Surge in financial phishing attacks threatens SEAsia’s businesses

From January to June 2024, Kaspersky anti-phishing technologies detected 336,294 phishing attacks launched at organisations and businesses in the Southeast Asia. The attacks were impersonating e-commerce, banking, and payment brands and was aimed at stealing credentials and other sensitive data.

Financial phishing attacks are rapidly increasing in the country as cybercriminals continuously evolve and adapt their tactics, making them sophisticated. The number of attacks rose by 41 percent compared to the corresponding period last year, underpinned by increased digital adoption and use of artificial intelligence and automation by threat actors to render convincing contents and target victims more effectively.

“The pool of potential victims has grown larger over the past few years given the increased usage of online banking and digital financials services. Kaspersky experts attribute this sharp rise to an increase in fraudulent activity rather than a decline in user vigilance: cybercriminals are becoming more aggressive in their pursuit of users’ data and money, including for those from corporate devices,” says Adrian Hia, Managing Director for Asia Pacific at Kaspersky.

Financial phishing is a type of phishing which refers to fraudulent resources related to banking, payment systems and digital shops.

Through financial phishing, attackers deceptively manipulate victims to divulge their personal and valuable information such as login credentials to financial accounts, as well as other personal or corporate information that is stored in those accounts. They are employing advanced social engineering schemes masquerading as, financial institutions, to deceive, invoke fear and exhort victims, and in some instances impersonating charitable organisations to trick victims into making contributions.

Thailand logged the highest number of financial phishing attacks at 141,258, followed by Indonesia with 48,439. Vietnam experienced 40,102 attacks while Malaysia registered 38,056 phishing attacks related to financial matters. Singapore and the Philippines chalked up the least number of this threat at 28,591and 26,080 respectively. Thailand and Singapore both registered the two highest increase of 582 percent and 406 percent respectively compared to corresponding period last year.

“Financial phishing will continue to evolve in this region and sectors like banking, insurance and ecommerce will be remain prime targets. Apart from traditional phishing emails, cybercriminals will also continue to exploit social media and messaging platforms to spread fraudulent links, fake pages and apps. With deepfakes growing prevalent, we will also see increase fake videos and voice messages that are highly sophisticated and harder to detect.  It is imperative now more than ever for companies to step up their security measures, by implementing robust security solutions, adopting best practices and training their workforce to raise awareness of cyber threats and how to protect themselves and their organisations,” adds Hia.

To help companies protect their systems against the wide range of cyberthreats, including but not limited to phishing, Kaspersky experts recommend:

1. Process and Best Practices

1. Always keep software updated on all the devices to prevent attackers from exploiting vulnerabilities and infiltrating organisation’s network. 
2. Promptly install available patches for commercial VPN solutions providing access for remote employees and acting as gateways in your network.
3. Back up data regularly and ensuring they can be accessed quickly when needed or in an emergency.

• Avoid downloading and installing pirated software or software from unknown/unverified sources.
• Do not expose remote desktop/management services (such as RDP, MSSQL, etc.) to public networks unless absolutely necessary and always use strong passwords, two-factor authentication and firewall rules for them.
• Monitor access and activity by having visibility over the network to spot any unusual activity, and controlling user access to as-need, and as-required basis to minimise risks of unauthorised access and data leak.
• Draft a security emergency playbook and ensure it is current. Kaspersky can conduct table top exercise to help run through the emergency drill.
• Assess and audit your supply chain and managed services access to your environment. Kaspersky offers  compromise assessment services if you suspect that you may be compromised.

• Set up a Security Operations Centre

1. Set up a security operation centre (SOC) using an SIEM (security information and event management) toollikeKaspersky Unified Monitoring and Analysis Platform,a unified console for monitoring and analysing information security incidents, and solutions such as Kaspersky Next XDR Expert, a robust cybersecurity solution that defends against sophisticated cyberthreats.
2. Use the latest Threat Intelligence information to have an in-depth visibility into cyberthreats targeting your organisation and provide your InfoSec professionals with the most comprehensive and up-to-date information regarding potential malicious actors and their TTPs.
3. Employ Kaspersky Professional Services to optimise the workload of your heavily challenged IT department. Kaspersky experts assess the state of your current IT security, then deploy and configure Kaspersky software quickly and properly to ensure hassle-free ongoing performance.
4. If your company does not have a dedicated IT security function and only has generalist IT admins who may lack the specialist skills required for expert-level detection and response solutions, consider subscribing to a managed service such as Kaspersky MDR. This would instantly boost your security capabilities by an order of magnitude, while allowing you to focus on building in-house expertise.
5. For protection of very small businesses, use solutions intended to help you manage your cybersecurity even without having an IT administrator on board. Kaspersky Small Office Security provides you with hands-off security due to ‘install and forget’ protection and saves the budget which is crucial, particularly in the early stages of business development.  
6. Kaspersky offers SOC maturity assessment to help organisations identify gaps in security operations and opportunities for improvement.

• People

1. Educate employees and improve their cybersecurity literacy through tools such as Kaspersky Automated Security Awareness Platform – Employees should be aware of the risks of cybersecurity threats and how to protect themselves and organisation from them.
2. Train and upskill your cybersecurity team/professionals with Kaspersky Expert training to advance their skills and defend organisation against attacks.
3. Educate your C-level executives with interactive cyber games like Kaspersky Interactive Prevention Simulation.