Professional Documents
Culture Documents
State of Cyber-Security in Indonesia
State of Cyber-Security in Indonesia
UNDERSTANDING
INTRODUCTION CYBER-SECURITY ISSUES
ABOUT PROTERGO
About Protergo 21
Blue team offering 22
Red team offering 27
2 | P R O T E R G O C Y B E RS E C U R I T Y
ABOUT PROTERGO
We are one of the leading Indonesian cyber-securitY company, Our clients say
that we are quite unique for multiple reasons:
Innovation as our core value -1st in Indonesia to offer next-gen. anti-virus and
email protection that re-pay if your company is hacked
Above all we are a team of passionate professional -the 1st in Indonesia to use
only certified analysts and penetration testers (CompTIA CySA+, Security+,
Linux+, PCI-DSS, OSCP, ...)
Contact us at info@protergo.id
P R O T E R G O C Y B E RS E C U R I T Y | 3
INTRODUCTION
1. Welcome address
Welcome to the 1st edition of the Protergo In only 2 years we have built some world-class
Indonesia Cyber-Security Report, an annual capabilities in:
publication that we created for our customers,
partners and the industry. Blue team
building one of the first cyber-security
The purpose of this publication is to share our operation center in Indonesia
knowledge on the current state of cyber-security
threats in Indonesia, recommend best-practices Red team
and solutions. What makes this report unique is penetration testing services using leading
the depth of the information contained and the methodologies in the world
specific focus on the Indonesian market.
We continue nowadays to develop our platform,
The source of the report is the data collected using machine learning, automation and
from the Protergo’s network of sensors, alarms, advanced real-time tools to continuously support
signals, on-premise and on-cloud systems and our clients.
services. Every day, Protergo scans over 50+
sensors at different critical points of the We hope the readers found the information in this
Indonesian infrastructure - assets like report helpful, insightful and we sincerely hope
datacenters, telecommunication systems, ISP, that the report can help organizations to protect
banks, insurances, fintech and other large their systems, software and users.
enterprises.
4 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020 State of the Cybersecurity in Indonesia
Digitalization has not been all the time followed-up by adequate cyber-security measures. Many
companies in Indonesia have been left behind in the cyber-security space.
Our top 10 summarizes the learnings from this year into 6 must-know
facts and 3 simple recommendations for CEO/ CTO and IT teams.
1. Software 4. Viruses
80% of the threats are software 80% of threats are trojan, worms or
related ransonmware
3. Vulnerabilities 6. Legacy
100+ vulnerabilities for each ~30% of all vulnerabilities are >10 years
organization old
1. Set-up a security operation center to monitor, detect and block key attacks
3. Prepare for 2020, supporting work from home through endpoint security, anti data loss
prevention, email and cloud security
P R O T E R G O C Y B E RS E C U R I T Y | 5
UNDERSTANDING
CYBER-SECURITY ISSUES
Malware
malicious software designed to harm
computer systems
Exploit
active attacks by hackers to
corporate systems
6 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020 State of the Cybersecurity in Indonesia
Chart 1:
3% Network Attack
5% Vulnerability
43% Malware
8% Other
9%
Policy &
Access Violation
32% Exploit
Malware Exploit
Malware is a collection of malicious software Exploitation is the next stage in an attacker's list
variants, including ransomware, viruses, and after he spots the vulnerability. Exploits are the
spyware. It usually consists of code created by ways through which a vulnerability is leveraged
cyber attackers, developed to result in extensive for nasty activity by hackers; these may include
damage to systems and data or to gain unlawful pieces of the software, arrangements of
access to the network. Malware is usually commands, or even the open-source exploit kits.
delivered in the form of a file or link via email.
P R O T E R G O C Y B E RS E C U R I T Y | 7
State of the Cybersecurity in Indonesia // 2020
Network attacks
Those are network related attacks that typically include denial of services attacks or network flooding.
Those categories of attacks target specifically the network devices.
Our data shows that 80% of the attacks from Malware are
concentrated in 3 key categories as Trojan, Worms and
Ransomware, those categories are different in the following way:
Trojan
software designed to infiltrate itself and give
hackers the ability to control a software system
remotely.
Worm
software designed to spread across as many devices
and computers as it can in order to increase the
hackers exposure to a given institution.
Ransomware
software designed to block a critical system and
to request for money in order to unlock it.
