A study of the region’s cyber threat landscape in 2021 shows what areas of cybersecurity still need urgent, permanent fixing

With the help of public sources and “specialized” search engines, cybersecurity firm Kaspersky collected information on 390,497 services available from public networks in 2021 and analyzed them for key security issues and vulnerabilities in the Asia Pacific region, including the six key countries South-east Asia (SEA).

In the report for the study period, almost every fifth of the vulnerable services contained more than one vulnerability, thereby increasing the chances of an attacker performing a successful attack. Complicated business processes left services exposed on the perimeter, which in turn increased the external attack surface.

All industry sectors analyzed in all the SEA countries had issues with application of security updates for publicly available services, and the exploitation of 1-day vulnerabilities was a rapidly growing share of cybercriminals’ initial access.

Two major attack paths
Finally, by a huge margin, government institutions were potential incident generators due to their hold of major personally identifiable information and critical services: serving more than 40% of the attack surface for brute force attacks and credential leaks reuse.

Two major attack paths were cited:

    1. ProxyShell and ProxyLogon vulnerabilities: Exploits for these two common vulnerabilities were easily available on the Internet, enabling even low-skilled attackers to take advantage of the security holes.
      1. While ProxyShell was quite common in China and in Vietnam, the countries most affected by ProxyLogon in the study were Thailand (in government bodies), China (in the Financial sector), the Philippines (in the healthcare sector), and Indonesia (in the industrial sector).
      2. The best defense against these vulnerabilities is to keep public-faced systems updated with the latest patches and product versions. Organizations should also avoid direct access to Exchange Server from the Internet.
    2. Remote Desktop Protocol: This formed a great share of attackers’ initial access strategies leading to cybersecurity incidents. Of 16,003 remote access and management services available for exploit, Indonesia, India, Bangladesh, the Philippines, and Vietnam provided the maximum facilities for attackers to gain remote access.

Said Chris Connell, Managing Director (Asia Pacific), Kaspersky: “Malicious actors have a lot of options to infect lucrative industries. In short, a cyberattack is like a ticking bomb,” noting that organizations that know their cyber weak-points will be able to use such intelligence information to guide their cybersecurity capacity building.