, an unprecedented people’s uprising taking place in the country, on April 20, 2022, Anonymous?went into action targeting the websites of government institutions Ceylon Electricity Board and the Department of Immigration and Emigration.
An article by Restoftheworld.org stated, “Many Sri Lankans had been calling for the group to step in, using the hashtag #AnonymousSaveSriLanka on social media. But as part of the attack, Anonymous hackers?publicly shared?thousands of usernames, passwords, and email addresses from the database of Sri Lanka Scholar, a private portal that connects students to various higher education institutions and uses the official ‘.lk’ domain. The hackers?released similar information?about the agents registered with the Sri Lanka Bureau of Foreign Employment (SLBFE).”
In July 2022, the Centre for Air Power Studies (CAPS) stated, “In the present scenario, Colombo will find it difficult in the short term to attend to cyber issues while its population struggles to meet basic necessities. In the long term, Sri Lanka will have to make significant efforts toward cyber capacity and capability building.”
The Daily Mirror revealed that “Chathura Rajapakse, a representative of Lanka Change Agents, said that in 2022, according to the recorded complaints received by the Sri Lanka police on cybercrimes, the number of complaints surpassed 3000. Accordingly, cybercrimes that are associated with phoney auctions, identity theft, and the sale of stolen information such as credit card numbers, social security numbers, and account passwords are showing an acceleration.”
In November 2022, Conventuslaw.com, a Hong Kong-based digital media platform providing legal-focused content to business leaders and lawyers stated, “The various cyber security breaches in 2022 affecting government institutions such as SriLankan Airlines, the Ministry of Health, the Sri Lankan Bureau of Foreign Employment and the Department of Examinations, have exposed the need for a robust cyber security framework to be established.”
Costly Licences
One of the reasons for the surge in Sri Lankan cybercrime in 2022 is attributed to the country’s ongoing financial crisis, whereby the price of licenced cyber security products surged dramatically.
“The collapse of the Sri Lankan rupee has caused the price of cybersecurity product license renewals to skyrocket. Opportunistic hackers are treating the emergency as an excuse to pillage, as many companies face heightened phishing and distributed denial-of-service attacks. ?Cyber insurers are leery of renewing existing policies.”
With industries such as manufacturing, telecom, banking and the entire export/import sector struggling to keep their heads above water, the issues of cyber security and licence renewal inevitably get pushed to the backburner.
Take Measures to Stay Safe in 2023
10QBIT’s Head of Security Dinuja Wickramarachchi offers the following advice for staying safe in 2023. “Cyber Security is a never-ending evolution, but if you have good cyber security measures in place, you can have peace of mind. Otherwise, it's frustrating and always comes with a dose of bad luck. Let’s learn from the cyber security issues and mistakes of 2022, and adopt better cyber-safe measures for 2023.”
1. Don't use any service/website that does not offer multi factor authentication
Multi factor authentication is not a big deal, it comes with pretty much every service that we presently use but, if any service, app or website does not allow multi factor authentication, there is an enormous risk, so check for the alternatives that offer better security.
2. Use a strong password manager
Passwords are also a weapon in your hand. You can either protect yourself or someone can snatch it from where you left it and there goes your life, data and everything you have. If you would like to have peace of mind in 2023, consider using a strong password manager.
领英推荐
Password managers encrypt your password and store them in a secure place with additional authentication that only you can access. Password managers are easy to use and are gaining popularity by the day.
Use a Password manager that offers password breach /leak detection, auto fill, password- less login (especially beneficial for businesses use) and have multi factor authentication that adds additional layer of security with biometrics.
3. Don't carelessly give away your data information
Today, data capitalism is a common business model that pretty much everybody uses to generate revenue. However, it sometimes also completely rips off our privacy. These companies know very well ?that consumers don’t bother to read the long and tedious terms and conditions or privacy policy. They milk the situation to gather as much data about individuals as possible.
One current trend is people posting AI generated portraits of themselves. However, do they spare thought about their privacy? What happens to the multiple selfies (facial data) that he or she uploaded to that AI portrait app? They shouldn’t be surprised if a few months down the line they find their face somewhere on the internet where they never intended.
4. Use a VPN
When you are browsing the internet use a robust VPN that offers multiple security and privacy features such as encryption, no log policy kill switch, leak protection, malware and add blockers, performance and simultaneous connections for multiple devices with different operating systems.
When traveling or using public WIFI it is critical to use a VPN because technology is rapidly growing and hackers or malicious parties now have way more advanced WIFI hacking tools and gadgets.
For example, in a hotel you see the hotel WIFI is available and it looks legitimate. However, ?there could be a malicious guest spoofing the same legitimate hotel WIFI and tricking people into joining the malicious spoofed WIFI that he controls.
5. Use a good Anti-Virus program
Don't use the traditional free antivirus program which has less capacity to detect current zero-day attacks and rapidly advancing ransomware threats. If you are a Windows user, unless you are planning to use a different powerful AV program, always keep your Windows defender updated and enable all available security features.
6. Only use secure browsers and configure them to add the first line of defence
There are a lot of browsers out there but you have to pick a secure browser and do some tweaking to enable the best security possible. The most popular secure browsers are Brave, Chrome, Firefox, and Safari.
For example, Brave browser by default blocks all the ads and trackers and you don't need to install any additional extension to do so. And you can configure your browser to block third party cookies, additional trackers and everything for your privacy and security. If your browser supports Forcing HTTPS you should enable that.
7. Implement a backup policy for your personal/work life
If you want to keep your valuable data safe, backup is mandatory, however you have to maintain and store the backup data in a secure and convenient place. ?Secure and easy ways are to use the cloud. Most secure cloud storage providers such as Google offer 15Gb of space free and you can pay extra to scale it to your preference.
Remember to do a regular backup and try choosing a method that allows auto backup. Backup is one of the great ways to avoid ransomware attack risks. Even though you may face a ransomware attack, you won’t have to pay a dime as you can always use the backup to restore everything into the previous state.
8. Cyber security awareness is a must
Cyber Security awareness is critical for companies and individuals. Companies must train employees to identify and avoid cyber security threats. Employees must be armed with ?cyber security awareness and knowledge to protect themselves and their families. Until you experience a cyber security attack, you will not fully comprehend the?consequences.
Wishing you all a successful and cyber safe New Year 2023.