Connect with us

Hi, what are you looking for?

HEADLINES

Businesses in Thailand and Philippines hardest hit by advanced cyber attacks in 1H of 2015

Artwork by Janis Dei Abad

Organizations observed in Southeast Asia faced a 45% higher risk of facing a targeted cyber attack than the global average, according to a new report released by FireEye, Inc. and Singapore Telecommunications Limited (Singtel). In the prior six-month period, they faced only a 7% higher risk.

Across the region, 29% of observed organisations were targeted with advanced cyber attacks in the first half of 2015. Thailand and the Philippines were hardest hit, with 40% and 39% of observed organizations exposed to these attacks, respectively.

More than one-third of malware detections associated with advanced persistent threat (APT) groups originated within the entertainment, media and hospitality industries. By targeting media organisations, threat groups can gain access to news before it is published and potentially identify undisclosed sources.

FireEye observed at least 13 APT groups targeting national government organisations and at least four APT groups targeting regional or state governments around the world.

Advertisement. Scroll to continue reading.

“Espionage isn’t new but it is increasingly conducted online, and Southeast Asia is a hot spot,” said Eric Hoh, president for Asia Pacific Japan at FireEye. “Geopolitics can drive cyber attacks. As Southeast Asia becomes a larger economic player on the world stage and tensions flare in the South China Sea, organisations should be prepared for targeted attacks.”

William Woo, Managing Director, Enterprise Data and Managed Services at Singtel said, “The report emphasises the frequency and sophistication of cyber attacks against all types of industries and enterprises in the region. The risk of attack, faced by regional enterprises, is higher than the global average. Therefore these enterprises must make it a priority to reinforce their cyber defences. Even though APT attacks can be discovered within a shorter timeframe than before, which is currently after 205 days, this still leaves enterprises wide open to malicious activity within their breached environment. To avoid such a situation, it is imperative for enterprises to adopt preemptive measures, such as our cyber defence managed services, to safeguard their assets and customers, in order to protect their reputations.”

Threat intelligence is an important tool for organisations seeking to stay ahead of attackers. The report contains insights into recent developments in Southeast Asia’s cyber threat landscape, such as groups targeting prominent institutions to gather political and economic intelligence, the detection of a known cyber espionage campaign, and threat actors’ evolving techniques to evade detection.

State-owned Bank Compromised

FireEye observed malware beaconing from a state-owned bank in Southeast Asia. FireEye Threat Intelligence believes the malware, called CANNONFODDER, is most likely used by Asian cyber threat groups to collect political and economic intelligence. In late-2014, FireEye observed the malware beaconing from an Asian telecommunications company. In mid-2014, the company observed threat actors sending spear phishing emails with malicious attachments to employees of an Asian government.

Advertisement. Scroll to continue reading.

Decade-Long Cyber Espionage Campaign Detected

In April 2015, FireEye released a report documenting an advanced persistent threat group referred to as APT30 which conducted a cyber espionage operation against businesses, governments and journalists in Southeast Asia for ten years. This group’s malware, called Lecna, comprised 7% of all detections at FireEye customers in Southeast Asia in the first half of 2015.

Stealthy Group Targets Southeast Asia Government

FireEye has been tracking ongoing activity associated with a unique and relatively stealthy group it first identified in 2013 as APT.NineBlog. One of the probable targets of the group’s 2015 campaign is a Southeast Asian government, based on the specificity of some of the decoy documents. The group’s malware uses encrypted SSL communications to evade detection. In addition, the malware attempts to detect the presence of applications used to analyze malware, and it quits if any is detected.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

In rigorous evaluations conducted by prestigious cybersecurity testing organizations, Kaspersky Plus (starting in Q4 2024, Kaspersky Premium), Kaspersky Endpoint Security for Business (KESB), and...

HEADLINES

"Given the Philippines' high exposure to cyber threats, it's important for both individuals and businesses to stay vigilant," said Adrian Hia, Managing Director for...

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

Advertisement