8 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020 State of the Cybersecurity in Indonesia
1% Adware 1% Virus
2% Rootkit 1% Bot
1% Spyware
13%
Ransomware
32% 49%
Worm Trojan
Spyware Virus
Spyware is an executable software that is being A computer virus is an agent in a computer
installed on one’s system and would start system, first being found and introduced in 1983.
monitoring one’s behavior without them noticing This agent is usually being transmitted cross
or directly permitting. Spyware contains the term devices and usually being transferred through
‘Spy’, which literally means to observe or to storage media. After entering a system, a virus
directly monitor one’s activity. would attach itself to another program. When the
host program is being executed, the virus is being
run alongside the host program.
Bot Rootkit
Bots are used to execute attacks involving A rootkit is a computer program that is
credential thieves, authorizing illegitimate access, designated to grant an integrated privilege to
or distributed denial of service. access the system – all the operations are being
Bot attackers can have access to thousands of carried on stealthily. Rootkit itself is a
computers in one moment of time and combination of two words, they are ‘root’ and
simultaneously command them to execute ‘kit’. Root talks about the literal root access of a
malicious activities. system. Kit is all about the tool and media.
Adware
Adware is a software designated to burst advertisements up on your display – and is commonly found in
applications, or web browsers.
P R O T E R G O C Y B E RS E C U R I T Y | 9
State of the Cybersecurity in Indonesia // 2020
Mirai Malware
Description:
Mirai is a malware that turns networked devices running Linux into remotely controlled "bots" that can be
used as part of a botnet in large-scale network attacks.
Impact :
As a self-propagating botnet virus, Mirai can coordinate a DDOS attack. We have detected Mirai since start
of 2019 in Indonesian banks and financial institutions.
10 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020 State of the Cybersecurity in Indonesia
2% 1%
Web Attack SSL Attack
1%
6% Phishing
SQL Injection
30% 60%
SMB Exploit Server Attack
P R O T E R G O C Y B E RS E C U R I T Y | 11
State of the Cybersecurity in Indonesia // 2020
12 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020 State of the Cybersecurity in Indonesia
DDOS
A distributed denial-of-service (DDoS) attack is an
12%
DDOS
attempt to interrupt the usual traffic of a targeted
server, network or service by overloading the
target or its close infrastructure with excessive 18%
Internet traffic. Flood
Flood
Flood is a Denial of Service (DoS) attack made to
bring a service or network down by drowning it
with a huge volume of traffic. It eventually fills the
host's memory buffer and interrupts the
processes. 70%
Network Anomaly
Network Anomaly
At the core of mastering hacking and stealing data
is the knowledge of anomalous network
behaviors. Anomaly is something that varies from
what is normal, standard or expected.
P R O T E R G O C Y B E RS E C U R I T Y | 13
State of the Cybersecurity in Indonesia // 2020
3.d Vulnerability
5%
System Scanning
34%
Software Unpatched
61%
Cleartext
Cleartext
Cleartext is a stored or shared text that is not subjected to encryption and is not intended to be encrypted.
14 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020 State of the Cybersecurity in Indonesia
17%
Policy Violation Policy Violation
23%
Backdoor
Backdoor
Backdoor is the undocumented way of obtaining
access to any program, online service or the
whole computer system. A backdoor bypasses
usual authentication mechanisms. It is developed
by the programmer who makes the code for the
program and is a potential security risk.
47%
Bruteforce
Bruteforce
It is the simplest method to gain access to a
server or site (that is password protected). It tries
numerous combinations of usernames and
passwords repeatedly until it gets in.
P R O T E R G O C Y B E RS E C U R I T Y | 15
State of the Cybersecurity in Indonesia // 2020
2.54% Philippine
16 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020 State of the Cybersecurity in Indonesia
50% Malware
out of the total attacks
(Mylobot, Rootkit, Worm, etc.)
Exploit
(SMB Vulnerabilities, XSS, etc.)
Exploit
(SQL injections, Phishing spam, etc.)
6% Network Attack
of the total attacks
(Nmap, MS inbound on Non Standard Port, etc.)
Malware
(Adware infection)
P R O T E R G O C Y B E RS E C U R I T Y | 17
State of the Cybersecurity in Indonesia // 2020
Info
19 Vulnerabilities
vulnerabilities that will allow attackers to gather
INFO
more information about a system (e.g., banner
information for a web server version).
Low
vulnerabilities that pose limited risk of system
35 compromise; may allow an attacker to gain more
LOW confidential information about a system (e.g., how
many users are connected to a system) but will
not allow an attacker to gain access to the
system.
