Phishing attacks more than double
Targeted attacks against businesses and governments a major concern in Asean, says Kaspersky
published : 21 Oct 2022 at 04:00
newspaper section: Business
Phishing incidents continue to skyrocket in Southeast Asia. The latest data from the global cybersecurity company Kaspersky shows that it took only six months this year for cybercriminals to exceed the total number of phishing attacks they made the year before against users in the region.
From January to June this year, the company says its anti-phishing system blocked more than 12.1 million malicious links in Southeast Asia. That is 1 million more than the total number of phishing attacks detected in 2021.
Phishing, a type of social engineering attack, remains one of the key methods used by attackers to compromise their targets -- both individuals and organisations. It works as it is done on a large scale where cybercriminals send massive waves of emails purporting to be from legitimate companies or personalities to promote fake pages or infect users with malicious attachments.
The end goal of a phishing attack is to steal credentials -- particularly financial and login information -- to steal money, or worst, to compromise an entire organisation.
More than half of the detections in the first half of 2022 were targeting Kaspersky users in Malaysia, the Philippines and Vietnam. Four out of six major markets in Southeast Asia -- Malaysia, the Philippines, Thailand and Vietnam -- recorded more phishing emails during the first six months of this year compared to their total number of incidents in 2021.
"The first half of 2022 was eventful in good and bad ways. On a personal level, we went through the seismic shift of trying to regain our lives post-pandemic, forcing companies and organisations to welcome remote and hybrid work," said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.
"The travel sector, including airlines, airports, travel agencies and more, has also been overwhelmed by the influx of tourists wanting to travel with borders now open. Behind these shifts are networks and systems that needed to be updated and secured hastily.
"On the other hand, cybercriminals are all ears and with their ability to tweak their messages and infuse them with believable urgency. As a result, we've seen real, unfortunate incidents of victims losing money because of phishing attacks."
Aside from individuals' loss of money, Kaspersky's researchers have sounded the alarm about advanced persistent threat (APT) groups in Asia Pacific including Southeast Asia, which use targeted phishing to enter into highly defended networks.
As the name "advanced" suggests, an APT uses continuous, clandestine and sophisticated hacking techniques to gain access to a system and remain inside for a prolonged period of time, with potentially destructive consequences.
Because of the level of effort needed to carry out such an attack, APTs are usually aimed at high-value targets, such as nation states and large corporations, with the ultimate goal of stealing information over a long period of time, rather than simply "dipping in" and leaving quickly, as many black-hat hackers do during lower-level cyber assaults.
Noushin Shabab, senior security researcher on the global research and analysis team at Kaspersky, said in a recent presentation that targeted phishing, also known as spearphishing, is the preferred infection vector of APT groups operating in the region.
"We did a report this year which found that the majority [75%] of executives here are aware and even anticipate an APT attack against their organisations," said Mr Yeo.
"With phishing incidents hitting the roof in just the first six months of the year, enterprises, public entities and government agencies should understand the impact of one wrong click on their critical networks and systems.
"We, humans, remain the weakest link and it is time to look beyond training and awareness. Backup security plans -- like incident response capabilities -- should be in place to stop a phishing email from becoming the launchpad of a damaging attack to your organisation."
HARD TO DETECT
Traditional security often doesn't stop spearphishing attacks because they are so cleverly customised. As a result, they're becoming more difficult to detect. One employee mistake can have serious consequences for businesses, governments, and even nonprofit organisations.
With stolen data, fraudsters can reveal commercially sensitive information, manipulate stock prices or commit various acts of espionage. In addition, spearphishing attacks can deploy malware to hijack computers, organising them into enormous networks called botnets that can be used for denial-of-service attacks.
To fight spearphishing scams, employees need to be aware of the threats, such as the possibility of bogus emails landing in their inbox. Besides education, technology that focuses on email security is necessary. Kaspersky recommends installing protective anti-phishing solutions on mail servers as well as on employee workstations.
For businesses and organisations, it's important to build incident response capabilities that will help manage the aftermath of an attack and to incorporate threat intelligence services to have in-depth knowledge of the tactics of active APT groups.