From 2019’s cyberthreat trends, we know threat actors are eyeing our region for even more ambitious attacks to come.
With developed countries in APAC grasping at 5G technology and Industry 4.0 leadership, and emerging economies embracing a hyper-online mobile presence, the region is set to be the testing ground for new technologies and trends going forward.
Cybercriminals are well aware of the region’s rich hunting ground, and the region needs to remain ever-vigilant of the former’s attack patterns, demographics and other discernible culture. To that end, readers should take note of the following issues posited by researchers from Kaspersky for their security planning.
- More mobile threats
As the number of users moving to mobile platforms from regular PCs is still growing in the region, we can expect more threat actors going into this space. A number of different Android and iOS 0-day exploits were reported in 2019, like the watering hole spyware discovered on iOS which can get hold of confidential data like iMessage photos and GPS location.
The interest in compromising mobile platforms with persistence is ever-growing, and mobile exploits show signs of becoming a commodity with increasing affordability to threat actors. According to Vitaly Kamluk, Director for Global Research and Analysis Team (GReAT) Asia Pacific, Kaspersky: “Mobile users in APAC remain vulnerable to social-engineering which, up to this time, is one of the most common attack vectors. Users are often tricked by online scams, automated dialers, sextortion attempts, and free online services offering free streaming video, which often come with hidden in-browser cryptocurrency miner.” - New techniques and new platforms to thwart analysis
Last year, Advanced Persistent Threats (APT) actors active in this region took on new techniques and approaches such as using steganography, developing malware in the Nim programming language or using malicious LNK files.
Researchers have also seen the OceanLotus APT deploy their new iOS malware in 2019. This threat actor has been actively adopting new techniques which are aimed to complicate malware analysis. - “Belt and Road Initiative” attracting hacker interest
BRI is an intercontinental program that aims to connect China to Asia, Africa, and Europe. The economic initiative has already attracted interest in a few countries in the region from APTs such as Ocean Lotus, Lucky Mouse, and HoneyMyte. - Supply chain attacks remain one of the largest threats
Last year’s breaches of several software supply chain companies in Asia were linked to a threat actor known as ShadowPad/ShadowHammer. A survey conducted by Kaspersky showed that successful supply chain attacks can cost as much as US$2.57m on average.
Given that this group has been active in the past several years executing similar attacks on a lower scale, expect this actor and also other groups to move into this segment going forward. - Olympic Games in Japan
It has almost become a tradition to run politically motivated attacks during the Olympic Games. With high political tension in many regions of the world, we need to be ready for one or even several independent attacks to happen during the upcoming Olympic Games in Tokyo.
Comments Stephan Neumeier, Managing Director for Asia Pacific at Kaspersky: “With its developed countries at the forefront of 5G technology and Industry 4.0 and its emerging economies with hyper-online and highly mobile and young population, the Asia Pacific region is definitely at the center of the new technologies and trends that will define the new decade. These truths, combined with the geopolitical structure of the region, will definitely shape the regional landscape in the region.”
Organisations and individuals can make better decisions for boosting their cybersecurity habits and culture by keeping in tune with trend reports and analyses from a wide range of sources and deciding how best to make use of objective research information and opinions.
