Published on Computer Weekly 7 Oct 2020
By Aaron Tan,
Southeast Asia has been a hotspot for cyber attacks this year as advanced persistent threat (APT) groups took advantage of the geopolitical landscape and the ongoing Covid-19 pandemic to advance their motives.
Speaking at a regional media briefing on 6 October 2020, Vitaly Kamluk, Kaspersky’s director for global research and analysis team in Asia-Pacific, said Malaysia, for instance, saw a spike in the number of cyber attacks from May to June 2020, which coincided with changes in the country’s political leadership.
“Political confrontation and tension will always be reflected in cyber space,” Kamluk said, noting that cyber criminals have leveraged political tension and the coronavirus to launch more cyber attacks in Malaysia.
In some cases, however, the coronavirus had slowed down certain types of cyber criminal activity. Citing Kaspersky’s research, Kamluk said in Indonesia, for example, fewer people came across crypto-mining websites from March 2020 compared to January 2020.
“Not only threats but all cyber criminal activities were kind of suspended for a few months, starting from March when Europe and other countries started implementing containment measures,” Kamluk said, noting that volume of cyber criminal activities was fluctuating in August as countries went in and out of lockdowns.
That has not stopped the ransomware menace from spreading across the region. Kamluk said since the start of 2020, more users in Southeast Asia have reported ransomware attacks, particularly those in Indonesia.
On the other hand, Singapore has seen the least number of ransomware attacks in Southeast Asia. Kamluk said this could be due to stronger cyber security awareness and bigger cyber security budgets in the city-state.
Still, a subsidiary of Singapore’s ST Engineering Aerospace fell prey to the Maze ransomware in June 2020 that reportedly led to the theft of 1.5TB of data.
The group behind Maze had also created a website where they revealed the identities of their victims as well as the details of the attack – date of infection, amount of data stolen, names of servers and more.
“We are monitoring an uptick on Maze detections globally, even against a few companies in Southeast Asia, which means this trend is currently gaining momentum,” Kamluk said.
“While the public shaming part of the attack adds to the pressure of bowing to the demands of these cyber criminals, I strongly advise companies and organisations not to pay ransom and to involve law enforcement agencies and experts during such scenarios.
“Remember that it is also better to have your data backed up, your cyber security defences in place, to avoid falling victims to these malicious actors,” he added.
Cyfirma, a threat intelligence startup, noted that healthcare, government agencies, banks, manufacturing, retail, IT service providers and e-commerce platforms will likely be on the radar of ransomware groups for the rest of the year.
“The planning might have started long before the actual execution of campaign and deployment of the malware, thus it is important to stay alert and take all necessary precautions,” Cyfirma warned in its latest threat report for Southeast Asia and Japan.
“The ‘ransomware-as-a-service’ model will influence a lot of new age cyber criminals onto hacking as a means for making quick money. Data exfiltration, reputation damage and financial gains are the primary motives,” it added.