Two years into the pandemic, Southeast Asia, as well as the rest of the world, is gearing up for recovery in 2022. Companies and individuals are ready to regain a sense of normalcy, with back-to-office, back-to-school, and back-to-travel policies being put in place.
But year in and year out, pandemic or no pandemic, cybercriminals are always on the job. They will continue to use different and more sophisticated means to target a variety of industries, from airlines, hospitals and government websites to banks, telecom companies, universities, e-commerce, and even social media giants. Experts from the cybersecurity firm Kaspersky have outlined four top trends to look out for this year:
Decrease of targeted ransomware attacks: The pandemic coincided with the rise of targeted ransomware attacks focusing on the most valuable targets as well as interruption-sensitive businesses.
Some companies from Asean were among the victims. However, with strong international cooperation and multiple task forces to trace ransomware gangs, Kaspersky experts believe the number of such attacks will decrease during 2022.
"The initial call was made by the US government, involving the FBI, and even offensive capabilities of the US Cyber Command. We anticipate that the attacks may resurface later, focusing on hitting developing countries with poor cyber-investigative capabilities or countries that are not allies of the US," says Vitaly Kamluk, director of the global research & analysis team for Asia Pacific at Kaspersky.
Given the geopolitical stance of some countries in Southeast Asia, it's likely that there will be fewer or even no such attacks in certain countries from the region in 2022.
Yet, broadly available hosting services offered by countries like Singapore and Malaysia, data centre services and infrastructure can still be abused by ransomware gangs.
Advanced scams and social engineering: One distinctive feature of citizens of developed countries is an elevated feeling of safety. Higher expenditure on technology, including cybersecurity, generates a long-term feeling of safety online as well.
As a result, the general population is less exposed to traditional cyberthreats -- it's just harder to find unprotected infrastructure or infected users. This is why more attacks are non-technology focused, exploiting human vulnerabilities, involving all sorts of scams via SMS, automated phone calls, popular messengers, social networks, and so on.
In Thailand, for example, nearly 40,000 people were scammed last year with their bank accounts and credit cards showing inexplicable transactions. Scammers also used fake bank websites to steal banking details of Malaysians last year. Impersonations of top e-commerce platforms in Vietnam were also used to trick users to send money.
"This trend is fuelled by automation of some services, such as automatic dialling and automatic initial message delivery with expected follow-up action that triggers manual human-driven scam operation," said Mr Kamluk.
"We believe this trend will develop further in the future, including production of victim-tailored documents, images, deepfake videos, voice synthesis. It's possible that there will be a shift back from computer-assisted crime schemes [scams] to pure cybercrime based on complete compromise of digital assets [user accounts, smartphones, personal computers]."
More data breaches by unidentified attackers: With the decrease of targeted ransomware attacks openly exposing stolen data and taking the responsibility for a breach, we will see the rise of stolen data being offered on the black markets.
"In recent years, we observed that in many cases of data breaches the victims were neither able to identify the attackers, nor find out how they got compromised," said Mr Kamluk. "Although there has always been a challenge to identify the attacker and the source of the breach, the percentage of such cases has increased significantly in the past two years, reaching over 75% according to our research."
Experts from Kaspersky believe this is not only a symptom of serious challenges that cyber defenders face, but also a motivational factor and a signal for other passive cybercriminals to rush into the field of data theft and illegal trading.
Cryptocurrency and NFT industry attacks: By observing cutting-edge attackers with large human resources, such as Lazarus group and its sub-group, BlueNoroff, Kaspersky researchers have concluded that we can expect an even more significant wave of attacks on cryptocurrency businesses.
Even the growing NFT (non-fungible token) industry will be targeted by cybercriminals. Countries in Southeast Asia could be vulnerable as they are leaders in terms of NFT ownership, with the Philippines topping the list at 32% saying they own such digital assets.
Among 20 countries surveyed, Thailand (26.2%) ranked second, followed closely by Malaysia (23.9%). Vietnam (17.4%) was fifth and Singapore (6.8%) 14th.
"From direct attacks on employees of cryptocurrency startups and exchanges through sophisticated social engineering, software exploits, and even fake suppliers to mass attacks via supply-chain software or its components [such as third-party code libraries] -- we will see an increase of such cases. Additionally, we should see more incidents of NFT property theft in the coming years," said Mr Kamluk.
"Being a totally new area, this will cause a deficit in skilled police investigators that will result in an initial surge of such attacks."
These attacks will not only have an effect on global cryptocurrency markets but also the share price of individual companies, which will also be monetised by the attackers via stock market illegal insights trading, he added.