Business throughout the Asia-Pacific (APAC) region are suffering from financially devastating data breaches. While APAC leads the world in terms of connected cities – or “smart” cities – there is a widening cybersecurity gap that threatens organizations operating there. At the same time, geopolitical turbulence throughout the region creates new openings for cybercriminals to exploit. As a result, cyberattacks are the number-one risk to business, brands, operations, and financials in the APAC region.
Here are some numbers to help illustrate the story: 33 percent of Southeast Asian companies report a loss of between $1 million and $5 million following a data breach, but only 44 percent of executives surveyed by Cisco deem cybersecurity a high priority.
So, where does the dissonance stem from?
Why Organizations in the APAC Region Are So Vulnerable to Cyberattacks
The evolving threat landscape is characterized by an increased volume and variety of attacks as organizations adopt new technology. The drive toward an increasingly interconnected business landscape in the APAC region has cultivated innovative and efficient processes. However, this focus on new technology has facilitated a corresponding increase in vulnerabilities. These combined factors create a wide attack surface for a growing population of advanced threat actors. Many organizations in the APAC region have placed cybersecurity on the back burner, neglecting to allot adequate resources to their security teams. The slow adoption of security culture has created a very expensive security gap with global implications for foreign companies conducting business with APAC partners.
Meanwhile, geopolitical conflicts in many APAC countries are fostering an increase in the frequency and sophistication of cyberattacks. Espionage, surveillance security threats, and ever-pervasive malware threats plague organizations, governments, and citizens alike throughout the region. State-sponsored threat actors are attacking each other and their own citizens. And states themselves are causing potential problems: China, Vietnam, North Korea, and Australia all have strict mandates allowing for government control of information and networks, presenting critical risks for global businesses operating within their borders.
The Industries Most Targeted by Threat Actors in APAC
We identified three primary industries that are under fire from malware attacks: Industrial Control Systems (ICS), mining, and finance.
ICS: Over 40 percent of ICS organizations in APAC countries were attacked by malware at least once in early 2018, and this number has continued to grow over the past year. Companies in Vietnam are particularly susceptible to malware attacks, accounting for 75.1 percent of all ICS attacks in the APAC region.
As owners of critical infrastructure push for digital transformation to increase productivity, they struggle to account for security threats. They are integrating digital platforms, scaling cloud operations, and enabling remote access. What they struggle with, though, is that these previously air-gapped systems have no built-in security – not even basics like encryption and authentication.
Mining: Metals and minerals are extremely valuable traded commodities in international markets, and economic development is dependent on natural resources in emerging regions. Because of this, both state-sponsored threat actors and financially-motivated cybercriminals frequently attack organizations in the mining industry for insider information to give them competitive advantages in business negotiations, exploration and access to resources, or to acquire technologies that could inform indigenous development.
The most common attack method is malicious spam email. The mining industry had the highest successful spam rate of any industry in October 2018 at 59.2 percent. One of the reasons that spam is so effective in the mining industry is the ease of access through third-party vendors and contractors. Exploitable weaknesses such as phishing results from the lack of uniform security policies and practices between the mining companies and its third-party vendors. Even more, mining companies face the same threats as most complex industrial control systems. The mining process is complex and involves thousands of pieces of processing equipment and automated processes. This creates a system as vulnerable as any ICS components.
Finance: Although finance remains one of the most targeted industries worldwide, it is especially targeted in the APAC region due to rapid technological adoption and severely lagging security efforts within the industry. Organizations in this space lack the people, training, infrastructure, and tools to protect their networks – and their assets – from cybercriminals with far more advanced methods and technology.
North Korean threat actors have demonstrated a special interest in the financial sector through targeted malware campaigns against global and regional banks. Threat actors in the region use political events such as the United States-North Korea summit to lure users into clicking on phishing links in emails.
Top Malware Threats Facing APAC Organizations
While threat actors use an ever-expanding portfolio of attack strategies to penetrate corporate networks, malware persists as one of the most consistently problematic. We found four malware threats that disproportionately impact APAC businesses:
- Supply chain
- Credential theft
Cryptomining Malware: In the last quarter of 2018, 65 percent of the total global cryptomining malware detections occurred in the APAC region. This type of malware is evolving and becoming more difficult to prevent and detect as threat actors are pouring their resources into making this a lucrative business. The prevalence of cryptomining malware more than doubled from quarter to quarter from 13% to 28%. This trend is expected to continue throughout 2019 as malicious actors are finding ways to target blockchain technology.
Ransomware: Ransomware is causing devastating effects on the APAC region, commonly using supply chain attacks through social media and popular chat apps. The WannaCry ransomware persists on thousands of infected systems worldwide, with the highest percentage of affected systems coming in China, Indonesia, and Vietnam due to unpatched vulnerable systems. Sorebrect, a fileless ransomware infection that targets network shares, has also been very active in Southeast Asia, especially in Indonesia, Thailand and the Philippines.
Supply Chain Malware: Security researchers discovered hackers targeting the “EasyLanguage” software supply chain in China. The ransomware spread to more than 100,000 computers in less than four days. The authors signed the ransomware with a trusted digital certificate from Tencent Technologies, a Chinese company.
Credential Theft Malware: Throughout 2018, credential theft malware remained one of the top malware threats in the APAC region. The top three credential theft malware found in the APAC region were Lokibot, Emotet, and Pony.
The turbulent political climate in the APAC region mirrors an instability in the cyber world that is best predicted and detected through actor-centric intelligence. Put simply: The more we know about the threat actors and how they behave, the better we will be able to collect quality intelligence to detect and mitigate cyberattacks proactively. IntSights is dedicated to monitoring threat activity on the open, deep, and dark web to better understand threat actors’ tendencies and attack strategies threatening organizations in the APAC region.
Learn more about Asia's dark web cybercriminal landscape by downloading The Dark Side of Asia: An Inside Look at Asia's Growing Underground World for an inside look at the trends, laws, motivations, and threat actors operating there.