Medium
25 vulnerabilities that pose some risk of system
MEDIUM compromise; may allow an attacker to gain
confidential information about a system (e.g.,
value of system variables) but will not allow the
attacker to directly exploit the system.
High/ Critical
24
HIGH/ CRITICAL vulnerabilities that allow an attacker to access the
system.
18 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020 State of the Cybersecurity in Indonesia
P R O T E R G O C Y B E RS E C U R I T Y | 19
State of the Cybersecurity in Indonesia // 2020
2008 0%
2009 1%
2010 1%
2011 4%
2012 7%
2013 6%
2014 6%
2015 14%
2016 23%
2017 9%
2018 14%
2019 8%
20 | P R O T E R G O C Y B E RS E C U R I T Y
What is Protergo doing about
the current situation?
c. Remote Desktop
e. Next-generation Antivirus
Red team services
f. Anti Data-Loss Prevention
b. Penetration Testing
P R O T E R G O C Y B E RS E C U R I T Y | 21
State of the Cybersecurity in Indonesia // 2020
22 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020 State of the Cybersecurity in Indonesia
Restrict functionalities
How does it work?
Selectively restrict device functionalities (e.g., usb,
websites, …)
Protergo Work From Home
Install/ Remove software remotely
- installs agent into employee's devices, BYOD or
corporate devices to protect against emerging Provision, deploy and manage mobile applications
threats and prevent security issue.
Ensure compliance
- offers services that include the remote
monitoring of the workforce. Check and enforce compliance across the entire
device fleet.
P R O T E R G O C Y B E RS E C U R I T Y | 23
State of the Cybersecurity in Indonesia // 2020
24 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020 State of the Cybersecurity in Indonesia
P R O T E R G O C Y B E RS E C U R I T Y | 25
State of the Cybersecurity in Indonesia // 2020
1. f. E-mail protection
- Impostor email
Protergo Email Protection installs an appliance - Phishing
connected to your email servers - Malware
- Spam
- Bulk mail
26 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020 State of the Cybersecurity in Indonesia
P R O T E R G O C Y B E RS E C U R I T Y | 27
State of the Cybersecurity in Indonesia // 2020
Protergo differentiates itself for Penetration testing and vulnerability assessment across 3 main dimensions:
Protergo is the first in Indonesia to use a world- Best in class quality at the right prices. Forget the
class MITRE framework to define potential attack old extremely slow and manual penetration
scenarios. Based on real-world attacks used on testing, we use AI and Robotic Process
other financial institutions and before the Automation to speed-up the penetration testing.
penetration testing itself. With MITRE, Protergo is Higher quality using technology.
the first company in Indonesia to take very
seriously the human element, typically ignored by
penetration testing.
28 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020 State of the Cybersecurity in Indonesia
MITRE ATT&CK® is a world-class knowledge base CVE® is a world standard for cybersecurity
for adversary tactics and techniques based on products and services from around the world,
real-world observations. The ATT&CK is used to such as the U.S. National Vulnerability Database
develop specific threat models that inform our (NVD).
penetration tests.
The benefit of using the MITRE attack framework
is to ensure that Protergo and the Clients spend
more time upfront to discuss about potential
scenarios before the penetration testing begin.
This allow the team to be much more focused Open Web Application Security Project (OWASP) is
during the penetration testing and ultimately give a nonprofit foundation that works to improve the
the Client much better and more realistic results. security of software. The OWASP Foundation is
Moreover, with MITRE, the human element is the source for developers and technologists to
taken into account since the beginning. So secure the web.
Phishing, Social Engineering attacks can be
simulated.
P R O T E R G O C Y B E RS E C U R I T Y | 29
State of the Cybersecurity in Indonesia // 2020
We are the first one in Indonesia to use a local team combined with an international team of penetration
testing experts. See the following figures for the key details.
Moreover, our penetration testers are certified by OSCP and OSWE. This allows Protergo to offer the
best in class penetration testing services to our Clients.
30 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020 State of the Cybersecurity in Indonesia
Protergo has a strong experience in the banking sectors. Please find below some examples of the penetration
testing that we have completed over the past years
P R O T E R G O C Y B E RS E C U R I T Y | 31
Get in touch
Jl. Rempoa Raya No.11, Rempoa,
Kec. Ciputat Tim., Kota Tangerang Selatan, Banten 15412
www.protergo.id