Over time, we have become more connected to the Internet. For Southeast Asia, the COVID-19 pandemic had intensified the need to embrace and accelerate digitalisation – 2 hours on average have been added to the time being spent online daily by users, 64% have moved their retail activities online and nearly 8 in 10 are working from home, according to a study by Kaspersky.
However, this transition to the digital landscape also means a heightened exposure to threats for both individuals as well as organisations. “There are 268 million local threats that have been detected in the SEA region from January to June 2020. Among these, there were 39% more phishing attempts targeted against small and medium businesses compared to before the pandemic”, explained Yeo Siang Tiong, Kaspersky’s General Manager for Southeast Asia, in a virtual webinar earlier this week.
These “commodity threats” account for 90% of the types of attacks in the region, while the remaining 10% belongs to more advanced threats, targeted attacks using known Tactics, Techniques and Procedures (TTPs) and targeted campaigns as well as cyber weapons using unknown TTPs.
Ten per cent (10%) may not sound like a lot, but the growing number of incidents involving advanced malware and techniques should be a cause for concern, especially with cybercriminals increasingly adding blackmailing to their arsenal to ensure that their victims will pay up. Moreover, the effects of advanced persistent threat (APT) attacks are generally devastating, be it in terms of monetary or data loss and severe downtime suffered by the victims and those who rely on their services.
During the session, Vitaly Kamluk, Principal Security Researcher at Kaspersky, shared an update on APT Groups to watch out for in Southeast Asia based on research conducted by his team. He said that possibly one of the most notorious groups in recent times is Maze, which has already attacked various organisations such as LG Electronics and Canon. During its attacks, Maze would infiltrate the system of a company, steal sensitive data, encrypt it and demand ransom for retrieval. If not paid, the data would be released to the public.
“We are monitoring an uptick on Maze detections globally, even against a few companies in Southeast Asia, which means this trend is currently gaining momentum. While the public shaming part of the attack adds to the pressure of bowing to the demands of these cybercriminals, I strongly advise companies and organisations not to pay the ransom and to involve law enforcement agencies and experts during such scenarios. Remember that it is also better to have your data backed up, your cybersecurity defences in place, to avoid falling victims to these malicious actors”, added Vitaly.
Aside from Maze, Vitaly also talked about Lazarus, also known as APT38. Their modus operandi is to target employees of defence and government agencies with a “dream job” offering and use phishing attacks to infiltrate cryptocurrency companies.
PlugX, as seen in Myanmar, Vietnam and Malaysia, targets governments, non-government organisations and even managed security service providers, with a new spreading mechanism utilising flash drives. Using topics such as the pandemic and network security policy to lure its victims, the Mahacao group exploits LNK files hidden inside ZIP and RAR packages and leverages Google Drive to avoid detection.
As companies advance their operations, cybercriminals are also persistent in keeping up with these changes through advanced security threats. To remain protected against these threats, Vitaly suggests enterprises and organisations should:
Stay ahead of the enemy: make backups, simulate attacks, prepare an action plan for disaster recovery.
Deploy sensors everywhere: monitor software activity on endpoints, record traffic, check hardware integrity.
Never follow the demands of the criminals: Do not fight alone - contact Law Enforcement, CERT, security vendors like Kaspersky.
Train your staff while they work remotely: digital forensics, basic malware analysis, PR crisis management.
Follow the latest trends: via premium threat intelligence subscriptions, like Kaspersky APT Intelligence Service.
Know your enemy: identify new undetected malware on-premises with Kaspersky Threat Attribution Engine.