Businesses and governments in Southeast Asia are increasingly likely to be a target for cyber criminals, according to a report from security supplier FireEye and Singapore-headquartered telco Singtel.
Across the region, 29% of organisations observed were targeted by advanced cyber attacks in the first half of 2015.
Thailand and the Philippines were hardest hit among the Association of Southeast Asian Nations (Asean), with 40% and 39% of observed organisations exposed to these attacks, respectively.
The report found entertainment, media and hospitality industries were most targeted, followed by the government sector. In the first half of the year, it stated, organisations in the region faced a 45% higher risk of facing a targeted cyber attack than the global average, whereas in the prior six-month period they faced only a 7% higher risk.
More than a third of malware detections associated with advanced persistent threat (APT) groups originated in the entertainment, media and hospitality industries.
Cathy Huang, research manager at IDC, said the report is interesting because it is focused on the Asean region. “Not many security reports in the market have this specific focus in Southeast Asia,” she said. “In this edition, it has been highlighted that the entertainment/media/hospitality industry vertical is the number one vertical in Southeast Asia by percentage share of APT and target malware. This is pretty new. Usually, the government or telco or financial services verticals are the top victims.”
But Huang said Southeast Asia businesses and governments were no more likely to be targeted with cyber attacks than other Asia-Pacific markets on the global level.
“Cyber attacks are usually driven by political or financial motives these days. It can be closely tied to certain major events, such as elections, big conferences and sports in that country,” she added.
Hotspot for cyber espionage
FireEye observed at least 13 APT groups targeting national government organisations and at least four APT groups targeting regional or state governments around the world.
“Espionage isn’t new, but it is increasingly conducted online, and Southeast Asia is a hotspot,” said Eric Hoh, president for Asia-Pacific and Japan at FireEye. “Geopolitics can drive cyber attacks. As Southeast Asia becomes a larger economic player on the world stage and tensions flare in the South China Sea, organisations should be prepared for targeted attacks.”
In April 2015, FireEye released a report documenting an advanced persistent threat group referred to as APT 30 which conducted a cyber espionage operation against businesses, governments and journalists in Southeast Asia for 10 years. This group’s malware, called Lecna, comprised 7% of all detections at FireEye customers in Southeast Asia in the first half of 2015.
FireEye said it has been tracking ongoing activity associated with a unique and relatively stealthy group it first identified in 2013 as APT.NineBlog. One of the probable targets of the group’s 2015 campaign is a Southeast Asian government. The group’s malware uses encrypted SSL communications to evade detection. In addition, the malware attempts to detect the presence of applications used to analyse malware and quits if any is detected.
APT, a rising concern for Asean
“The APT is not new, but it is worth highlighting that it is becoming an increasing concern for Asean countries,” said Kathy Zhou, research associate, ICT – networking, information and cyber security, at Frost & Sullivan in Asia-Pacific. “Regional based hacking groups such as APT 30 and Hellsing are becoming more active in using APT to launch attacks at government, diplomatic groups and media organisations in Asean countries. One main reason for them to do so would be to gain access to confidential data.”
The extensive coverage of APT attacks and the consequences of data breaches have raised the alarm among enterprises or organisations that hold large volumes of sensitive and valuable information or intellectual property.
“Our latest APT report recorded that the market adoption of APT solutions in Asean increased tremendously in 2014, with a 177.5% year-on-year growth rate. The overall Asean market was estimated at USD$21.9m, compared with USD$7.9m 2013,” said Zhou.
According to Zhou, enterprises in Singapore, Malaysia and Thailand were the largest adopters of APT during 2014 due to the greater awareness of the advanced threat landscape. Adoption in Indonesia, the Philippines and Vietnam remained low, however, as most enterprises still took the reactive approach towards APT-type threats and the preference for legacy security solutions remained high.