Posted by With the APAC region witnessing rapid digitalisation trends and known geopolitical frictions, cybersecurity experts at Kaspersky predict more phishing, scams, data breaches, and APT attacks in APAC 2024.
The dangers of phishing, scams, data breaches, and geopolitically motivated cyberattacks are seen to continue targeting organisations and individuals from the APAC region, according to Kaspersky.
Asia Pacific’s digital economy continues to grow exponentially and is expected to keep its momentum in the next five years. With digitalisation efforts including the adoption of technologies like digital payments, Super Apps, IoT, smart cities, and now generative Artificial Intelligence (AI), cybersecurity will be key to ensuring the resilience of the region’s overall defences against potentially damaging cyberattacks,” says Vitaly Kamluk, Head of Research Center for Asia Pacific, Global Research and Analysis Team (GreAT) at Kaspersky.
“When it comes to sophisticated Advanced Persistent Threats (APTs), we have seen that cyber espionage remains to be the main objective of Asian groups. We expect this trend to continue in 2024 due to the existing geopolitical tensions in the region,” Kamluk adds.
GReAT researchers at Kaspersky have also specified the key cyber threat predictions in 2024 for the key countries and territories in APAC.
India
Kaspersky revealed that India has been traditionally suffering from several low-skill but high-scale scams and fraud cases. Typical threats include Illegal or fake digital loan apps, income tax refund services, real estate fraud, investment scams, Ponzi schemes online, job fraud and sextortion.
“The rise of technologies and digitalisation of the Indian economy, such as increased use of the sophisticated Unified Payments Interface (UPI), the software from the National Payments Corporation of India, will lead to a wave of related scams. Another opportunity for scammers is the ever-rising popularity of cryptocurrencies, which may lead to a new generation of scam apps,” explains Kamluk.
Also, the growing popularity of micro-loan apps has resulted in new schemes to target users in India through unexpectedly inflated premiums and personal threats. In addition, with India’s move towards smart cities, IoT vulnerabilities pose serious security challenges for India.
South East Asia (Singapore, Philippines, Thailand, Vietnam, Malaysia, Indonesia)
The scale of scams in Southeast Asia
According to a UN report, hundreds of thousands of people from South East Asia (SEA) were recruited to join online scam operations such as romance investment scams, crypto fraud, money laundering and illegal gambling. Recruitment to these criminal operations is mostly done via advertised professional roles such as programmers, marketers or human resource specialists, through what appear to be legitimate and even elaborate procedures.
Increased usage and trust in digital payment methods, lack of regulations protecting the rights of users online and large numbers of people forced into joining online scam operations add complexity to this major issue in SEA and in resolving it.
“Law Enforcement is working on many of those cases, involving scam and phishing attacks and we have seen successful operations in 2023, such as a joint operation of Australian Federal Police (AFP), and United States Federal Bureau of Investigation (FBI) and Malaysian Police which led to arrest of 8 individuals behind a syndicate running a phishing-as-a-service campaign online,” says Kamluk.
“Nevertheless, we think that the scale of online scam and phishing attacks in Southeast Asia will only continue growing in the coming years due to technical and legal illiteracy of many people involved in such attacks from operators to victims,” he adds.
Singapore
Major technology safety and security highlights in Singapore in 2023 were related to data breaches and outages.
Financial service outages
In October 2023, DBS, one of the largest Singapore banks, experienced an operational failure due to data centre outage, which resulted in 2.5 million failed transactions. Although the reason for failure was not to be associated with a cyberattack at the time, given a prior history of outages, it will have implications on the bank’s strategies and priorities among which shall be increased reliability and safety of the services.
As reported by the media, Citibank operations were also affected. While we embrace attention to improving the reliability and security of the infrastructure, it’s still a time of changes, which always opens a window of opportunities for attackers.
DDoS attacks
Another highlight was related to web service outages of several public hospitals and polyclinics due to a distributed denial-of-service (DDoS) attack: the attackers flooded servers with internet traffic to prevent users from accessing online services.
The disruption did not result in a compromise of data or internal networks according to publicly known information. This incident tells us that while the websites demonstrated resilience against potential compromises, they were unfortunately unprepared for a DDoS attack.
Website defacements
Several Singapore websites suffered from politically motivated defacement attacks in late 2023, according to Kaspersky. Those attacks affected a historical temple website, a retirement info website, a tourism agency and other businesses located in Singapore.
“The bottom line is that the trend for future attacks in Singapore will likely be related to denial of service attacks, politically motivated compromises, defacements, and data leaks. Targeted ransomware threat is still real too, but will adopt the newest trend of pressuring the victim through regulator complaints,” explains Kamluk.