Kaspersky releases five key cybersecurity trends to watch out in the Asia Pacific with 2019 threat review
The opening of a new year and a new decade will witness an increase in mobile malware and cybercriminals groups exploiting mobile devices and known threat groups using new attack methods and tools. These and more are the key predictions of Kaspersky for the Asia Pacific (APAC) region.
Derived from the observations and findings collated by the global cybersecurity company’s Global Research and Analysis Team (GReAT) last year combined with industry and technology trends, the predictions aim to provide guidance and insights for the cybersecurity industry and relevant stakeholders in APAC.
More mobile threats
As the number of users moving to mobile platforms from regular PCs is still growing in the region, the number of threat actors going into this space follows.
A number of different Android and iOS zero-days were reported in 2019, like the watering hole spyware discovered on iOS which can get hold of confidential data like iMessage photos and GPS location.
The interest in compromising mobile platforms with persistence is ever-growing, which is why Kaspersky expects to see more threats when mobile exploits become a commodity and the price for it goes down.
“Mobile users in the Asia Pacific remain vulnerable to social-engineering which is up to this time one of the most common attack vectors. Common users are often tricked by online scams, automated dialers, sextortion attempts, and free online services offering free streaming video, which often come with hidden in-browser cryptocurrency miner,” says Vitaly Kamluk, Director for Global Research and Analysis Team (GReAT) Asia Pacific at Kaspersky.
New techniques and new platforms from known threat actors
In 2019, Kaspersky researchers have seen Advanced Persistent Threats (APT) actors active in this region taking on new techniques and approaches such as using steganography by Ocean Lotus or Developing malware in Nim programming language by Zebrocy or using malicious LNK files by HoneyMyte.
Researchers have also seen Ocean Lotus with their new iOS malware in 2019. This threat actor has been actively adopting new techniques, which are aimed to complicate malware analysis.
Supply chain attacks remain one of the largest threats
Last year, researchers from Kaspersky have also discovered and announced a breach of several software supply chain companies in Asia. Threat actor known as ShadowPad/ShadowHammer is believed to be responsible for this sort of attacks.
It is also worth noting that a survey conducted by Kaspersky showed that successful supply chain attacks can cost as much as $2.57m on average.
Given that this group has been active in the past several years doing similar attacks on a lower scale, we expect this actor to continue, and also other groups to move into this segment. Kaspersky expects to see more reports of software supply chain companies being compromised.
Olympic Games in Japan
It has almost become a tradition to run politically motivated attacks during the Olympic Games. With high political tension in many regions of the world, we shall expect one or even several independent attacks to happen during the upcoming Olympic Games in Tokyo.
“With its developed countries at the forefront of 5G technology and Industry 4.0 and its emerging economies with hyper-online and highly mobile and young population, Asia Pacific is definitely at the centre of the new technologies and trends that will define the new decade. These truths combined with the geopolitical structure of the region will definitely shape its landscape in the region. Organisations and individuals can use our predictions to guide them better in their decision-making especially when it comes to boosting their cybersecurity habits and culture,” comments Stephan Neumeier, Managing Director for Asia Pacific at Kaspersky.
APAC 2019 in review
Top threats on Windows and PC
The top APT actors that were active in the region last year were as follows:
- Platinum APT with a new implant called Titanium with targets including Indonesia, Malaysia and Vietnam.
- HoneyMyte with their malicious Lnk samples, PlugX, powershell and .Net malwares targeting Vietnamese and Myanmar entities among other victims.
- FunnyDream with ongoing espionage attacks targeting Taiwan, Malaysia, the Philippines, Thailand and Vietnam.
- Cycledek’s increased activities targeting government entities in Vietnam, Laos and Thailand with one additional victim in the Philippines.
- Leviathan has been constantly improving their payloads and targeting individuals and entities associated with certain Southeast Asian governments
- Ocean Lotus immensely targeting Vietnamese entities in different attacks.
- Zebrocy with their new Nimcy backdoor written in Nimrod/Nim programming language targeting victims from Thailand and Malaysia among others.
- APT10’s new techniques deployed in the latest version of ANEL malware focusing on Japanese victims and also targeting Japanese associations/organizations located in Vietnam and Malaysia.
- Kimsuky continuously targeted political organizations, North Korean defectors and journalists. This threat actor also started targeting cryptocurrency businesses, in 2019.
- Lazarus also aggressively targeted cryptocurrency companies and a mobile application development company in South Korea.
Top threats on mobile devices
Countries in the region were also extensively affected by mobile threats in 2019 such as:
- PhantomLance, long term espionage campaign with Android implants deployed in different marketplaces including Google Play.
- Remote Control System (RCS) from Hacking Team was also detected on different victims,
- FinSpy’s Android and iOS implant were also targeting countries in the APAC region in the past year.
- Android version of Konni malware (previously targeted human rights organization or the entities related to Korea affairs) targets individual users of cryptocurrency trading in 2019.
Top targeted industries
“Our investigations of APT attacks targeting the APAC region show the main attack motivation being geopolitical cyberespionage. Inevitably the main victims are mostly government organisations, diplomatic entities, political parties. In 2019 we witnessed a vast number of exploits for mobile platforms which were leveraged to target both individuals and whole ethnic groups. The interest to compromise mobile devices is ever-growing in the region,” adds Kamluk.
The predictions have been developed based on Kaspersky threat intelligence services from around the world. The full list of Kaspersky Threat Predictions for 2020 is available on Securelist.com
This list of predictions is a part of Kaspersky Security Bulletin (KSB) - annual series predictions and analytical articles on key changes in the world of cybersecurity. Follow this link to look at other KSB pieces.
About Kaspersky
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
