As part of its ongoing efforts on creating awareness about cybersecurity, research firm Kaspersky Lab recently commenced the third Cyber Security Weekend to address concerns about the cyber threat landscape and the alarmingly growing cases of cyber espionage in the Asia Pacific Region, particularly targeting critical infrastructures of countries and companies.
Researchers of Kaspersky Lab have recorded a remarkable increase in malware attacks over the years. In fact, from a summated one million attack from 1986 to 2006, the numbers swelled to 310,000 attacks per day, resulting in more than 758 million malicious online attacks recorded in 2016.
While it is known that malware attacks are mostly targeted toward Android, iOS, and Windows devices, Stephan Neumeier, Managing Director of Kaspersky Lab of Asia Pacific emphasized attackers will soon shift target focus on devices running Linux OS.
“Our prediction is one of the next focus should be on Linux,” Neumeier said. “Taking into consideration the IoT devices since 2015, we’ll have more digitally connected devices than the people living in the planet. Digitally connected devices are taking over and the prediction is by 2020, we’re most likely looking at 26 billion connected devices heavily driven by IoT. Again, IoT will be focused on Linux so we want to make sure we’re protecting these devices,” he explained.
In his opening presentation for the Cyber Security Weekend 2017 held in Phuket, Thailand, Neumeier also warned how traditional and modern attackers are now being collaborative to exploit attacks.
“Cybercriminals are already sharing information. There are no borders and limitations for them. One group starts something, then they sell whatever they have developed to another group, then that group will develop it further and sell it again to others. Cybrecriminals are much better connected today,” the company executive said.
According to Neumeier, this can be counter-attacked by letting government agencies practice technology sharing.
“We can only protect ourselves if we also share information between countries and practice technology sharing because cybercriminals already do that,” he said.
Cyber espionage in APAC
One of what is considered as the world’s worst cyberattacks happened a year after and involved two countries in Asia. The Bangladesh Bank Heist allegedly done by the Lazarus group transferred USD 81 million from a bank in Sri Lanka to the Philippines. Earlier this year, Kaspersky Lab reported a possible involvement of the same cyber espionage group in two different attacks: the South Korea defense agency attack, and an attack that infected 60 ATMs and stole information from over 2,000 credit cards.
Last 2016, Kaspersky Lab also monitored the new activity of the Blue Termite APT, a cyber espionage campaign that has been targeting organizations in Japan to infect government agencies, heavy industries, financial, chemical, satellite, media, educational organizations, as well as the medical and food industries since 2014.
Kaspersky Lab also jotted a previous attack in 2015 which involved the Naikon APT, also known as the APT-30, after revealing that the Chinese-speaking group has infiltrated the military, government, and civil organizations affected in the issue of the conflict-ridden South China Sea. The said group stole geopolitical data from the Philippines, Malaysia, Cambodia, Indonesia, Vietnam, Myammar, Singapore, and Nepal.
According to Kaspersky Lab Director of Global Research and Analysis Team (GReAT) in Asia Pacific Vitaly Kamluk, the security research firm continues to track high-profile cyber espionage attacks in the Asia Pacific region.
“Our detailed records of previously active and still active APTs, and cyber espionage groups eyeing state secrets, corporate data, and even money from the Asian countries are clear evidences of the existence of cyber espionage campaigns in the region,” Kamluk said. “As majority of APAC countries are in their infant stage of gearing up their defenses against more sophisticated online threats, we at Kaspersky Lab urge the public and private sectors to work together in fast tracking cyber security laws and measures that will guard their cyberspace. Cyber espionage is borderless. It is no longer a question of possibility, it is now a question of when and how the worst attack will be,” he added.
Kamluk also shared simple yet vital recommendations on how to deter APT attacks for organizations which includes training your staff, using decent security software, controlling updates, investigating alerts, and strict whitelisting.
One of the ways Kaspersky Lab combat these attacks is by linking up with industry leaders to help develop cybersecurity solutions across sectors.
Kaspersky Lab recently collaborated with the National University of Singapore (NUS) to create a groundbreaking technology that will efficiently help malware analysts and security response teams understand malware used in cyber attacks and identify attackers as swiftly as possible.
Through the research project entitled “Malware Source Attribution through Multi-Dimensional Code Feature Analysis,” the research process of cybersecurity professionals in tracing APT malware codes and tracking hackers can further be improved through an innovative and practical approach.
APAC banks on target
At the same Cyber Security Weekend Summit, Kaspersky Lab warned about how cyber espionage groups are now pursuing on attacking financial institutions in Asia Pacific particularly in countries of Malaysia, South Korea, Indonesia, China, Bangladesh, Vietnam, and the Philippines.
“This year, we have monitored the tectonic shift in APT actors’ behavior. These groups who are initially data-hungry are now going beyond traditional cyber espionage. They added money-stealing on their attack menu as they hunt for vulnerable banks in the Asia Pacific (APAC) region which they can infect mostly through the rising epidemic,” said Head of Research Center of Russia at Kaspersky Lab’s GReAT Yury Namestnikov.
For this year, Kaspersky Lab has been closely monitoring active APT actors in the region, one of which is the reportedly state-sponsored Lazarus group. Another one is Carbanak which is involved in USD 1 billion bank heists in Russia, Ukraine, Germany, and China in 2014. Carbanak operated by phishing emails and infecting Microsoft Word documents to target vulnerabilities.
To protect enterprises from sophisticated financial threats, the global cybersecurity company suggests the use of a highly sophisticated solution that enables businesses to detect targeted attacks and other malicious actions through careful monitoring of network activity, web, and email like the Kaspersky Anti Targeted Attack Platform and Threat Intelligence services to mitigate massive attacks.