Kaspersky: Brace For More Phishing, Scams, Data Breaches, APT Attacks in APAC 2024

Driven by the Asia Pacific’s (APAC) rapid digitalisation movement and known geopolitical frictions, experts at Kaspersky predict the upcoming cybersecurity threat landscape in the region this year

0
464

Global cybersecurity company reveals that, in particular, the dangers of phishing, scams, data breaches, and geopolitically-motivated cyberattacks are seen to continue targeting organisations and individuals from the region.

Asia Pacific’s digital economy continues to grow exponentially and is expected to keep its momentum in the next five years. With digitalisation efforts including adoption of technologies like digital payments, Super Apps, IoT, smart cities, and now generative Artificial Intelligence (AI), cybersecurity will be key to ensuring the resilience of the region’s overall defenses against potentially damaging cyberattacks,” says Vitaly Kamluk, Head of Research Centre for Asia Pacific, Global Research and Analysis Team (GReAT) at Kaspersky.

“When it comes to sophisticated Advanced Persistent Threats (APTs), we have seen that cyber espionage remains to be the main objective of Asian groups. We expect this trend to continue in 2024 due to the existing geopolitical tensions in the region,” Kamluk adds.

Kaspersky’s GReAT researchers have also specified the key cyberthreat predictions in 2024 for the key countries and territories in APAC.

South East Asia (Malaysia, Singapore, Philippines, Thailand, Vietnam, Indonesia)

The scale of scam in Southeast Asia

According to a report by the UN, hundreds of thousands of people from Southeast Asia (SEA) were recruited to join online-scam operations such as romance-investment scams, crypto fraud, money laundering and illegal gambling. Recruitment to these criminal operations are mostly done via advertised professional roles such as programmers, marketers or human resource specialists, through what appear to be legitimate and even elaborate procedures.

Increased usage and trust in digital payment methods, lack of regulations protecting the rights of users online and large numbers of people forced into joining online-scam operations add complexity to this major issue in SEA and in resolving it.

“Law Enforcement is working on many of those cases, involving scam and phishing attacks and we have seen successful operations in 2023, such as a joint operation of Australian Federal Police (AFP), and United States Federal Bureau of Investigation (FBI) and Malaysian Police which led to arrest of 8 individuals behind a syndicate running a phishing-as-a-service campaign online,” says Kamluk.

“Nevertheless, we think that the scale of online scam and phishing attacks in Southeast Asia will only continue growing in the coming years due to technical and legal illiteracy of many people involved in such attacks from operators to victims,” he adds.

Singapore

Major technology safety and security highlights in Singapore in 2023 were related to data breaches and outages.

Financial service outages

In October 2023, DBS, one of the largest Singapore banks, experienced an operational failure due to datacentre outage, which resulted in 2.5 million failed transactions. Although, the reason for failure was not to be associated with a cyberattack at the time, given a prior history of outages, it will have implications on the bank’s strategies and priorities among which shall be increased reliability and safety of the services. As reported by the media, Citibank operations were also affected. While we embrace attention to improving the reliability and security of the infrastructure, it’s still the time of changes, which always opens a window of opportunities for the attackers.

DDoS attacks

Another highlight was related to web service outages of several public hospitals and polyclinics due to a distributed denial-of-service (DDoS) attack: the attackers flooded servers with internet traffic to prevent users from accessing online services. The disruption did not result in a compromise of data or internal networks according to publicly known information. This incident tells us that while the websites demonstrated resilience against potential compromises, they were unfortunately unprepared to a DDoS attack.

Website defacements

A number of Singapore websites suffered from politically motivated defacement attacks in late 2023. Those attacks affected a historical temple website, a retirement info website, a tourism agency and other businesses located in Singapore.

“The bottom line is that the trend for future attacks in Singapore will likely be related to denial of service attacks, politically motivated compromises, defacements, and data leaks. Targeted ransomware threat is still real too, but will adopt the newest trend of pressuring the victim through regulator complaints,” explains Kamluk.

China

Telecom fraud activity will decrease, but phishing attacks may increase

In the past year, the Chinese government has been trying to find ways and even seek international cooperation to combat telecom fraud. In this high-pressure environment, the telecom fraud groups, known to be located in northern Myanmar, may soon collapse.

However, Kaspersky researchers still have seen a wave of phishing attacks from unidentified groups over the past year launching frantic QR code phishing attacks on Chinese citizens, targeting personal credit card information. This group’s operations do not appear to be affected by the situation in northern Myanmar, and based on Kaspersky statistics and observed behavioral patterns, attacks may peak again at the end of the year and early next year.

APT attacks on high profile targets will become increasingly active

Earlier this year, Chinese authorities reported cyberattacks on various national institutions and organizations. The CVERC reported isolating a spyware artifact named ‘Second Date.’ This advanced cyber-espionage tool can fully control targeted network devices and enable prolonged data theft.

Targets that were compromised include a university developing military-industrial projects and government departments that maintain basic geographic data. In addition, Kaspersky have also noticed that some long-term active APT organisations have launched APT attacks against Chinese nuclear energy companies and unknown targets.

Given China’s geopolitical prominence, Kaspersky experts expect that the number of APT attacks targeting the country will only increase in the future.

It’s the ever-rising popularity of cryptocurrencies, which may lead to a new generation of scam apps,” explains Kamluk.

Also, a growing popularity of micro-loan apps has resulted in new schemes to target users in India through unexpected inflated premiums and personal threats.

In addition, with India’s move towards smart cities, IoT vulnerabilities pose serious security challenges for the country.

South Korea

Prominent political event and cybersecurity threats

In the upcoming year of 2024, South Korea is poised to hold a significant general election. Historically, major political events such as this have consistently attracted the attention of threat actors, who view them as prime opportunities for launching direct cyberattacks with the intent of disrupting the political proceedings. Furthermore, these threat actors often employ sophisticated social engineering techniques to achieve their goals. Thus, it is our firm belief that this impending major event will serve as a catalyst, intensifying the frequency and complexity of cyberattacks.                                                                                        

Customised Cyber Threats Targeting the Local IT Environment

Over the past several years, alleged state-sponsored threat actors have systematically infiltrated numerous entities within South Korea, employing widely adopted software solutions that are integral to the country’s IT infrastructure. These adversaries adeptly exploited vulnerabilities specific to the local, well-known software and IT ecosystem, thereby facilitating the successful dissemination of their malicious software to their unsuspecting targets. This nefarious activity wreaked havoc across various industries, causing extensive damage.

“As we look ahead to the year 2024, it is evident that these customised threats, meticulously tailored to exploit South Korea’s unique software landscape and IT environment, are poised to persist and pose an ongoing challenge,” adds Kamluk.

For organisations in APAC, Kaspersky shares the tips below to keep safe from these upcoming threats in 2024:

  • Always keep software updated on all the devices you use to prevent attackers from infiltrating your network by exploiting vulnerabilities.
  • Establish the practice of using strong passwords to access corporate services. Use multi-factor authentication for access to remote services.
  • Choose a proven endpoint security solution such as Kaspersky Endpoint Security for Business that is equipped with behavior-based detection and anomaly control capabilities for effective protection against known and unknown threats.
  • Use a dedicated set for effective endpoint protection, threat detection and response products to timely detect and remediate even new and evasive threats. Kaspersky Optimum Security the essential set of endpoint protection empowered with EDR and MDR.