Connect with us

Hi, what are you looking for?

HEADLINES

Six months of phishing attacks in 2022 exceed SEA’s total number last year

Kaspersky urges organizations to pay attention as most APT attacks infect enterprises, governments through targeted phishing.

Phishing incidents continue to skyrocket in Southeast Asia (SEA). The latest data from global cybersecurity company Kaspersky revealed that it only took six months for cybercriminals to exceed their phishing attacks last year against users from the region. 

From January to June 2022, Kaspersky’s Anti-Phishing system blocked a total of 12,127,692 malicious links in SEA. It is 1 million more than the total number of phishing attacks detected here in 2021 – 11,260,643.

Phishing, a type of social engineering attack, remains one of the key methods used by attackers to compromise their targets – both individuals and organizations. It works as it is done on a large scale where cybercriminals send massive waves of emails purporting to be legitimate companies or personalities to promote fake pages or infect users with malicious attachments. 

The end goal of a phishing attack is to steal credentials – particularly financial and login information – to steal money or worse to compromise an entire organization. 

More than half of the H1 2022 phishing detections were targeting Kaspersky users in Malaysia, the Philippines, and Vietnam.

Advertisement. Scroll to continue reading.

Four out of six countries from SEA – Malaysia, the Philippines, Thailand, and Vietnam – recorded more phishing emails during the first six months of this year compared to their total number of incidents in 2021.

“The first half of 2022 is eventful in good and bad ways. On a personal level, we went through the seismic shift of trying to regain our lives post-pandemic, forcing companies and organizations to welcome remote and hybrid work. The travel sector, including airlines, airports, travel agencies, and more, has also been overwhelmed by the influx of tourists wanting to travel with borders now open. Behind these shifts are networks and systems that needed to be updated and secured hastily. On the other hand, cybercriminals are all ears and with their ability to tweak their messages and infuse them with believable urgency. As a result, we’ve seen real, unfortunate incidents of victims losing money because of phishing attacks,” comments Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

Aside from individual’s loss of money, Kaspersky’s elite researcher recently sounded the alarm that most of the Advanced Persistent Threat (APT) groups in the Asia Pacific including SEA use targeted phishing to enter into a highly-defended network. 

As the name “advanced” suggests, an APT uses continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain inside for a prolonged period of time, with potentially destructive consequences. 

Because of the level of effort needed to carry out such an attack, APTs are usually leveled at high-value targets, such as nation states and large corporations, with the ultimate goal of stealing information over a long period of time, rather than simply “dipping in” and leaving quickly, as many black hat hackers do during lower level cyber assaults.

Advertisement. Scroll to continue reading.

Noushin Shabab, Senior Security Researcher for Global Research and Analysis Team (GReAT) at Kaspersky, revealed in a recent presentation that targeted phishing, also known as spear phishing, is the preferred infection vector of APT groups operating in the region.

“We did a report this year which found that the majority (75%) of executives here are aware and even anticipate an APT attack against their organizations. With phishing incidents hitting the roof in just the first six months of the year, enterprises, public entities, and government agencies should understand the impact of one wrong click on their critical networks and systems. We, humans, remain the weakest link and it is time to look beyond training and awareness. Backup security plans – like incident response capabilities – should be in place to stop a phishing email from becoming the launch pad of a damaging attack to your organization,” adds Yeo.

Traditional security often doesn’t stop spear phishing attacks because they are so cleverly customized. As a result, they’re becoming more difficult to detect. One employee mistake can have serious consequences for businesses, governments, and even nonprofit organizations.

With stolen data, fraudsters can reveal commercially sensitive information, manipulate stock prices or commit various acts of espionage. In addition, spear phishing attacks can deploy malware to hijack computers, organizing them into enormous networks called botnets that can be used for denial of service attacks.

To fight spear phishing scams, employees need to be aware of the threats, such as the possibility of bogus emails landing in their inbox. Besides education, technology that focuses on email security is necessary. Kaspersky recommends installing protective anti-phishing solutions on mail servers as well as on employee workstations.

Advertisement. Scroll to continue reading.

For enterprises and organizations, Kaspersky suggests building incident response capabilities that will help manage the aftermath of an attack and to incorporate threat intelligence services to have in-depth knowledge of the evolving threat and tactics of active APT groups.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well...

HEADLINES

Financial phishing attacks are rapidly increasing in the country as cybercriminals continuously evolve and adapt their tactics, making them sophisticated. The number of attacks...

HEADLINES

A Scale of Harm study by the International Justice Mission revealed that almost half a million Filipino children were trafficked to produce new child...

HEADLINES

Yondu launched an extensive, month-long cybersecurity awareness campaign focused on modern threat detection, incident response, and social engineering defense.

ELECTRONICS

Philips EasyKey partnered with Megaworld and equipped their world-class properties with only the best-in-class smart locks we have on offer, the Philips EasyKey 9300.

HEADLINES

The PLDT wireless unit is also calling on customers to report these messages to Smart’s HULISCAM portal for further action.

HEADLINES

Here are some tips from Sophos for staying secure online during the cybersecurity awareness month.

HEADLINES

While only 21% of hackers believed that AI technologies enhance the value of hacking in 2023, 71% reported it to have value in 2024....

Advertisement